Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2024-50251 (GCVE-0-2024-50251)
Vulnerability from cvelistv5 – Published: 2024-11-09 10:14 – Updated: 2025-11-03 22:27
VLAI?
EPSS
Summary
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nft_payload: sanitize offset and length before calling skb_checksum()
If access to offset + length is larger than the skbuff length, then
skb_checksum() triggers BUG_ON().
skb_checksum() internally subtracts the length parameter while iterating
over skbuff, BUG_ON(len) at the end of it checks that the expected
length to be included in the checksum calculation is fully consumed.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
7ec3f7b47b8d9ad7ba425726f2c58f9ddce040df , < a661ed364ae6ae88c2fafa9ddc27df1af2a73701
(git)
Affected: 7ec3f7b47b8d9ad7ba425726f2c58f9ddce040df , < ac7df3fc80fc82bcc3b1e8f6ebc0d2c435d0c534 (git) Affected: 7ec3f7b47b8d9ad7ba425726f2c58f9ddce040df , < e3e608cbad376674d19a71ccd0d41804d9393f02 (git) Affected: 7ec3f7b47b8d9ad7ba425726f2c58f9ddce040df , < b1d2de8a669fa14c499a385e056944d5352b3b40 (git) Affected: 7ec3f7b47b8d9ad7ba425726f2c58f9ddce040df , < d3217323525f7596427124359e76ea0d8fcc9874 (git) Affected: 7ec3f7b47b8d9ad7ba425726f2c58f9ddce040df , < 0ab3be58b45b996764aba0187b46de19b3e58a72 (git) Affected: 7ec3f7b47b8d9ad7ba425726f2c58f9ddce040df , < c43e0ea848e7b9bef7a682cbc5608022d6d29d7b (git) Affected: 7ec3f7b47b8d9ad7ba425726f2c58f9ddce040df , < d5953d680f7e96208c29ce4139a0e38de87a57fe (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:27:31.759Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://github.com/slavin-ayu/CVE-2024-50251-PoC"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/netfilter/nft_payload.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "a661ed364ae6ae88c2fafa9ddc27df1af2a73701",
"status": "affected",
"version": "7ec3f7b47b8d9ad7ba425726f2c58f9ddce040df",
"versionType": "git"
},
{
"lessThan": "ac7df3fc80fc82bcc3b1e8f6ebc0d2c435d0c534",
"status": "affected",
"version": "7ec3f7b47b8d9ad7ba425726f2c58f9ddce040df",
"versionType": "git"
},
{
"lessThan": "e3e608cbad376674d19a71ccd0d41804d9393f02",
"status": "affected",
"version": "7ec3f7b47b8d9ad7ba425726f2c58f9ddce040df",
"versionType": "git"
},
{
"lessThan": "b1d2de8a669fa14c499a385e056944d5352b3b40",
"status": "affected",
"version": "7ec3f7b47b8d9ad7ba425726f2c58f9ddce040df",
"versionType": "git"
},
{
"lessThan": "d3217323525f7596427124359e76ea0d8fcc9874",
"status": "affected",
"version": "7ec3f7b47b8d9ad7ba425726f2c58f9ddce040df",
"versionType": "git"
},
{
"lessThan": "0ab3be58b45b996764aba0187b46de19b3e58a72",
"status": "affected",
"version": "7ec3f7b47b8d9ad7ba425726f2c58f9ddce040df",
"versionType": "git"
},
{
"lessThan": "c43e0ea848e7b9bef7a682cbc5608022d6d29d7b",
"status": "affected",
"version": "7ec3f7b47b8d9ad7ba425726f2c58f9ddce040df",
"versionType": "git"
},
{
"lessThan": "d5953d680f7e96208c29ce4139a0e38de87a57fe",
"status": "affected",
"version": "7ec3f7b47b8d9ad7ba425726f2c58f9ddce040df",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/netfilter/nft_payload.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.5"
},
{
"lessThan": "4.5",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.323",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.285",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.229",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.171",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.116",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.60",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.323",
"versionStartIncluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.285",
"versionStartIncluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.229",
"versionStartIncluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.171",
"versionStartIncluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.116",
"versionStartIncluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.60",
"versionStartIncluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.7",
"versionStartIncluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "4.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_payload: sanitize offset and length before calling skb_checksum()\n\nIf access to offset + length is larger than the skbuff length, then\nskb_checksum() triggers BUG_ON().\n\nskb_checksum() internally subtracts the length parameter while iterating\nover skbuff, BUG_ON(len) at the end of it checks that the expected\nlength to be included in the checksum calculation is fully consumed."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:49:54.874Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/a661ed364ae6ae88c2fafa9ddc27df1af2a73701"
},
{
"url": "https://git.kernel.org/stable/c/ac7df3fc80fc82bcc3b1e8f6ebc0d2c435d0c534"
},
{
"url": "https://git.kernel.org/stable/c/e3e608cbad376674d19a71ccd0d41804d9393f02"
},
{
"url": "https://git.kernel.org/stable/c/b1d2de8a669fa14c499a385e056944d5352b3b40"
},
{
"url": "https://git.kernel.org/stable/c/d3217323525f7596427124359e76ea0d8fcc9874"
},
{
"url": "https://git.kernel.org/stable/c/0ab3be58b45b996764aba0187b46de19b3e58a72"
},
{
"url": "https://git.kernel.org/stable/c/c43e0ea848e7b9bef7a682cbc5608022d6d29d7b"
},
{
"url": "https://git.kernel.org/stable/c/d5953d680f7e96208c29ce4139a0e38de87a57fe"
}
],
"title": "netfilter: nft_payload: sanitize offset and length before calling skb_checksum()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-50251",
"datePublished": "2024-11-09T10:14:59.820Z",
"dateReserved": "2024-10-21T19:36:19.979Z",
"dateUpdated": "2025-11-03T22:27:31.759Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"4.5\", \"versionEndExcluding\": \"4.19.323\", \"matchCriteriaId\": \"99F0DDA4-B17B-486B-8A02-6CBF8ECB814D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"4.20\", \"versionEndExcluding\": \"5.4.285\", \"matchCriteriaId\": \"B5A89369-320F-47FC-8695-56F61F87E4C0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.5\", \"versionEndExcluding\": \"5.10.229\", \"matchCriteriaId\": \"1A03CABE-9B43-4E7F-951F-10DEEADAA426\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.11\", \"versionEndExcluding\": \"5.15.171\", \"matchCriteriaId\": \"2BE18665-48ED-417A-90AA-41F3AC0B4E9A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.16\", \"versionEndExcluding\": \"6.1.116\", \"matchCriteriaId\": \"43EFDC15-E4D4-4F1E-B70D-62F0854BFDF3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"6.2\", \"versionEndExcluding\": \"6.6.60\", \"matchCriteriaId\": \"75088E5E-2400-4D20-915F-7A65C55D9CCD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"6.7\", \"versionEndExcluding\": \"6.11.7\", \"matchCriteriaId\": \"E96F53A4-5E87-4A70-BD9A-BC327828D57F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"7F361E1D-580F-4A2D-A509-7615F73167A1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*\", \"matchCriteriaId\": \"925478D0-3E3D-4E6F-ACD5-09F28D5DF82C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*\", \"matchCriteriaId\": \"3C95E234-D335-4B6C-96BF-E2CEBD8654ED\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:6.12:rc4:*:*:*:*:*:*\", \"matchCriteriaId\": \"E0F717D8-3014-4F84-8086-0124B2111379\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:6.12:rc5:*:*:*:*:*:*\", \"matchCriteriaId\": \"24DBE6C7-2AAE-4818-AED2-E131F153D2FA\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"In the Linux kernel, the following vulnerability has been resolved:\\n\\nnetfilter: nft_payload: sanitize offset and length before calling skb_checksum()\\n\\nIf access to offset + length is larger than the skbuff length, then\\nskb_checksum() triggers BUG_ON().\\n\\nskb_checksum() internally subtracts the length parameter while iterating\\nover skbuff, BUG_ON(len) at the end of it checks that the expected\\nlength to be included in the checksum calculation is fully consumed.\"}, {\"lang\": \"es\", \"value\": \"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: netfilter: nft_payload: desinfecta el desplazamiento y la longitud antes de llamar a skb_checksum() Si el acceso a desplazamiento + longitud es mayor que la longitud de skbuff, entonces skb_checksum() activa BUG_ON(). skb_checksum() resta internamente el par\\u00e1metro de longitud mientras itera sobre skbuff, BUG_ON(len) al final verifica que la longitud esperada que se incluir\\u00e1 en el c\\u00e1lculo de la suma de comprobaci\\u00f3n se haya consumido por completo.\"}]",
"id": "CVE-2024-50251",
"lastModified": "2024-11-21T09:44:24.423",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 6.2, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.5, \"impactScore\": 3.6}]}",
"published": "2024-11-09T11:15:10.900",
"references": "[{\"url\": \"https://git.kernel.org/stable/c/0ab3be58b45b996764aba0187b46de19b3e58a72\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/a661ed364ae6ae88c2fafa9ddc27df1af2a73701\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/ac7df3fc80fc82bcc3b1e8f6ebc0d2c435d0c534\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/b1d2de8a669fa14c499a385e056944d5352b3b40\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/c43e0ea848e7b9bef7a682cbc5608022d6d29d7b\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/d3217323525f7596427124359e76ea0d8fcc9874\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/d5953d680f7e96208c29ce4139a0e38de87a57fe\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/e3e608cbad376674d19a71ccd0d41804d9393f02\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/slavin-ayu/CVE-2024-50251-PoC\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-50251\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-11-09T11:15:10.900\",\"lastModified\":\"2025-11-03T23:17:06.490\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nnetfilter: nft_payload: sanitize offset and length before calling skb_checksum()\\n\\nIf access to offset + length is larger than the skbuff length, then\\nskb_checksum() triggers BUG_ON().\\n\\nskb_checksum() internally subtracts the length parameter while iterating\\nover skbuff, BUG_ON(len) at the end of it checks that the expected\\nlength to be included in the checksum calculation is fully consumed.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: netfilter: nft_payload: desinfecta el desplazamiento y la longitud antes de llamar a skb_checksum() Si el acceso a desplazamiento + longitud es mayor que la longitud de skbuff, entonces skb_checksum() activa BUG_ON(). skb_checksum() resta internamente el par\u00e1metro de longitud mientras itera sobre skbuff, BUG_ON(len) al final verifica que la longitud esperada que se incluir\u00e1 en el c\u00e1lculo de la suma de comprobaci\u00f3n se haya consumido por completo.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":6.2,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.5,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.5\",\"versionEndExcluding\":\"4.19.323\",\"matchCriteriaId\":\"99F0DDA4-B17B-486B-8A02-6CBF8ECB814D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.20\",\"versionEndExcluding\":\"5.4.285\",\"matchCriteriaId\":\"B5A89369-320F-47FC-8695-56F61F87E4C0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.5\",\"versionEndExcluding\":\"5.10.229\",\"matchCriteriaId\":\"1A03CABE-9B43-4E7F-951F-10DEEADAA426\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.11\",\"versionEndExcluding\":\"5.15.171\",\"matchCriteriaId\":\"2BE18665-48ED-417A-90AA-41F3AC0B4E9A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.16\",\"versionEndExcluding\":\"6.1.116\",\"matchCriteriaId\":\"43EFDC15-E4D4-4F1E-B70D-62F0854BFDF3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.2\",\"versionEndExcluding\":\"6.6.60\",\"matchCriteriaId\":\"75088E5E-2400-4D20-915F-7A65C55D9CCD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.7\",\"versionEndExcluding\":\"6.11.7\",\"matchCriteriaId\":\"E96F53A4-5E87-4A70-BD9A-BC327828D57F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F361E1D-580F-4A2D-A509-7615F73167A1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"925478D0-3E3D-4E6F-ACD5-09F28D5DF82C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C95E234-D335-4B6C-96BF-E2CEBD8654ED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.12:rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"E0F717D8-3014-4F84-8086-0124B2111379\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.12:rc5:*:*:*:*:*:*\",\"matchCriteriaId\":\"24DBE6C7-2AAE-4818-AED2-E131F153D2FA\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/0ab3be58b45b996764aba0187b46de19b3e58a72\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/a661ed364ae6ae88c2fafa9ddc27df1af2a73701\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/ac7df3fc80fc82bcc3b1e8f6ebc0d2c435d0c534\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/b1d2de8a669fa14c499a385e056944d5352b3b40\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/c43e0ea848e7b9bef7a682cbc5608022d6d29d7b\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/d3217323525f7596427124359e76ea0d8fcc9874\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/d5953d680f7e96208c29ce4139a0e38de87a57fe\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/e3e608cbad376674d19a71ccd0d41804d9393f02\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/slavin-ayu/CVE-2024-50251-PoC\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
SSA-265688
Vulnerability from csaf_siemens - Published: 2024-04-09 00:00 - Updated: 2025-10-14 00:00Summary
SSA-265688: Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 TM MFP V1.1
Notes
Summary
Multiple vulnerabilities have been identified in the additional GNU/Linux subsystem of the SIMATIC S7-1500 TM MFP V1.1.
Siemens is preparing fix versions and recommends specific countermeasures for products where fixes are not, or not yet available.
General Recommendations
As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.
Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity
Additional Resources
For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Terms of Use
The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited. (TLPv2: TLP:CLEAR)",
"tlp": {
"label": "WHITE"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Multiple vulnerabilities have been identified in the additional GNU/Linux subsystem of the SIMATIC S7-1500 TM MFP V1.1.\n\nSiemens is preparing fix versions and recommends specific countermeasures for products where fixes are not, or not yet available.",
"title": "Summary"
},
{
"category": "general",
"text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
"title": "General Recommendations"
},
{
"category": "general",
"text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "productcert@siemens.com",
"name": "Siemens ProductCERT",
"namespace": "https://www.siemens.com"
},
"references": [
{
"category": "self",
"summary": "SSA-265688: Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 TM MFP V1.1 - HTML Version",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
},
{
"category": "self",
"summary": "SSA-265688: Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 TM MFP V1.1 - CSAF Version",
"url": "https://cert-portal.siemens.com/productcert/csaf/ssa-265688.json"
}
],
"title": "SSA-265688: Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 TM MFP V1.1",
"tracking": {
"current_release_date": "2025-10-14T00:00:00Z",
"generator": {
"engine": {
"name": "Siemens ProductCERT CSAF Generator",
"version": "1"
}
},
"id": "SSA-265688",
"initial_release_date": "2024-04-09T00:00:00Z",
"revision_history": [
{
"date": "2024-04-09T00:00:00Z",
"legacy_version": "1.0",
"number": "1",
"summary": "Publication Date"
},
{
"date": "2024-05-14T00:00:00Z",
"legacy_version": "1.1",
"number": "2",
"summary": "Added CVE-2024-2511"
},
{
"date": "2024-07-09T00:00:00Z",
"legacy_version": "1.2",
"number": "3",
"summary": "Added CVE-2024-5535"
},
{
"date": "2024-11-12T00:00:00Z",
"legacy_version": "1.3",
"number": "4",
"summary": "Added CVE-2024-9143"
},
{
"date": "2025-03-11T00:00:00Z",
"legacy_version": "1.4",
"number": "5",
"summary": "Added CVE-2024-36484, CVE-2024-36902, CVE-2024-36904, CVE-2024-36905, CVE-2024-36916, CVE-2024-36929, CVE-2024-36939, CVE-2024-36940, CVE-2024-36959, CVE-2024-44987, CVE-2024-44989, CVE-2024-44990, CVE-2024-45016, CVE-2024-45018, CVE-2024-46679, CVE-2024-46743, CVE-2024-46744, CVE-2024-46745, CVE-2024-46750, CVE-2024-46759, CVE-2024-46783, CVE-2024-47660, CVE-2024-50299, CVE-2024-50301, CVE-2024-53101"
},
{
"date": "2025-04-08T00:00:00Z",
"legacy_version": "1.5",
"number": "6",
"summary": "Added CVE-2024-50302 (incl. product-specific impact description) and multiple other CVEs"
},
{
"date": "2025-06-10T00:00:00Z",
"legacy_version": "1.6",
"number": "7",
"summary": "Added 63 CVEs"
},
{
"date": "2025-07-08T00:00:00Z",
"legacy_version": "1.7",
"number": "8",
"summary": "Added 71 CVEs"
},
{
"date": "2025-08-12T00:00:00Z",
"legacy_version": "1.8",
"number": "9",
"summary": "Added 147 CVEs"
},
{
"date": "2025-09-09T00:00:00Z",
"legacy_version": "1.9",
"number": "10",
"summary": "Added 51 CVEs"
},
{
"date": "2025-10-14T00:00:00Z",
"legacy_version": "2.0",
"number": "11",
"summary": "Added CVE-2025-9230, CVE-2023-50781, CVE-2023-6129, CVE-2023-6237, CVE-2024-0727"
}
],
"status": "interim",
"version": "11"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIMATIC S7-1500 TM MFP - GNU/Linux subsystem",
"product_id": "1"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 TM MFP - GNU/Linux subsystem"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-4090",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "An out-of-bounds (OOB) memory write flaw was found in the NFSD in the Linux kernel. Missing sanity may lead to a write beyond bmval[bmlen-1] in nfsd4_decode_bitmap4 in fs/nfsd/nfs4xdr.c. In this flaw, a local attacker with user privilege may gain access to out-of-bounds memory, leading to a system integrity and confidentiality threat.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2021-4090"
},
{
"cve": "CVE-2021-38202",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "fs/nfsd/trace.h in the Linux kernel before 5.13.4 might allow remote attackers to cause a denial of service (out-of-bounds read in strlen) by sending NFS traffic when the trace event framework is being used for nfsd.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2021-38202"
},
{
"cve": "CVE-2021-47002",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "SUNRPC: null pointer dereference in svc_rqst_free(). When alloc_pages_node() returns null in svc_rqst_alloc(), the null rq_scratch_page pointer will be dereferenced when calling put_page() in svc_rqst_free().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2021-47002"
},
{
"cve": "CVE-2021-47107",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"notes": [
{
"category": "summary",
"text": "NFSD: READDIR buffer overflow. If a client sends a READDIR count argument that is too small (say, zero), then the buffer size calculation in the new init_dirlist helper functions results in an underflow, allowing the XDR stream functions to write beyond the actual buffer. This calculation has always been suspect. NFSD has never sanity- checked the READDIR count argument, but the old entry encoders managed the problem correctly. With the commits below, entry encoding changed, exposing the underflow to the pointer arithmetic in xdr_reserve_space(). Modern NFS clients attempt to retrieve as much data as possible for each READDIR request.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2021-47107"
},
{
"cve": "CVE-2021-47316",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "nfsd: NULL dereference in nfs3svc_encode_getaclres.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2021-47316"
},
{
"cve": "CVE-2022-38096",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "A NULL pointer dereference vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in GPU component of Linux kernel with device file \u0027/dev/dri/renderD128 (or Dxxx)\u0027. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2022-38096"
},
{
"cve": "CVE-2022-43945",
"cwe": {
"id": "CWE-131",
"name": "Incorrect Calculation of Buffer Size"
},
"notes": [
{
"category": "summary",
"text": "The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send buffers of a remote procedure call (RPC) into a single array of pages. A client can force the send buffer to shrink by sending an RPC message over TCP with garbage data added at the end of the message. The RPC message with garbage data is still correctly formed according to the specification and is passed forward to handlers. Vulnerable code in NFSD is not expecting the oversized request and writes beyond the allocated buffer space.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2022-43945"
},
{
"cve": "CVE-2022-48827",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "NFSD: vulnerability caused by loff_t overflow on the server when a client reads near the maximum offset, causing the server to return an EINVAL error, which the client retries indefinitely, instead of handling out-of-range READ requests by returning a short result with an EOF flag.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2022-48827"
},
{
"cve": "CVE-2022-48828",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "NFSD: Vulnerability caused by an underflow in ia_size due to a mismatch between signed and unsigned 64-bit file size values, which can cause issues when handling large file sizes from NFS clients.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2022-48828"
},
{
"cve": "CVE-2022-48829",
"cwe": {
"id": "CWE-253",
"name": "Incorrect Check of Function Return Value"
},
"notes": [
{
"category": "summary",
"text": "NFSD: Vulnerability handling large file sizes for NFSv3 improperly capping client size values larger than s64_max, leading to unexpected behavior and potential data corruption.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2022-48829"
},
{
"cve": "CVE-2023-1652",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "A use-after-free flaw was found in nfsd4_ssc_setup_dul in fs/nfsd/nfs4proc.c in the NFS filesystem in the Linux Kernel. This issue could allow a local attacker to crash the system or it may lead to a kernel information leak problem.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2023-1652"
},
{
"cve": "CVE-2023-5678",
"cwe": {
"id": "CWE-606",
"name": "Unchecked Input for Loop Condition"
},
"notes": [
{
"category": "summary",
"text": "Issue summary: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_generate_key() to generate an X9.42 DH key may experience long delays. Likewise, applications that use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check() to check an X9.42 DH key or X9.42 DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. While DH_check() performs all the necessary checks (as of CVE-2023-3817), DH_check_pub_key() doesn\u0027t make any of these checks, and is therefore vulnerable for excessively large P and Q parameters. Likewise, while DH_generate_key() performs a check for an excessively large P, it doesn\u0027t check for an excessively large Q. An application that calls DH_generate_key() or DH_check_pub_key() and supplies a key or parameters obtained from an untrusted source could be vulnerable to a Denial of Service attack. DH_generate_key() and DH_check_pub_key() are also called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate(). Also vulnerable are the OpenSSL pkey command line application when using the \"-pubcheck\" option, as well as the OpenSSL genpkey command line application. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2023-5678"
},
{
"cve": "CVE-2023-6121",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "An out-of-bounds read vulnerability was found in the NVMe-oF/TCP subsystem in the Linux kernel. This issue may allow a remote attacker to send a crafted TCP packet, triggering a heap-based buffer overflow that results in kmalloc data being printed and potentially leaked to the kernel ring buffer (dmesg).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2023-6121"
},
{
"cve": "CVE-2023-6129",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "The POLY1305 MAC (message authentication code) implementation contains a bug that might corrupt the internal state of applications running on PowerPC CPU based platforms if the CPU provides vector instructions.\r\n\r\nIf an attacker can influence whether the POLY1305 MAC algorithm is used, the application state might be corrupted with various application dependent consequences.\r\n\r\nThe POLY1305 MAC (message authentication code) implementation in OpenSSL for PowerPC CPUs restores the contents of vector registers in a different order than they are saved. Thus the contents of some of these vector registers are corrupted when returning to the caller. The vulnerable code is used only on newer PowerPC processors supporting the PowerISA 2.07 instructions.\r\n\r\nThe consequences of this kind of internal application state corruption can be various - from no consequences, if the calling application does not depend on the contents of non-volatile XMM registers at all, to the worst consequences, where the attacker could get complete control of the application process. However unless the compiler uses the vector registers for storing pointers, the most likely consequence, if any, would be an incorrect result of some application dependent calculations or a crash leading to a denial of service.\r\n\r\nThe POLY1305 MAC algorithm is most frequently used as part of the CHACHA20-POLY1305 AEAD (authenticated encryption with associated data) algorithm. The most common usage of this AEAD cipher is with TLS protocol versions 1.2 and 1.3. If this cipher is enabled on the server a malicious client can influence whether this AEAD cipher is used. This implies that TLS server applications using OpenSSL can be potentially impacted. However\r\nwe are currently not aware of any concrete application that would be affected by this issue therefore we consider this a Low severity security issue.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2023-6129"
},
{
"cve": "CVE-2023-6237",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "summary",
"text": "Checking excessively long invalid RSA public keys may take a long time. Applications that use the function EVP_PKEY_public_check() to check RSA public keys may experience long delays. Where the key that is being checked has been obtained from an untrusted source this may lead to a Denial of Service. When function EVP_PKEY_public_check() is called on RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is an overly large prime, then this computation would take a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA key obtained from an untrusted source could be vulnerable to a Denial of Service attack. The function EVP_PKEY_public_check() is not called from other OpenSSL functions however it is called from the OpenSSL pkey command line application. For that reason that application is also vulnerable if used with the \u0027-pubin\u0027 and \u0027-check\u0027 options on untrusted data. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2023-6237"
},
{
"cve": "CVE-2023-6817",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "A use-after-free vulnerability in the Linux kernel\u0027s netfilter: nf_tables component can be exploited to achieve local privilege escalation.\n\nThe function nft_pipapo_walk did not skip inactive elements during set walk which could lead double deactivations of PIPAPO (Pile Packet Policies) elements, leading to use-after-free.\n\nWe recommend upgrading past commit 317eb9685095678f2c9f5a8189de698c5354316a.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2023-6817"
},
{
"cve": "CVE-2023-6931",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "A heap out-of-bounds write vulnerability in the Linux kernel\u0027s Performance Events system component can be exploited to achieve local privilege escalation.\n\nA perf_event\u0027s read_size can overflow, leading to an heap out-of-bounds increment or write in perf_read_group().\n\nWe recommend upgrading past commit 382c27f4ed28f803b1f1473ac2d8db0afc795a1b.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2023-6931"
},
{
"cve": "CVE-2023-6932",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "A use-after-free vulnerability in the Linux kernel\u0027s ipv4: igmp component can be exploited to achieve local privilege escalation.\n\nA race condition can be exploited to cause a timer be mistakenly registered on a RCU read locked object which is freed by another thread.\n\nWe recommend upgrading past commit e2b706c691905fe78468c361aaabc719d0a496f1.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2023-6932"
},
{
"cve": "CVE-2023-28746",
"cwe": {
"id": "CWE-1342",
"name": "Information Exposure through Microarchitectural State after Transient Execution"
},
"notes": [
{
"category": "summary",
"text": "Information exposure through microarchitectural state after transient execution from some register files for some Intel(R) Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2023-28746"
},
{
"cve": "CVE-2023-45898",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "The Linux kernel before 6.5.4 has an es1 use-after-free in fs/ext4/extents_status.c, related to ext4_es_insert_extent.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2023-45898"
},
{
"cve": "CVE-2023-47233",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "The brcm80211 component in the Linux kernel through 6.5.10 has a brcmf_cfg80211_detach use-after-free in the device unplugging (disconnect the USB by hotplug) code. For physically proximate attackers with local access, this \"could be exploited in a real world scenario.\" This is related to brcmf_cfg80211_escan_timeout_worker in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2023-47233"
},
{
"cve": "CVE-2023-50781",
"cwe": {
"id": "CWE-327",
"name": "Use of a Broken or Risky Cryptographic Algorithm"
},
"notes": [
{
"category": "summary",
"text": "A flaw was found in m2crypto. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2023-50781"
},
{
"cve": "CVE-2023-52447",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "bpf: Defer the free of inner map when necessary when updating or deleting an inner map in map array or map htab, the map may still be accessed by non-sleepable program or sleepable program. However bpf_map_fd_put_ptr() decreases the ref-counter of the inner map directly through bpf_map_put(), if the ref-counter is the last one (which is true for most cases), the inner map will be freed by ops-\u003emap_free() in a kworker. But for now, most .map_free() callbacks don\u0027t use synchronize_rcu() or its variants to wait for the elapse of a RCU grace period, so after the invocation of ops-\u003emap_free completes, the bpf program which is accessing the inner map may incur use-after-free vulnerability.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.9,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2023-52447"
},
{
"cve": "CVE-2023-52458",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nblock: add check that partition length needs to be aligned with block size",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2023-52458"
},
{
"cve": "CVE-2023-52614",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nPM / devfreq: Fix buffer overflow in trans_stat_show",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2023-52614"
},
{
"cve": "CVE-2023-52620",
"cwe": {
"id": "CWE-99",
"name": "Improper Control of Resource Identifiers (\u0027Resource Injection\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnetfilter: nf_tables: disallow timeout for anonymous sets\r\n\r\nNever used from userspace, disallow these parameters.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2023-52620"
},
{
"cve": "CVE-2024-0584",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "A use-after-free issue was found in igmp_start_timer in net/ipv4/igmp.c in the network sub-component in the Linux Kernel. This flaw allows a local user to observe a refcnt use-after-free issue when receiving an igmp query packet, leading to a kernel information leak.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-0584"
},
{
"cve": "CVE-2024-0727",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack Impact summary: Applications loading files in the PKCS12 format from untrusted sources might terminate abruptly. A file in PKCS12 format can contain certificates and keys and may come from an untrusted source. The PKCS12 specification allows certain fields to be NULL, but OpenSSL does not correctly check for this case. This can lead to a NULL pointer dereference that results in OpenSSL crashing. If an application processes PKCS12 files from an untrusted source using the OpenSSL APIs then that application will be vulnerable to this issue. OpenSSL APIs that are vulnerable to this are: PKCS12_parse(), PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes() and PKCS12_newpass(). We have also fixed a similar issue in SMIME_write_PKCS7(). However since this function is related to writing data we do not consider it security significant. The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-0727"
},
{
"cve": "CVE-2024-2511",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "summary",
"text": "Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions. An attacker may exploit certain server configurations to trigger unbounded memory growth that would lead to a Denial of Service This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is being used (but not if early_data support is also configured and the default anti-replay protection is in use). In this case, under certain conditions, the session cache can get into an incorrect state and it will fail to flush properly as it fills. The session cache will continue to grow in an unbounded manner. A malicious client could deliberately create the scenario for this failure to force a Denial of Service. It may also happen by accident in normal operation. This issue only affects TLS servers supporting TLSv1.3. It does not affect TLS clients. The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL 1.0.2 is also not affected by this issue.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-2511"
},
{
"cve": "CVE-2024-5535",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "summary",
"text": "Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an empty supported client protocols buffer may cause a crash or memory contents to be sent to the peer. Impact summary: A buffer overread can have a range of potential consequences such as unexpected application beahviour or a crash. In particular this issue could result in up to 255 bytes of arbitrary private data from memory being sent to the peer leading to a loss of confidentiality. However, only applications that directly call the SSL_select_next_proto function with a 0 length list of supported client protocols are affected by this issue. This would normally never be a valid scenario and is typically not under attacker control but may occur by accident in the case of a configuration or programming error in the calling application. The OpenSSL API function SSL_select_next_proto is typically used by TLS applications that support ALPN (Application Layer Protocol Negotiation) or NPN (Next Protocol Negotiation). NPN is older, was never standardised and is deprecated in favour of ALPN. We believe that ALPN is significantly more widely deployed than NPN. The SSL_select_next_proto function accepts a list of protocols from the server and a list of protocols from the client and returns the first protocol that appears in the server list that also appears in the client list. In the case of no overlap between the two lists it returns the first item in the client list. In either case it will signal whether an overlap between the two lists was found. In the case where SSL_select_next_proto is called with a zero length client list it fails to notice this condition and returns the memory immediately following the client list pointer (and reports that there was no overlap in the lists). This function is typically called from a server side application callback for ALPN or a client side application callback for NPN. In the case of ALPN the list of protocols supplied by the client is guaranteed by libssl to never be zero in length. The list of server protocols comes from the application and should never normally be expected to be of zero length. In this case if the SSL_select_next_proto function has been called as expected (with the list supplied by the client passed in the client/client_len parameters), then the application will not be vulnerable to this issue. If the application has accidentally been configured with a zero length server list, and has accidentally passed that zero length server list in the client/client_len parameters, and has additionally failed to correctly handle a \"no overlap\" response (which would normally result in a handshake failure in ALPN) then it will be vulnerable to this problem. In the case of NPN, the protocol permits the client to opportunistically select a protocol when there is no overlap. OpenSSL returns the first client protocol in the no overlap case in support of this. The list of client protocols comes from the application and should never normally be expected to be of zero length. However if the SSL_select_next_proto function is accidentally called with a client_len of 0 then an invalid memory pointer will be returned instead. If the application uses this output as the opportunistic protocol then the loss of confidentiality will occur. This issue has been assessed as Low severity because applications are most likely to be vulnerable if they are using NPN instead of ALPN - but NPN is not widely used. It also requires an application configuration or programming error. Finally, this issue would not typically be under attacker control making active exploitation unlikely. The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue. Due to the low severity of this issue we are not issuing new releases of OpenSSL at this time. The fix will be included in the next releases when they become available.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-5535"
},
{
"cve": "CVE-2024-9143",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "Issue summary: Use of the low-level GF(2m) elliptic curve APIs with untrusted explicit values for the field polynomial can lead to out-of-bounds memory reads or writes. Impact summary: Out of bound memory writes can lead to an application crash or even a possibility of a remote code execution, however, in all the protocols involving Elliptic Curve Cryptography that we\u0027re aware of, either only \"named curves\" are supported, or, if explicit curve parameters are supported, they specify an X9.62 encoding of binary (GF(2m)) curves that can\u0027t represent problematic input values. Thus the likelihood of existence of a vulnerable application is low. In particular, the X9.62 encoding is used for ECC keys in X.509 certificates, so problematic inputs cannot occur in the context of processing X.509 certificates. Any problematic use-cases would have to be using an \"exotic\" curve encoding. The affected APIs include: EC_GROUP_new_curve_GF2m(), EC_GROUP_new_from_params(), and various supporting BN_GF2m_*() functions. Applications working with \"exotic\" explicit binary (GF(2m)) curve parameters, that make it possible to represent invalid field polynomials with a zero constant term, via the above or similar APIs, may terminate abruptly as a result of reading or writing outside of array bounds. Remote code execution cannot easily be ruled out. The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-9143"
},
{
"cve": "CVE-2024-22099",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "NULL Pointer Dereference vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (net, bluetooth modules) allows Overflow Buffers. This vulnerability is associated with program files /net/bluetooth/rfcomm/core.C.\n\nThis issue affects Linux kernel: v2.6.12-rc2.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-22099"
},
{
"cve": "CVE-2024-23307",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "Integer Overflow or Wraparound vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (md, raid, raid5 modules) allows Forced Integer Overflow.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-23307"
},
{
"cve": "CVE-2024-23848",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel through 6.7.1, there is a use-after-free in cec_queue_msg_fh, related to drivers/media/cec/core/cec-adap.c and drivers/media/cec/core/cec-api.c.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-23848"
},
{
"cve": "CVE-2024-24857",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "summary",
"text": "A race condition was found in the Linux kernel\u0027s net/bluetooth device driver in conn_info_{min,max}_age_set() function. This can result in integrity overflow issue, possibly leading to bluetooth connection abnormality or denial of service.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:L",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-24857"
},
{
"cve": "CVE-2024-24858",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "summary",
"text": "A race condition was found in the Linux kernel\u0027s net/bluetooth in {conn,adv}_{min,max}_interval_set() function. This can result in I2cap connection or broadcast abnormality issue, possibly leading to denial of service.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-24858"
},
{
"cve": "CVE-2024-24859",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "summary",
"text": "A race condition was found in the Linux kernel\u0027s net/bluetooth in sniff_{min,max}_interval_set() function. This can result in a bluetooth sniffing exception issue, possibly leading denial of service.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-24859"
},
{
"cve": "CVE-2024-25739",
"cwe": {
"id": "CWE-754",
"name": "Improper Check for Unusual or Exceptional Conditions"
},
"notes": [
{
"category": "summary",
"text": "create_empty_lvol in drivers/mtd/ubi/vtbl.c in the Linux kernel through 6.7.4 can attempt to allocate zero bytes, and crash, because of a missing check for ubi-\u003eleb_size.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-25739"
},
{
"cve": "CVE-2024-26629",
"cwe": {
"id": "CWE-393",
"name": "Return of Wrong Status Code"
},
"notes": [
{
"category": "summary",
"text": "nfsd: The test on so_count in nfsd4_release_lockowner() is potentially harmful. It can transiently return a false positive resulting in a return of NFS4ERR_LOCKS_HELD when in fact no locks are held. This is clearly a protocol violation and with the Linux NFS client it can cause incorrect behaviour.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-26629"
},
{
"cve": "CVE-2024-26642",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnetfilter: nf_tables: disallow anonymous set with timeout flag",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-26642"
},
{
"cve": "CVE-2024-26643",
"cwe": {
"id": "CWE-667",
"name": "Improper Locking"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnetfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-26643"
},
{
"cve": "CVE-2024-26651",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "sr9800: Local Denial of Service Vulnerability.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-26651"
},
{
"cve": "CVE-2024-26659",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "xhci: isoc Babble and Buffer Overrun events are not handled properly.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-26659"
},
{
"cve": "CVE-2024-26787",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "mmc: mmci: stm32: Fixed issue with overlapping mappings in the DMA API.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-26787"
},
{
"cve": "CVE-2024-26810",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nvfio/pci: Lock external INTx masking ops",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-26810"
},
{
"cve": "CVE-2024-26812",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nvfio/pci: Create persistent INTx handler",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-26812"
},
{
"cve": "CVE-2024-26816",
"cwe": {
"id": "CWE-212",
"name": "Improper Removal of Sensitive Information Before Storage or Transfer"
},
"notes": [
{
"category": "summary",
"text": "x86, relocs: relocations in .notes section. When building with CONFIG_XEN_PV=y, .text symbols are emitted into the .notes section so that Xen can find the \"startup_xen\" entry point.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.0,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-26816"
},
{
"cve": "CVE-2024-26820",
"cwe": {
"id": "CWE-99",
"name": "Improper Control of Resource Identifiers (\u0027Resource Injection\u0027)"
},
"notes": [
{
"category": "summary",
"text": "hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER missed.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-26820"
},
{
"cve": "CVE-2024-26851",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "netfilter: nf_conntrack_h323: Add protection for bmp length out of range.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-26851"
},
{
"cve": "CVE-2024-26852",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "net/ipv6: possible UAF in ip6_route_mpath_notify().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-26852"
},
{
"cve": "CVE-2024-26855",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "net: ice: Fix potential NULL pointer dereference in ice_bridge_setlink().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-26855"
},
{
"cve": "CVE-2024-26859",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "net/bnx2x: Race condition leading to system crash during EEH error handling.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-26859"
},
{
"cve": "CVE-2024-26861",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "wireguard: receive: data-race around receiving_counter.counter.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-26861"
},
{
"cve": "CVE-2024-26863",
"cwe": {
"id": "CWE-908",
"name": "Use of Uninitialized Resource"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: hsr: Fix uninit-value access in hsr_get_node().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-26863"
},
{
"cve": "CVE-2024-26870",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "NFSv4.2: fix nfs4_listxattr kernel BUG at mm/usercopy.c:102.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-26870"
},
{
"cve": "CVE-2024-26872",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "RDMA/srpt: use-after-free Write in srpt_refresh_port().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-26872"
},
{
"cve": "CVE-2024-26875",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "media: pvrusb2: fix uaf in pvr2_context_set_notify.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-26875"
},
{
"cve": "CVE-2024-26877",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "crypto: xilinx - call finalize with bh disabled.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-26877"
},
{
"cve": "CVE-2024-26878",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: quota: Fix potential NULL pointer dereference.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-26878"
},
{
"cve": "CVE-2024-26880",
"cwe": {
"id": "CWE-99",
"name": "Improper Control of Resource Identifiers (\u0027Resource Injection\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: dm: call the resume method on internal suspend.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-26880"
},
{
"cve": "CVE-2024-26882",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "net: ip_tunnel: make sure to pull inner header in ip_tunnel_rcv().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-26882"
},
{
"cve": "CVE-2024-26883",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "bpf: Fix stackmap overflow check on 32-bit arches.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-26883"
},
{
"cve": "CVE-2024-26884",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "bpf: Fix hashtab overflow check on 32-bit arches.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-26884"
},
{
"cve": "CVE-2024-26885",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nbpf: Fix DEVMAP_HASH overflow check on 32-bit arches\r\n\r\nThe devmap code allocates a number hash buckets equal to the next power\r\nof two of the max_entries value provided when creating the map. When\r\nrounding up to the next power of two, the 32-bit variable storing the\r\nnumber of buckets can overflow, and the code checks for overflow by\r\nchecking if the truncated 32-bit value is equal to 0. However, on 32-bit\r\narches the rounding up itself can overflow mid-way through, because it\r\nends up doing a left-shift of 32 bits on an unsigned long value. If the\r\nsize of an unsigned long is four bytes, this is undefined behaviour, so\r\nthere is no guarantee that we\u0027ll end up with a nice and tidy 0-value at\r\nthe end.\r\n\r\nSyzbot managed to turn this into a crash on arm32 by creating a\r\nDEVMAP_HASH with max_entries \u003e 0x80000000 and then trying to update it.\r\nFix this by moving the overflow check to before the rounding up\r\noperation.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-26885"
},
{
"cve": "CVE-2024-26889",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "Bluetooth: hci_core: Fix possible buffer overflow.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-26889"
},
{
"cve": "CVE-2024-26891",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "iommu/vt-d: Don\u0027t issue ATS Invalidation request when device is disconnected.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-26891"
},
{
"cve": "CVE-2024-26894",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "ACPI: processor_idle: Fix memory leak in acpi_processor_power_exit().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-26894"
},
{
"cve": "CVE-2024-26895",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "wifi: wilc1000: prevent use-after-free on vif when cleaning up all interfaces.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-26895"
},
{
"cve": "CVE-2024-26897",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "wifi: ath9k: delay all of ath9k_wmi_event_tasklet() until init is complete.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-26897"
},
{
"cve": "CVE-2024-26898",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-26898"
},
{
"cve": "CVE-2024-26901",
"cwe": {
"id": "CWE-908",
"name": "Use of Uninitialized Resource"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: do_sys_name_to_handle(): use kzalloc() to fix kernel-infoleak.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-26901"
},
{
"cve": "CVE-2024-26903",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "Bluetooth: rfcomm: Fixed null-ptr-deref in rfcomm_check_security.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-26903"
},
{
"cve": "CVE-2024-26906",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "x86/mm: Disallow vsyscall page read for copy_from_kernel_nofault().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-26906"
},
{
"cve": "CVE-2024-26907",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "RDMA/mlx5: Fixed fortify source warning while accessing Eth segment.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-26907"
},
{
"cve": "CVE-2024-26920",
"cwe": {
"id": "CWE-908",
"name": "Use of Uninitialized Resource"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\ntracing/trigger: Fix to return error if failed to alloc snapshot",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-26920"
},
{
"cve": "CVE-2024-26923",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: af_unix: Fix garbage collector racing against connect().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-26923"
},
{
"cve": "CVE-2024-26925",
"cwe": {
"id": "CWE-667",
"name": "Improper Locking"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path The commit mutex should not be released during the critical section between nft_gc_seq_begin() and nft_gc_seq_end(), otherwise, async GC worker could collect expired objects and get the released commit lock within the same GC sequence. nf_tables_module_autoload() temporarily releases the mutex to load module dependencies, then it goes back to replay the transaction again. Move it at the end of the abort phase after nft_gc_seq_end() is called.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-26925"
},
{
"cve": "CVE-2024-26934",
"cwe": {
"id": "CWE-667",
"name": "Improper Locking"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nUSB: core: Fix deadlock in usb_deauthorize_interface()",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-26934"
},
{
"cve": "CVE-2024-26935",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nscsi: core: Fix unremoved procfs host directory regression",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-26935"
},
{
"cve": "CVE-2024-26937",
"cwe": {
"id": "CWE-617",
"name": "Reachable Assertion"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\ndrm/i915/gt: Reset queue_priority_hint on parking",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-26937"
},
{
"cve": "CVE-2024-26950",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nwireguard: netlink: access device through ctx instead of peer",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-26950"
},
{
"cve": "CVE-2024-26951",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nwireguard: netlink: check for dangling peer via is_dead instead of empty list",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-26951"
},
{
"cve": "CVE-2024-26958",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnfs: fix UAF in direct writes",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-26958"
},
{
"cve": "CVE-2024-26960",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nmm: swap: fix race between free_swap_and_cache() and swapoff()",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-26960"
},
{
"cve": "CVE-2024-26961",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nmac802154: fix llsec key resources release in mac802154_llsec_key_del",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-26961"
},
{
"cve": "CVE-2024-26973",
"cwe": {
"id": "CWE-457",
"name": "Use of Uninitialized Variable"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: fat: fix uninitialized field in nostale filehandles When fat_encode_fh_nostale() encodes file handle without a parent it stores only first 10 bytes of the file handle. However the length of the file handle must be a multiple of 4 so the file handle is actually 12 bytes long and the last two bytes remain uninitialized. This is not great at we potentially leak uninitialized information with the handle to userspace. Properly initialize the full handle length.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-26973"
},
{
"cve": "CVE-2024-26974",
"cwe": {
"id": "CWE-367",
"name": "Time-of-check Time-of-use (TOCTOU) Race Condition"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\ncrypto: qat - resolve race condition during AER recovery",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-26974"
},
{
"cve": "CVE-2024-26982",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\nSquashfs: check the inode number is not the invalid value of zero",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-26982"
},
{
"cve": "CVE-2024-26988",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\ninit/main.c: Fix potential static_command_line memory overflow",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-26988"
},
{
"cve": "CVE-2024-26993",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nfs: sysfs: Fix reference leak in sysfs_break_active_protection()",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-26993"
},
{
"cve": "CVE-2024-27004",
"cwe": {
"id": "CWE-667",
"name": "Improper Locking"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nclk: Get runtime PM before walking tree during disable_unused",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-27004"
},
{
"cve": "CVE-2024-27013",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\ntun: limit printing rate when illegal packet received by tun dev\r\n\r\nvhost_worker will call tun call backs to receive packets. If too many\r\nillegal packets arrives, tun_do_read will keep dumping packet contents.\r\nWhen console is enabled, it will costs much more cpu time to dump\r\npacket and soft lockup will be detected.\r\n\r\nnet_ratelimit mechanism can be used to limit the dumping rate.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-27013"
},
{
"cve": "CVE-2024-27020",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: Fix potential data-race in nft_expr_type_get().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-27020"
},
{
"cve": "CVE-2024-27024",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "Vulnerability in the Linux kernel: net/rds: WARNING in rds_conn_connect_if_down If connection isn\u0027t established yet, get_mr() will fail, trigger connection after get_mr().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-27024"
},
{
"cve": "CVE-2024-27025",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "Vulnerability in Linux kernel: nbd: null check for nla_nest_start nla_nest_start() may fail and return NULL. Insert a check and set errno based on other call sites within the same source code.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-27025"
},
{
"cve": "CVE-2024-27038",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "Vulnerability in Linux kernel: clk: clk_core_get NULL dereference It is possible for clk_core_get to dereference a NULL in the following sequence: clk_core_get() of_clk_get_hw_from_clkspec() __of_clk_get_hw_from_provider() __clk_get_hw() __clk_get_hw() can return NULL which is dereferenced by clk_core_get() at hw-\u003ecore. Prior to commit dde4eff47c82 (\"clk: Look for parents with clkdev based clk_lookups\") the check IS_ERR_OR_NULL() was performed which would have caught the NULL. Reading the description of this function it talks about returning NULL but that cannot be so at the moment. Update the function to check for hw before dereferencing it and return NULL if hw is NULL.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-27038"
},
{
"cve": "CVE-2024-27047",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "Vulnerablity in Linux kernel: net: phy: phy_get_internal_delay accessing an empty array The phy_get_internal_delay function could try to access to an empty array in the case that the driver is calling phy_get_internal_delay without defining delay_values and rx-internal-delay-ps or tx-internal-delay-ps is defined to 0 in the device-tree. This will lead to \"unable to handle kernel NULL pointer dereference at virtual address 0\".",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-27047"
},
{
"cve": "CVE-2024-27052",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "Vulnerability in Linux kernel: wifi: rtl8xxxu: add cancel_work_sync() for c2hcmd_work The workqueue might still be running, when the driver is stopped.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-27052"
},
{
"cve": "CVE-2024-27053",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "Vulnerability in the Linux kernel: wifi: wilc1000: RCU usage in connect path",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-27053"
},
{
"cve": "CVE-2024-27059",
"cwe": {
"id": "CWE-369",
"name": "Divide By Zero"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: usb-storage: Prevent divide-by-0 error in isd200_ata_command\n\nThe isd200 sub-driver in usb-storage uses the HEADS and SECTORS values\nin the ATA ID information to calculate cylinder and head values when\ncreating a CDB for READ or WRITE commands. The calculation involves\ndivision and modulus operations, which will cause a crash if either of\nthese values is 0. While this never happens with a genuine device, it\ncould happen with a flawed or subversive emulation, as reported by the\nsyzbot fuzzer.\n\nProtect against this possibility by refusing to bind to the device if\neither the ATA_ID_HEADS or ATA_ID_SECTORS value in the device\u0027s ID\ninformation is 0. This requires isd200_Initialization() to return a\nnegative error code when initialization fails; currently it always\nreturns 0 (even when there is an error).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-27059"
},
{
"cve": "CVE-2024-27065",
"cwe": {
"id": "CWE-1287",
"name": "Improper Validation of Specified Type of Input"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: do not compare internal table flags on updates Restore skipping transaction if table update does not modify flags.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-27065"
},
{
"cve": "CVE-2024-27072",
"cwe": {
"id": "CWE-667",
"name": "Improper Locking"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nmedia: usbtv: Remove useless locks in usbtv_video_free()\r\n\r\nRemove locks calls in usbtv_video_free() because\r\nare useless and may led to a deadlock as reported here:\r\nhttps://syzkaller.appspot.com/x/bisect.txt?x=166dc872180000\r\nAlso remove usbtv_stop() call since it will be called when\r\nunregistering the device.\r\n\r\nBefore \u0027c838530d230b\u0027 this issue would only be noticed if you\r\ndisconnect while streaming and now it is noticeable even when\r\ndisconnecting while not streaming.\r\n\r\n\r\n[hverkuil: fix minor spelling mistake in log message]",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-27072"
},
{
"cve": "CVE-2024-27076",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "Vulnerability in the Linux kernel: media: imx: csc/scaler: v4l2_ctrl_handler memory leak Free the memory allocated in v4l2_ctrl_handler_init on release.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-27076"
},
{
"cve": "CVE-2024-27077",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "Vulnerability in Linux kernel: media: v4l2-mem2mem: a memleak in v4l2_m2m_register_entity The entity-\u003ename (i.e. name) is allocated in v4l2_m2m_register_entity but isn\u0027t freed in its following error-handling paths. This patch adds such deallocation to prevent memleak of entity-\u003ename.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-27077"
},
{
"cve": "CVE-2024-27078",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "Vulnerability in Linux kernel: media: v4l2-tpg: some memleaks in tpg_alloc In tpg_alloc, resources should be deallocated in each and every error-handling paths, since they are allocated in for statements. Otherwise there would be memleaks because tpg_free is called only when tpg_alloc return 0.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-27078"
},
{
"cve": "CVE-2024-27395",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: openvswitch: Fix Use-After-Free in ovs_ct_exit\n\nSince kfree_rcu, which is called in the hlist_for_each_entry_rcu traversal\nof ovs_ct_limit_exit, is not part of the RCU read critical section, it\nis possible that the RCU grace period will pass during the traversal and\nthe key will be free.\n\nTo prevent this, it should be changed to hlist_for_each_entry_safe.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-27395"
},
{
"cve": "CVE-2024-27396",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: gtp: Fix Use-After-Free in gtp_dellink\n\nSince call_rcu, which is called in the hlist_for_each_entry_rcu traversal\nof gtp_dellink, is not part of the RCU read critical section, it\nis possible that the RCU grace period will pass during the traversal and\nthe key will be free.\n\nTo prevent this, it should be changed to hlist_for_each_entry_safe.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-27396"
},
{
"cve": "CVE-2024-27397",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnetfilter: nf_tables: use timestamp to check for set element timeout\r\n\r\nAdd a timestamp field at the beginning of the transaction, store it\r\nin the nftables per-netns area.\r\n\r\nUpdate set backend .insert, .deactivate and sync gc path to use the\r\ntimestamp, this avoids that an element expires while control plane\r\ntransaction is still unfinished.\r\n\r\n.lookup and .update, which are used from packet path, still use the\r\ncurrent time to check if the element has expired. And .get path and dump\r\nalso since this runs lockless under rcu read size lock. Then, there is\r\nasync gc which also needs to check the current time since it runs\r\nasynchronously from a workqueue.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-27397"
},
{
"cve": "CVE-2024-27419",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: netrom: data-races around sysctl_net_busy_read We need to protect the reader reading the sysctl value because the value can be changed concurrently.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-27419"
},
{
"cve": "CVE-2024-27431",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: cpumap: Zero-initialise xdp_rxq_info struct before running XDP program When running an XDP program that is attached to a cpumap entry, we don\u0027t initialise the xdp_rxq_info data structure being used in the xdp_buff that backs the XDP program invocation. Tobias noticed that this leads to random values being returned as the xdp_md-\u003erx_queue_index value for XDP programs running in a cpumap. This means we\u0027re basically returning the contents of the uninitialised memory, which is bad. Fix this by zero-initialising the rxq data structure before running the XDP program.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-27431"
},
{
"cve": "CVE-2024-27436",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Stop parsing channels bits when all channels are found. If a usb audio device sets more bits than the amount of channels it could write outside of the map array.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-27436"
},
{
"cve": "CVE-2024-27437",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvfio/pci: Disable auto-enable of exclusive INTx IRQ\n\nCurrently for devices requiring masking at the irqchip for INTx, ie.\ndevices without DisINTx support, the IRQ is enabled in request_irq()\nand subsequently disabled as necessary to align with the masked status\nflag. This presents a window where the interrupt could fire between\nthese events, resulting in the IRQ incrementing the disable depth twice.\nThis would be unrecoverable for a user since the masked flag prevents\nnested enables through vfio.\n\nInstead, invert the logic using IRQF_NO_AUTOEN such that exclusive INTx\nis never auto-enabled, then unmask as required.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-27437"
},
{
"cve": "CVE-2024-33621",
"cwe": {
"id": "CWE-1287",
"name": "Improper Validation of Specified Type of Input"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: ipvlan: Dont Use skb-\u003esk in ipvlan_process_v4 / 6_outbound.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-33621"
},
{
"cve": "CVE-2024-33847",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "f2fs: compress: Released compress inode f2fs image may be corrupted. The reason is partial truncation assume compressed inode has reserved blocks, after partial truncation, valid block count may change w/o .i_blocks and .total_valid_block_count update, resulting in corruption.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-33847"
},
{
"cve": "CVE-2024-34027",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "f2fs: compress: filesystem metadata including blkaddr in dnode, inode fields and .total_valid_block_count may be corrupted after SPO case.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-34027"
},
{
"cve": "CVE-2024-35789",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nwifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes\r\n\r\nWhen moving a station out of a VLAN and deleting the VLAN afterwards, the\r\nfast_rx entry still holds a pointer to the VLAN\u0027s netdev, which can cause\r\nuse-after-free bugs. Fix this by immediately calling ieee80211_check_fast_rx\r\nafter the VLAN change.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-35789"
},
{
"cve": "CVE-2024-35805",
"cwe": {
"id": "CWE-667",
"name": "Improper Locking"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\ndm snapshot: fix lockup in dm_exception_table_exit\r\n\r\nThere was reported lockup when we exit a snapshot with many exceptions.\r\nFix this by adding \"cond_resched\" to the loop that frees the exceptions.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-35805"
},
{
"cve": "CVE-2024-35807",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: ext4: fix corruption during on-line resize.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-35807"
},
{
"cve": "CVE-2024-35811",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nwifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-35811"
},
{
"cve": "CVE-2024-35813",
"cwe": {
"id": "CWE-129",
"name": "Improper Validation of Array Index"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nmmc: core: Avoid negative index with array access\r\n\r\nCommit 4d0c8d0aef63 (\"mmc: core: Use mrq.sbc in close-ended ffu\") assigns\r\nprev_idata = idatas[i - 1], but doesn\u0027t check that the iterator i is\r\ngreater than zero. Let\u0027s fix this by adding a check.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-35813"
},
{
"cve": "CVE-2024-35815",
"cwe": {
"id": "CWE-237",
"name": "Improper Handling of Structural Elements"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nfs/aio: Check IOCB_AIO_RW before the struct aio_kiocb conversion\r\n\r\nThe first kiocb_set_cancel_fn() argument may point at a struct kiocb\r\nthat is not embedded inside struct aio_kiocb. With the current code,\r\ndepending on the compiler, the req-\u003eki_ctx read happens either before\r\nthe IOCB_AIO_RW test or after that test. Move the req-\u003eki_ctx read such\r\nthat it is guaranteed that the IOCB_AIO_RW test happens first.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-35815"
},
{
"cve": "CVE-2024-35823",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nvt: fix unicode buffer corruption when deleting characters\r\n\r\nThis is the same issue that was fixed for the VGA text buffer in commit\r\n39cdb68c64d8 (\"vt: fix memory overlapping when deleting chars in the\r\nbuffer\"). The cure is also the same i.e. replace memcpy() with memmove()\r\ndue to the overlaping buffers.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-35823"
},
{
"cve": "CVE-2024-35828",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: wifi: libertas: some memleaks in lbs_allocate_cmd_buffer() In the for statement of lbs_allocate_cmd_buffer(), if the allocation of cmdarray[i].cmdbuf fails, both cmdarray and cmdarray[i].cmdbuf needs to be freed. Otherwise, there will be memleaks in lbs_allocate_cmd_buffer().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-35828"
},
{
"cve": "CVE-2024-35845",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "wifi: iwlwifi: dbg-tlv: ensure NUL termination The iwl_fw_ini_debug_info_tlv is used as a string, so we must ensure the string is terminated correctly before using it.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-35845"
},
{
"cve": "CVE-2024-35849",
"cwe": {
"id": "CWE-908",
"name": "Use of Uninitialized Resource"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nbtrfs: fix information leak in btrfs_ioctl_logical_to_ino()",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-35849"
},
{
"cve": "CVE-2024-35877",
"cwe": {
"id": "CWE-237",
"name": "Improper Handling of Structural Elements"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nx86/mm/pat: fix VM_PAT handling in COW mappings\r\n\r\nPAT handling won\u0027t do the right thing in COW mappings: the first PTE (or,\r\nin fact, all PTEs) can be replaced during write faults to point at anon\r\nfolios. Reliably recovering the correct PFN and cachemode using\r\nfollow_phys() from PTEs will not work in COW mappings.\r\n\r\nUsing follow_phys(), we might just get the address+protection of the anon\r\nfolio (which is very wrong), or fail on swap/nonswap entries, failing\r\nfollow_phys() and triggering a WARN_ON_ONCE() in untrack_pfn() and\r\ntrack_pfn_copy(), not properly calling free_pfn_range().\r\n\r\nIn free_pfn_range(), we either wouldn\u0027t call memtype_free() or would call\r\nit with the wrong range, possibly leaking memory.\r\n\r\nTo fix that, let\u0027s update follow_phys() to refuse returning anon folios,\r\nand fallback to using the stored PFN inside vma-\u003evm_pgoff for COW mappings\r\nif we run into that.\r\n\r\nWe will now properly handle untrack_pfn() with COW mappings, where we\r\ndon\u0027t need the cachemode. We\u0027ll have to fail fork()-\u003etrack_pfn_copy() if\r\nthe first page was replaced by an anon folio, though: we\u0027d have to store\r\nthe cachemode in the VMA to make this work, likely growing the VMA size.\r\n\r\nFor now, lets keep it simple and let track_pfn_copy() just fail in that\r\ncase: it would have failed in the past with swap/nonswap entries already,\r\nand it would have done the wrong thing with anon folios.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-35877"
},
{
"cve": "CVE-2024-35884",
"cwe": {
"id": "CWE-923",
"name": "Improper Restriction of Communication Channel to Intended Endpoints"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nudp: do not accept non-tunnel GSO skbs landing in a tunnel\r\n\r\nWhen rx-udp-gro-forwarding is enabled UDP packets might be GROed when\r\nbeing forwarded. If such packets might land in a tunnel this can cause\r\nvarious issues and udp_gro_receive makes sure this isn\u0027t the case by\r\nlooking for a matching socket. This is performed in\r\nudp4/6_gro_lookup_skb but only in the current netns. This is an issue\r\nwith tunneled packets when the endpoint is in another netns. In such\r\ncases the packets will be GROed at the UDP level, which leads to various\r\nissues later on. The same thing can happen with rx-gro-list.\r\n\r\nWe saw this with geneve packets being GROed at the UDP level. In such\r\ncase gso_size is set; later the packet goes through the geneve rx path,\r\nthe geneve header is pulled, the offset are adjusted and frag_list skbs\r\nare not adjusted with regard to geneve. When those skbs hit\r\nskb_fragment, it will misbehave. Different outcomes are possible\r\ndepending on what the GROed skbs look like; from corrupted packets to\r\nkernel crashes.\r\n\r\nOne example is a BUG_ON[1] triggered in skb_segment while processing the\r\nfrag_list. Because gso_size is wrong (geneve header was pulled)\r\nskb_segment thinks there is \"geneve header size\" of data in frag_list,\r\nalthough it\u0027s in fact the next packet. The BUG_ON itself has nothing to\r\ndo with the issue. This is only one of the potential issues.\r\n\r\nLooking up for a matching socket in udp_gro_receive is fragile: the\r\nlookup could be extended to all netns (not speaking about performances)\r\nbut nothing prevents those packets from being modified in between and we\r\ncould still not find a matching socket. It\u0027s OK to keep the current\r\nlogic there as it should cover most cases but we also need to make sure\r\nwe handle tunnel packets being GROed too early.\r\n\r\nThis is done by extending the checks in udp_unexpected_gso: GSO packets\r\nlacking the SKB_GSO_UDP_TUNNEL/_CSUM bits and landing in a tunnel must\r\nbe segmented.\r\n\r\n[1] kernel BUG at net/core/skbuff.c:4408!\r\n RIP: 0010:skb_segment+0xd2a/0xf70\r\n __udp_gso_segment+0xaa/0x560",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-35884"
},
{
"cve": "CVE-2024-35886",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nipv6: Fix infinite recursion in fib6_dump_done().\r\n\r\nsyzkaller reported infinite recursive calls of fib6_dump_done() during\r\nnetlink socket destruction.\r\n\r\nFrom the log, syzkaller sent an AF_UNSPEC RTM_GETROUTE message, and then\r\nthe response was generated. The following recvmmsg() resumed the dump\r\nfor IPv6, but the first call of inet6_dump_fib() failed at kzalloc() due\r\nto the fault injection.\r\n\r\n 12:01:34 executing program 3:\r\n r0 = socket$nl_route(0x10, 0x3, 0x0)\r\n sendmsg$nl_route(r0, ... snip ...)\r\n recvmmsg(r0, ... snip ...) (fail_nth: 8)\r\n\r\nHere, fib6_dump_done() was set to nlk_sk(sk)-\u003ecb.done, and the next call\r\nof inet6_dump_fib() set it to nlk_sk(sk)-\u003ecb.args[3]. syzkaller stopped\r\nreceiving the response halfway through, and finally netlink_sock_destruct()\r\ncalled nlk_sk(sk)-\u003ecb.done().\r\n\r\nfib6_dump_done() calls fib6_dump_end() and nlk_sk(sk)-\u003ecb.done() if it\r\nis still not NULL. fib6_dump_end() rewrites nlk_sk(sk)-\u003ecb.done() by\r\nnlk_sk(sk)-\u003ecb.args[3], but it has the same function, not NULL, calling\r\nitself recursively and hitting the stack guard page.\r\n\r\nTo avoid the issue, let\u0027s set the destructor after kzalloc().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-35886"
},
{
"cve": "CVE-2024-35888",
"cwe": {
"id": "CWE-457",
"name": "Use of Uninitialized Variable"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: erspan: make sure erspan_base_hdr is present in skb-\u003ehead.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-35888"
},
{
"cve": "CVE-2024-35893",
"cwe": {
"id": "CWE-908",
"name": "Use of Uninitialized Resource"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnet/sched: act_skbmod: prevent kernel-infoleak\r\n\r\nsyzbot found that tcf_skbmod_dump() was copying four bytes\r\nfrom kernel stack to user space.\r\n\r\nThe issue here is that \u0027struct tc_skbmod\u0027 has a four bytes hole.\r\n\r\nWe need to clear the structure before filling fields.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-35893"
},
{
"cve": "CVE-2024-35895",
"cwe": {
"id": "CWE-667",
"name": "Improper Locking"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, sockmap: Prevent lock inversion deadlock in map delete elem\n\nsyzkaller started using corpuses where a BPF tracing program deletes\nelements from a sockmap/sockhash map. Because BPF tracing programs can be\ninvoked from any interrupt context, locks taken during a map_delete_elem\noperation must be hardirq-safe. Otherwise a deadlock due to lock inversion\nis possible, as reported by lockdep:\n\n CPU0 CPU1\n ---- ----\n lock(\u0026htab-\u003ebuckets[i].lock);\n local_irq_disable();\n lock(\u0026host-\u003elock);\n lock(\u0026htab-\u003ebuckets[i].lock);\n \u003cInterrupt\u003e\n lock(\u0026host-\u003elock);\n\nLocks in sockmap are hardirq-unsafe by design. We expects elements to be\ndeleted from sockmap/sockhash only in task (normal) context with interrupts\nenabled, or in softirq context.\n\nDetect when map_delete_elem operation is invoked from a context which is\n_not_ hardirq-unsafe, that is interrupts are disabled, and bail out with an\nerror.\n\nNote that map updates are not affected by this issue. BPF verifier does not\nallow updating sockmap/sockhash from a BPF tracing program today.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-35895"
},
{
"cve": "CVE-2024-35896",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnetfilter: validate user input for expected length\r\n\r\nI got multiple syzbot reports showing old bugs exposed\r\nby BPF after commit 20f2505fb436 (\"bpf: Try to avoid kzalloc\r\nin cgroup/{s,g}etsockopt\")\r\n\r\nsetsockopt() @optlen argument should be taken into account\r\nbefore copying data.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-35896"
},
{
"cve": "CVE-2024-35897",
"cwe": {
"id": "CWE-1287",
"name": "Improper Validation of Specified Type of Input"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnetfilter: nf_tables: discard table flag update with pending basechain deletion\r\n\r\nHook unregistration is deferred to the commit phase, same occurs with\r\nhook updates triggered by the table dormant flag. When both commands are\r\ncombined, this results in deleting a basechain while leaving its hook\r\nstill registered in the core.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-35897"
},
{
"cve": "CVE-2024-35898",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnetfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get()\r\n\r\nnft_unregister_flowtable_type() within nf_flow_inet_module_exit() can\r\nconcurrent with __nft_flowtable_type_get() within nf_tables_newflowtable().\r\nAnd thhere is not any protection when iterate over nf_tables_flowtables\r\nlist in __nft_flowtable_type_get(). Therefore, there is pertential\r\ndata-race of nf_tables_flowtables list entry.\r\n\r\nUse list_for_each_entry_rcu() to iterate over nf_tables_flowtables list\r\nin __nft_flowtable_type_get(), and use rcu_read_lock() in the caller\r\nnft_flowtable_type_get() to protect the entire type query process.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-35898"
},
{
"cve": "CVE-2024-35899",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnetfilter: nf_tables: flush pending destroy work before exit_net release\r\n\r\nSimilar to 2c9f0293280e (\"netfilter: nf_tables: flush pending destroy\r\nwork before netlink notifier\") to address a race between exit_net and\r\nthe destroy workqueue.\r\n\r\nThe trace below shows an element to be released via destroy workqueue\r\nwhile exit_net path (triggered via module removal) has already released\r\nthe set that is used in such transaction.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-35899"
},
{
"cve": "CVE-2024-35900",
"cwe": {
"id": "CWE-1287",
"name": "Improper Validation of Specified Type of Input"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnetfilter: nf_tables: reject new basechain after table flag update\r\n\r\nWhen dormant flag is toggled, hooks are disabled in the commit phase by\r\niterating over current chains in table (existing and new).\r\n\r\nThe following configuration allows for an inconsistent state:\r\n\r\n add table x\r\n add chain x y { type filter hook input priority 0; }\r\n add table x { flags dormant; }\r\n add chain x w { type filter hook input priority 1; }\r\n\r\nwhich triggers the following warning when trying to unregister chain w\r\nwhich is already unregistered.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-35900"
},
{
"cve": "CVE-2024-35902",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "net/rds: possible cp null dereference cp might be null, calling cp-\u003ecp_conn would produce null dereference. Cp is a parameter of __rds_rdma_map and is not reassigned.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-35902"
},
{
"cve": "CVE-2024-35905",
"cwe": {
"id": "CWE-129",
"name": "Improper Validation of Array Index"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Protect against int overflow for stack access size\n\nThis patch re-introduces protection against the size of access to stack\nmemory being negative; the access size can appear negative as a result\nof overflowing its signed int representation. This should not actually\nhappen, as there are other protections along the way, but we should\nprotect against it anyway. One code path was missing such protections\n(fixed in the previous patch in the series), causing out-of-bounds array\naccesses in check_stack_range_initialized(). This patch causes the\nverification of a program with such a non-sensical access size to fail.\n\nThis check used to exist in a more indirect way, but was inadvertendly\nremoved in a833a17aeac7.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-35905"
},
{
"cve": "CVE-2024-35910",
"cwe": {
"id": "CWE-665",
"name": "Improper Initialization"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: tcp: properly terminate timers for kernel sockets We had various syzbot reports about tcp timers firing after the corresponding netns has been dismantled. Fortunately Josef Bacik could trigger the issue more often, and could test a patch I wrote two years ago. When TCP sockets are closed, we call inet_csk_clear_xmit_timers() to \u0027stop\u0027 the timers. inet_csk_clear_xmit_timers() can be called from any context, including when socket lock is held. This is the reason it uses sk_stop_timer(), aka del_timer(). This means that ongoing timers might finish much later. For user sockets, this is fine because each running timer holds a reference on the socket, and the user socket holds a reference on the netns. For kernel sockets, we risk that the netns is freed before timer can complete, because kernel sockets do not hold reference on the netns. This patch adds inet_csk_clear_xmit_timers_sync() function that using sk_stop_timer_sync() to make sure all timers are terminated before the kernel socket is released. Modules using kernel sockets close them in their netns exit() handler. Also add sock_not_owned_by_me() helper to get LOCKDEP support : inet_csk_clear_xmit_timers_sync() must not be called while socket lock is held. It is very possible we can revert in the future commit 3a58f13a881e (\"net: rds: acquire refcount on TCP sockets\") which attempted to solve the issue in rds only. (net/smc/af_smc.c and net/mptcp/subflow.c have similar code) We probably can remove the check_net() tests from tcp_out_of_resources() and __tcp_close() in the future.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-35910"
},
{
"cve": "CVE-2024-35915",
"cwe": {
"id": "CWE-908",
"name": "Use of Uninitialized Resource"
},
"notes": [
{
"category": "summary",
"text": "nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-35915"
},
{
"cve": "CVE-2024-35922",
"cwe": {
"id": "CWE-369",
"name": "Divide By Zero"
},
"notes": [
{
"category": "summary",
"text": "fbmon: prevent division by zero in fb_videomode_from_videomode()",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-35922"
},
{
"cve": "CVE-2024-35925",
"cwe": {
"id": "CWE-369",
"name": "Divide By Zero"
},
"notes": [
{
"category": "summary",
"text": "block: prevent division by zero in blk_rq_stat_sum()",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-35925"
},
{
"cve": "CVE-2024-35930",
"cwe": {
"id": "CWE-401",
"name": "Missing Release of Memory after Effective Lifetime"
},
"notes": [
{
"category": "summary",
"text": "scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc()",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-35930"
},
{
"cve": "CVE-2024-35933",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "Bluetooth: btintel: Fix null ptr deref in btintel_read_version",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-35933"
},
{
"cve": "CVE-2024-35934",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "summary",
"text": "net/smc: reduce rtnl pressure in smc_pnet_create_pnetids_list()",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-35934"
},
{
"cve": "CVE-2024-35935",
"cwe": {
"id": "CWE-124",
"name": "Buffer Underwrite (\u0027Buffer Underflow\u0027)"
},
"notes": [
{
"category": "summary",
"text": "btrfs: send: handle path ref underflow in header iterate_inode_ref()",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-35935"
},
{
"cve": "CVE-2024-35936",
"cwe": {
"id": "CWE-237",
"name": "Improper Handling of Structural Elements"
},
"notes": [
{
"category": "summary",
"text": "btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks()",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-35936"
},
{
"cve": "CVE-2024-35940",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "pstore/zone: Add a null pointer check to the psz_kmsg_read",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-35940"
},
{
"cve": "CVE-2024-35944",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host()",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-35944"
},
{
"cve": "CVE-2024-35950",
"cwe": {
"id": "CWE-908",
"name": "Use of Uninitialized Resource"
},
"notes": [
{
"category": "summary",
"text": "drm/client: Fully protect modes with dev-\u003emode_config.mutex",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-35950"
},
{
"cve": "CVE-2024-35955",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "kprobes: Fix possible use-after-free issue on kprobe registration",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-35955"
},
{
"cve": "CVE-2024-35958",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "net: ena: Fix incorrect descriptor free behavior",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-35958"
},
{
"cve": "CVE-2024-35960",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "net/mlx5: Properly link new fs rules into the tree",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-35960"
},
{
"cve": "CVE-2024-35962",
"cwe": {
"id": "CWE-1284",
"name": "Improper Validation of Specified Quantity in Input"
},
"notes": [
{
"category": "summary",
"text": "netfilter: complete validation of user input",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-35962"
},
{
"cve": "CVE-2024-35965",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"notes": [
{
"category": "summary",
"text": "Bluetooth: L2CAP: Fix not validating setsockopt user input\r\n\r\nCheck user input length before copying data.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-35965"
},
{
"cve": "CVE-2024-35966",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "Bluetooth: RFCOMM: Fix not validating setsockopt user input",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-35966"
},
{
"cve": "CVE-2024-35967",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "Bluetooth: SCO: Fix not validating setsockopt user input",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-35967"
},
{
"cve": "CVE-2024-35969",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "summary",
"text": "ipv6: fix race condition between ipv6_get_ifaddr and ipv6_del_addr",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-35969"
},
{
"cve": "CVE-2024-35973",
"cwe": {
"id": "CWE-908",
"name": "Use of Uninitialized Resource"
},
"notes": [
{
"category": "summary",
"text": "geneve: fix header validation in geneve_xmit_skb",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-35973"
},
{
"cve": "CVE-2024-35976",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "xsk: validate user input for XDP_UMEM|COMPLETION_FILL_RING",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-35976"
},
{
"cve": "CVE-2024-35978",
"cwe": {
"id": "CWE-401",
"name": "Missing Release of Memory after Effective Lifetime"
},
"notes": [
{
"category": "summary",
"text": "Bluetooth: Fix memory leak in hci_req_sync_complete()",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-35978"
},
{
"cve": "CVE-2024-35982",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"notes": [
{
"category": "summary",
"text": "batman-adv: Avoid infinite loop trying to resize local TT",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-35982"
},
{
"cve": "CVE-2024-35983",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "bounds: Use the right number of bits for power-of-two CONFIG_NR_CPUS",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-35983"
},
{
"cve": "CVE-2024-35984",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "i2c: smbus: fix NULL function pointer dereference",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-35984"
},
{
"cve": "CVE-2024-35988",
"cwe": {
"id": "CWE-131",
"name": "Incorrect Calculation of Buffer Size"
},
"notes": [
{
"category": "summary",
"text": "riscv: Fix TASK_SIZE on 64-bit NOMMU. On NOMMU, userspace memory can come from anywhere in physical RAM. The current definition of TASK_SIZE is wrong if any RAM exists above 4G,\r\ncausing spurious failures in the userspace access routines.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-35988"
},
{
"cve": "CVE-2024-35990",
"cwe": {
"id": "CWE-667",
"name": "Improper Locking"
},
"notes": [
{
"category": "summary",
"text": "dma: xilinx_dpdma: Fix locking",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-35990"
},
{
"cve": "CVE-2024-35996",
"cwe": {
"id": "CWE-655",
"name": "Insufficient Psychological Acceptability"
},
"notes": [
{
"category": "summary",
"text": "cpu: Re-enable CPU mitigations by default for !X86 architectures",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-35996"
},
{
"cve": "CVE-2024-35997",
"cwe": {
"id": "CWE-667",
"name": "Improper Locking"
},
"notes": [
{
"category": "summary",
"text": "HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent lock-up",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-35997"
},
{
"cve": "CVE-2024-36004",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"notes": [
{
"category": "summary",
"text": "i40e: Do not use WQ_MEM_RECLAIM flag for workqueue",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-36004"
},
{
"cve": "CVE-2024-36005",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "netfilter: nf_tables: honor table dormant flag from netdev release event path",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-36005"
},
{
"cve": "CVE-2024-36006",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nmlxsw: spectrum_acl_tcam: Fix incorrect list API usage",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-36006"
},
{
"cve": "CVE-2024-36007",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nmlxsw: spectrum_acl_tcam: Fix warning during rehash\r\n\r\nAs previously explained, the rehash delayed work migrates filters from\r\none region to another. This is done by iterating over all chunks (all\r\nthe filters with the same priority) in the region and in each chunk\r\niterating over all the filters.\r\n\r\nWhen the work runs out of credits it stores the current chunk and entry\r\nas markers in the per-work context so that it would know where to resume\r\nthe migration from the next time the work is scheduled.\r\n\r\nUpon error, the chunk marker is reset to NULL, but without resetting the\r\nentry markers despite being relative to it. This can result in migration\r\nbeing resumed from an entry that does not belong to the chunk being\r\nmigrated. In turn, this will eventually lead to a chunk being iterated\r\nover as if it is an entry. Because of how the two structures happen to\r\nbe defined, this does not lead to KASAN splats, but to warnings such as.\r\n\r\nFix by creating a helper that resets all the markers and call it from\r\nall the places the currently only reset the chunk marker. For good\r\nmeasures also call it when starting a completely new rehash. Add a\r\nwarning to avoid future cases.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-36007"
},
{
"cve": "CVE-2024-36008",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nipv4: check for NULL idev in ip_route_use_hint()\r\n\r\nsyzbot was able to trigger a NULL deref in fib_validate_source()\r\nin an old tree.\r\n\r\nIt appears the bug exists in latest trees.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-36008"
},
{
"cve": "CVE-2024-36020",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\ni40e: fix vf may be used uninitialized in this function warning\r\n\r\nTo fix the regression introduced by commit 52424f974bc5, which causes\r\nservers hang in very hard to reproduce conditions with resets races.\r\nUsing two sources for the information is the root cause.\r\nIn this function before the fix bumping v didn\u0027t mean bumping vf\r\npointer. But the code used this variables interchangeably, so stale vf\r\ncould point to different/not intended vf.\r\n\r\nRemove redundant \"v\" variable and iterate via single VF pointer across\r\nwhole function instead to guarantee VF pointer validity.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-36020"
},
{
"cve": "CVE-2024-36270",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "netfilter: tproxy: bail out if IP has been disabled on the device syzbot reports: general protection fault, probably for non-canonical address",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-36270"
},
{
"cve": "CVE-2024-36286",
"cwe": {
"id": "CWE-1287",
"name": "Improper Validation of Specified Type of Input"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-36286"
},
{
"cve": "CVE-2024-36288",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "summary",
"text": "SUNRPC: Fix loop termination condition in gss_free_in_token_pages() The in_token-\u003epages[] array is not NULL terminated. This results in the following KASAN splat: KASAN: maybe wild-memory-access in range [0x04a2013400000008-0x04a201340000000f].",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-36288"
},
{
"cve": "CVE-2024-36484",
"cwe": {
"id": "CWE-99",
"name": "Improper Control of Resource Identifiers (\u0027Resource Injection\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: net: relax socket state check at accept time.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-36484"
},
{
"cve": "CVE-2024-36489",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "tls: missing memory barrier in tls_init. In tls_init(), a write memory barrier is missing, and store-store reordering may cause NULL dereference in tls_{setsockopt,getsockopt}.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-36489"
},
{
"cve": "CVE-2024-36894",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-36894"
},
{
"cve": "CVE-2024-36899",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\ngpiolib: cdev: Fix use after free in lineinfo_changed_notify\r\n\r\nThe use-after-free issue occurs as follows: when the GPIO chip device file\r\nis being closed by invoking gpio_chrdev_release(), watched_lines is freed\r\nby bitmap_free(), but the unregistration of lineinfo_changed_nb notifier\r\nchain failed due to waiting write rwsem. Additionally, one of the GPIO\r\nchip\u0027s lines is also in the release process and holds the notifier chain\u0027s\r\nread rwsem. Consequently, a race condition leads to the use-after-free of\r\nwatched_lines.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-36899"
},
{
"cve": "CVE-2024-36902",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "Vulnerability in Linux kernel: ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action() syzbot is able to trigger the following crash [1], caused by unsafe ip6_dst_idev() use. Indeed ip6_dst_idev() can return NULL, and must always be checked.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-36902"
},
{
"cve": "CVE-2024-36904",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-36904"
},
{
"cve": "CVE-2024-36905",
"cwe": {
"id": "CWE-369",
"name": "Divide By Zero"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-36905"
},
{
"cve": "CVE-2024-36916",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: blk-iocost: avoid out of bounds shift UBSAN catches undefined behavior in blk-iocost, where sometimes iocg-\u003edelay is shifted right by a number that is too large, resulting in undefined behavior on some architectures. [ 186.556576] ------------[ cut here ]------------ UBSAN: shift-out-of-bounds in block/blk-iocost.c:1366:23 shift exponent 64 is too large for 64-bit type \u0027u64\u0027 (aka \u0027unsigned long long\u0027) CPU: 16 PID: 0 Comm: swapper/16 Tainted: G S E N 6.9.0-0_fbk700_debug_rc2_kbuilder_0_gc85af715cac0 #1 Hardware name: Quanta Twin Lakes MP/Twin Lakes Passive MP, BIOS F09_3A23 12/08/2020 Call Trace: \u003cIRQ\u003e dump_stack_lvl+0x8f/0xe0 __ubsan_handle_shift_out_of_bounds+0x22c/0x280 iocg_kick_delay+0x30b/0x310 ioc_timer_fn+0x2fb/0x1f80 __run_timer_base+0x1b6/0x250 ... Avoid that undefined behavior by simply taking the \"delay = 0\" branch if the shift is too large. I am not sure what the symptoms of an undefined value delay will be, but I suspect it could be more than a little annoying to debug.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-36916"
},
{
"cve": "CVE-2024-36929",
"cwe": {
"id": "CWE-237",
"name": "Improper Handling of Structural Elements"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: net: core: reject skb_copy(_expand) for fraglist GSO skbs SKB_GSO_FRAGLIST skbs must not be linearized, otherwise they become invalid. Return NULL if such an skb is passed to skb_copy or skb_copy_expand, in order to prevent a crash on a potential later call to skb_gso_segment.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-36929"
},
{
"cve": "CVE-2024-36939",
"cwe": {
"id": "CWE-391",
"name": "Unchecked Error Condition"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: nfs: Handle error of rpc_proc_register() in nfs_net_init(). syzkaller reported a warning [0] triggered while destroying immature netns. rpc_proc_register() was called in init_nfs_fs(), but its error has been ignored since at least the initial commit 1da177e4c3f4 (\"Linux-2.6.12-rc2\"). Recently, commit d47151b79e32 (\"nfs: expose /proc/net/sunrpc/nfs in net namespaces\") converted the procfs to per-netns and made the problem more visible. Even when rpc_proc_register() fails, nfs_net_init() could succeed, and thus nfs_net_exit() will be called while destroying the netns. Then, remove_proc_entry() will be called for non-existing proc directory and trigger the warning below. Let\u0027s handle the error of rpc_proc_register() properly in nfs_net_init(). [0]: name \u0027nfs\u0027 WARNING: CPU: 1 PID: 1710 at fs/proc/generic.c:711 remove_proc_entry+0x1bb/0x2d0 fs/proc/generic.c:711 Modules linked in: CPU: 1 PID: 1710 Comm: syz-executor.2 Not tainted 6.8.0-12822-gcd51db110a7e #12 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014 RIP: 0010:remove_proc_entry+0x1bb/0x2d0 fs/proc/generic.c:711 Code: 41 5d 41 5e c3 e8 85 09 b5 ff 48 c7 c7 88 58 64 86 e8 09 0e 71 02 e8 74 09 b5 ff 4c 89 e6 48 c7 c7 de 1b 80 84 e8 c5 ad 97 ff \u003c0f\u003e 0b eb b1 e8 5c 09 b5 ff 48 c7 c7 88 58 64 86 e8 e0 0d 71 02 eb RSP: 0018:ffffc9000c6d7ce0 EFLAGS: 00010286 RAX: 0000000000000000 RBX: ffff8880422b8b00 RCX: ffffffff8110503c RDX: ffff888030652f00 RSI: ffffffff81105045 RDI: 0000000000000001 RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000000001 R11: ffffffff81bb62cb R12: ffffffff84807ffc R13: ffff88804ad6fcc0 R14: ffffffff84807ffc R15: ffffffff85741ff8 FS: 00007f30cfba8640(0000) GS:ffff88807dd00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007ff51afe8000 CR3: 000000005a60a005 CR4: 0000000000770ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: \u003cTASK\u003e rpc_proc_unregister+0x64/0x70 net/sunrpc/stats.c:310 nfs_net_exit+0x1c/0x30 fs/nfs/inode.c:2438 ops_exit_list+0x62/0xb0 net/core/net_namespace.c:170 setup_net+0x46c/0x660 net/core/net_namespace.c:372 copy_net_ns+0x244/0x590 net/core/net_namespace.c:505 create_new_namespaces+0x2ed/0x770 kernel/nsproxy.c:110 unshare_nsproxy_namespaces+0xae/0x160 kernel/nsproxy.c:228 ksys_unshare+0x342/0x760 kernel/fork.c:3322 __do_sys_unshare kernel/fork.c:3393 [inline] __se_sys_unshare kernel/fork.c:3391 [inline] __x64_sys_unshare+0x1f/0x30 kernel/fork.c:3391 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0x4f/0x110 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x46/0x4e RIP: 0033:0x7f30d0febe5d Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 0d 73 9f 1b 00 f7 d8 64 89 01 48 RSP: 002b:00007f30cfba7cc8 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 RAX: ffffffffffffffda RBX: 00000000004bbf80 RCX: 00007f30d0febe5d RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000006c020600 RBP: 00000000004bbf80 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 R13: 000000000000000b R14: 00007f30d104c530 R15: 0000000000000000 \u003c/TASK\u003e",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-36939"
},
{
"cve": "CVE-2024-36940",
"cwe": {
"id": "CWE-415",
"name": "Double Free"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: pinctrl: core: delete incorrect free in pinctrl_enable() The \"pctldev\" struct is allocated in devm_pinctrl_register_and_init(). It\u0027s a devm_ managed pointer that is freed by devm_pinctrl_dev_release(), so freeing it in pinctrl_enable() will lead to a double free. The devm_pinctrl_dev_release() function frees the pindescs and destroys the mutex as well.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-36940"
},
{
"cve": "CVE-2024-36959",
"cwe": {
"id": "CWE-668",
"name": "Exposure of Resource to Wrong Sphere"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: pinctrl: devicetree: fix refcount leak in pinctrl_dt_to_map() If we fail to allocate propname buffer, we need to drop the reference count we just took. Because the pinctrl_dt_free_maps() includes the droping operation, here we call it directly.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-36959"
},
{
"cve": "CVE-2024-36974",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP. If one TCA_TAPRIO_ATTR_PRIOMAP attribute has been provided, taprio_parse_mqprio_opt() must validate it, or userspace can inject arbitrary data to the kernel, the second time taprio_change() is called. First call (with valid attributes) sets dev-\u003enum_tc to a non zero value. Second call (with arbitrary mqprio attributes) returns early from taprio_parse_mqprio_opt() and bad things can happen.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-36974"
},
{
"cve": "CVE-2024-36978",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "net: sched: sch_multiq: possible OOB write in multiq_tune() q-\u003ebands will be assigned to qopt-\u003ebands to execute subsequent code logic after kmalloc. So the old q-\u003ebands should not be used in kmalloc. Otherwise, an out-of-bounds write will occur.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-36978"
},
{
"cve": "CVE-2024-37356",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: tcp: Fix shift-out-of-bounds in dctcp_update_alpha().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-37356"
},
{
"cve": "CVE-2024-38381",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "nfc: nci: Fix uninit-value in nci_rx_work syzbot reported the following uninit-value access issue [1] nci_rx_work() parses received packet from ndev-\u003erx_q. It should be validated header size, payload size and total packet size before processing the packet. If an invalid packet is detected, it should be silently discarded.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-38381"
},
{
"cve": "CVE-2024-38547",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "media: atomisp: ssh_css: null-pointer dereference in load_video_binaries.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-38547"
},
{
"cve": "CVE-2024-38552",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "drm/amd/display: Fix potential index out of bounds in color transformation function Fixes index out of bounds issue in the color transformation function. The issue could occur when the index \u0027i\u0027 exceeds the number of transfer function points (TRANSFER_FUNC_POINTS). The fix adds a check to ensure \u0027i\u0027 is within bounds before accessing the transfer function points. If \u0027i\u0027 is out of bounds, an error message is logged and the function returns false to indicate an error.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-38552"
},
{
"cve": "CVE-2024-38558",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "net: openvswitch: fix overwriting ct original tuple for ICMPv6 OVS_PACKET_CMD_EXECUTE has 3 main attributes: - OVS_PACKET_ATTR_KEY - Packet metadata in a netlink format. - OVS_PACKET_ATTR_PACKET - Binary packet content. - OVS_PACKET_ATTR_ACTIONS - Actions to execute on the packet. OVS_PACKET_ATTR_KEY is parsed first to populate sw_flow_key structure with the metadata like conntrack state, input port, recirculation id, etc.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-38558"
},
{
"cve": "CVE-2024-38559",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "scsi: qedf: Ensure the copied buf is NUL terminated Currently, we allocate a count-sized kernel buffer and copy count from userspace to that buffer. Later, we use kstrtouint on this buffer but we don\u0027t ensure that the string is terminated inside the buffer, this can lead to OOB read when using kstrtouint.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-38559"
},
{
"cve": "CVE-2024-38560",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "scsi: bfa: Ensure the copied buf is NUL terminated Currently, we allocate a nbytes-sized kernel buffer and copy nbytes from userspace to that buffer. Later, we use sscanf on this buffer but we don\u0027t ensure that the string is terminated inside the buffer, this can lead to OOB read when using sscanf.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-38560"
},
{
"cve": "CVE-2024-38565",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "wifi: ar5523: enable proper endpoint verification Syzkaller reports [1] hitting a warning about an endpoint in use not having an expected type to it. Fix the issue by checking for the existence of all proper endpoints with their according types intact. Sadly, this patch has not been tested on real hardware.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-38565"
},
{
"cve": "CVE-2024-38567",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "wifi: carl9170: add a proper sanity check for endpoints Syzkaller reports [1] hitting a warning which is caused by presence of a wrong endpoint type at the URB sumbitting stage. While there was a check for a specific 4th endpoint, since it can switch types between bulk and interrupt, other endpoints are trusted implicitly. Similar warning is triggered in a couple of other syzbot issues [2].",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-38567"
},
{
"cve": "CVE-2024-38578",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "ecryptfs: Fix buffer size for tag 66 packet The \u0027TAG 66 Packet Format\u0027 description is missing the cipher code and checksum fields that are packed into the message packet. As a result, the buffer allocated for the packet is 3 bytes too small and write_tag_66_packet() will write up to 3 bytes past the end of the buffer. Fix this by increasing the size of the allocation so the whole packet will always fit in the buffer.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-38578"
},
{
"cve": "CVE-2024-38579",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "crypto: bcm - Fix pointer arithmetic In spu2_dump_omd() value of ptr is increased by ciph_key_len instead of hash_iv_len which could lead to going beyond the buffer boundaries.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-38579"
},
{
"cve": "CVE-2024-38587",
"cwe": {
"id": "CWE-129",
"name": "Improper Validation of Array Index"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nspeakup: Fix sizeof() vs ARRAY_SIZE() bug\r\n\r\nThe \"buf\" pointer is an array of u16 values. This code should be\r\nusing ARRAY_SIZE() (which is 256) instead of sizeof() (which is 512),\r\notherwise it can the still got out of bounds.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-38587"
},
{
"cve": "CVE-2024-38589",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "netrom: fix possible dead-lock in nr_rt_ioctl() syzbot loves netrom, and found a possible deadlock in nr_rt_ioctl [1] Make sure we always acquire nr_node_list_lock before nr_node_lock(nr_node).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-38589"
},
{
"cve": "CVE-2024-38596",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-38596"
},
{
"cve": "CVE-2024-38598",
"cwe": {
"id": "CWE-667",
"name": "Improper Locking"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: md: fix resync softlockup when bitmap size is less than array size.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-38598"
},
{
"cve": "CVE-2024-38599",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "jffs2: prevent xattr node from overflowing the eraseblock Add a check to make sure that the requested xattr node size is no larger than the eraseblock minus the cleanmarker. Unlike the usual inode nodes, the xattr nodes aren\u0027t split into parts and spread across multiple eraseblocks, which means that a xattr node must not occupy more than one eraseblock. If the requested xattr value is too large, the xattr node can spill onto the next eraseblock, overwriting the nodes and causing errors.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-38599"
},
{
"cve": "CVE-2024-38612",
"cwe": {
"id": "CWE-459",
"name": "Incomplete Cleanup"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: fix invalid unregister error path The error path of seg6_init() is wrong in case CONFIG_IPV6_SEG6_LWTUNNEL is not defined. In that case if seg6_hmac_init() fails, the genl_unregister_family() isn\u0027t called. This issue exist since commit 46738b1317e1 (\"ipv6: sr: add option to control lwtunnel support\"), and commit 5559cea2d5aa (\"ipv6: sr: fix possible use-after-free and null-ptr-deref\") replaced unregister_pernet_subsys() with genl_unregister_family() in this error path.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-38612"
},
{
"cve": "CVE-2024-38615",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "cpufreq: exit() callback is optional The exit() callback is optional and shouldn\u0027t be called without checking a valid pointer first. Also, we must clear freq_table pointer even if the exit() callback isn\u0027t present.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-38615"
},
{
"cve": "CVE-2024-38619",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "usb-storage: alauda: Check whether the media is initialized. The member \"uzonesize\" of struct alauda_info will remain 0 if alauda_init_media() fails, potentially causing divide errors in alauda_read_data() and alauda_write_lba().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-38619"
},
{
"cve": "CVE-2024-38635",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "soundwire: cadence: invalid PDI offset.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-38635"
},
{
"cve": "CVE-2024-38659",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "enic: Validate length of nl attributes in enic_set_vf_port enic_set_vf_port assumes that the nl attribute IFLA_PORT_PROFILE is of length PORT_PROFILE_MAX and that the nl attributes IFLA_PORT_INSTANCE_UUID, IFLA_PORT_HOST_UUID are of length PORT_UUID_MAX. These attributes are validated (in the function do_setlink in rtnetlink.c) using the nla_policy ifla_port_policy. The policy defines IFLA_PORT_PROFILE as NLA_STRING, IFLA_PORT_INSTANCE_UUID as NLA_BINARY and IFLA_PORT_HOST_UUID as NLA_STRING. That means that the length validation using the policy is for the max size of the attributes and not on exact size so the length of these attributes might be less than the sizes that enic_set_vf_port expects. This might cause an out of bands read access in the memcpys of the data of these attributes in enic_set_vf_port.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-38659"
},
{
"cve": "CVE-2024-38662",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "bpf: Allow delete from sockmap/sockhash only if update is allowed. We have seen an influx of syzkaller reports where a BPF program attached to a tracepoint triggers a locking rule violation by performing a map_delete on a sockmap/sockhash. We don\u0027t intend to support this artificial use scenario. Extend the existing verifier allowed-program-type check for updating sockmap/sockhash to also cover deleting from a map. From now on only BPF programs which were previously allowed to update sockmap/sockhash can delete from these map types.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-38662"
},
{
"cve": "CVE-2024-38780",
"cwe": {
"id": "CWE-667",
"name": "Improper Locking"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: dma-buf/sw-sync: don\u0027t enable IRQ from sync_print_obj().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-38780"
},
{
"cve": "CVE-2024-39468",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "smb: client: Deadlock in smb2_find_smb_tcon().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-39468"
},
{
"cve": "CVE-2024-39482",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "bcache: Variable length array abuse in btree_iter.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-39482"
},
{
"cve": "CVE-2024-39489",
"cwe": {
"id": "CWE-401",
"name": "Missing Release of Memory after Effective Lifetime"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: fix memleak in seg6_hmac_init_algo seg6_hmac_init_algo returns without cleaning up the previous allocations if one fails, so it\u0027s going to leak all that memory and the crypto tfms. Update seg6_hmac_exit to only free the memory when allocated, so we can reuse the code directly.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-39489"
},
{
"cve": "CVE-2024-39493",
"cwe": {
"id": "CWE-401",
"name": "Missing Release of Memory after Effective Lifetime"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: qat - Fix ADF_DEV_RESET_SYNC memory leak\n\nUsing completion_done to determine whether the caller has gone\naway only works after a complete call. Furthermore it\u0027s still\npossible that the caller has not yet called wait_for_completion,\nresulting in another potential UAF.\n\nFix this by making the caller use cancel_work_sync and then freeing\nthe memory safely.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-39493"
},
{
"cve": "CVE-2024-39502",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "ionic: use after netif_napi_del(). When queues are started, netif_napi_add() and napi_enable() are called. If there are 4 queues and only 3 queues are used for the current configuration, only 3 queues\u0027 napi should be registered and enabled. The ionic_qcq_enable() checks whether the .poll pointer is not NULL for enabling only the using queue\u0027 napi. Unused queues\u0027 napi will not be registered by netif_napi_add(), so the .poll pointer indicates NULL. But it couldn\u0027t distinguish whether the napi was unregistered or not because netif_napi_del() doesn\u0027t reset the .poll pointer to NULL. So, ionic_qcq_enable() calls napi_enable() for the queue, which was unregistered by netif_napi_del().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-39502"
},
{
"cve": "CVE-2024-39503",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "netfilter: ipset: race between namespace cleanup and gc in the list:set type. The namespace cleanup can destroy the list:set type of sets while the gc of the set type is waiting to run in rcu cleanup. The latter uses data from the destroyed set which thus leads use after free.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-39503"
},
{
"cve": "CVE-2024-39509",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "HID: core: remove unnecessary WARN_ON() in implement(). There is a warning in a call to implement() when trying to write a value into a field of smaller size in an output report. Since implement() already has a warn message printed out with the help of hid_warn() and value in question gets trimmed with: ... value \u0026= m; ... WARN_ON may be considered superfluous.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-39509"
},
{
"cve": "CVE-2024-40905",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "ipv6: possible race in __fib6_drop_pcpu_from().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-40905"
},
{
"cve": "CVE-2024-40912",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "wifi: mac80211: deadlock in ieee80211_sta_ps_deliver_wakeup().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-40912"
},
{
"cve": "CVE-2024-40916",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "drm/exynos: hdmi: report safe 640x480 mode as a fallback when no EDID found When reading EDID fails and driver reports no modes available, the DRM core adds an artificial 1024x786 mode to the connector.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-40916"
},
{
"cve": "CVE-2024-40934",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"notes": [
{
"category": "summary",
"text": "HID: logitech-dj: Fix memory leak in logi_dj_recv_switch_to_dj_mode() Fix a memory leak on logi_dj_recv_send_report() error path.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-40934"
},
{
"cve": "CVE-2024-40941",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "wifi: iwlwifi: mvm: don\u0027t read past the mfuart notifcation. In case the firmware sends a notification that claims it has more data than it has, it will read past that was allocated for the notification.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-40941"
},
{
"cve": "CVE-2024-40942",
"cwe": {
"id": "CWE-402",
"name": "Transmission of Private Resources into a New Sphere (\u0027Resource Leak\u0027)"
},
"notes": [
{
"category": "summary",
"text": "wifi: mac80211: mesh: Fix leak of mesh_preq_queue objects The hwmp code use objects of type mesh_preq_queue, added to a list in ieee80211_if_mesh, to keep track of mpath we need to resolve. If the mpath gets deleted, ex mesh interface is removed, the entries in that list will never get cleaned.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-40942"
},
{
"cve": "CVE-2024-40945",
"cwe": {
"id": "CWE-393",
"name": "Return of Wrong Status Code"
},
"notes": [
{
"category": "summary",
"text": "iommu: Return right value in iommu_sva_bind_device() iommu_sva_bind_device() should return either a sva bond handle or an ERR_PTR value in error cases. Existing drivers (idxd and uacce) only check the return value with IS_ERR(). This could potentially lead to a kernel NULL pointer dereference issue if the function returns NULL instead of an error pointer. In reality, this doesn\u0027t cause any problems because iommu_sva_bind_device() only returns NULL when the kernel is not configured with CONFIG_IOMMU_SVA.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-40945"
},
{
"cve": "CVE-2024-40958",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "netns: Make get_net_ns() handle zero refcount net Syzkaller hit a warning: refcount_t: addition on 0; use-after-free.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.0,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-40958"
},
{
"cve": "CVE-2024-40959",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-40959"
},
{
"cve": "CVE-2024-40960",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "ipv6: prevent possible NULL dereference in rt6_probe() syzbot caught a NULL dereference in rt6_probe() [1] Bail out if __in6_dev_get() returns NULL.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-40960"
},
{
"cve": "CVE-2024-40961",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "ipv6: prevent possible NULL deref in fib6_nh_init() syzbot reminds us that in6_dev_get() can return NULL.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-40961"
},
{
"cve": "CVE-2024-40971",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "f2fs: remove clear SB_INLINECRYPT flag in default_options In f2fs_remount, SB_INLINECRYPT flag will be clear and re-set. If create new file or open file during this gap, these files will not use inlinecrypt. Worse case, it may lead to data corruption if wrappedkey_v0 is enable.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.0,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-40971"
},
{
"cve": "CVE-2024-40978",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "scsi: qedi: crash while reading debugfs attribute. The qedi_dbg_do_not_recover_cmd_read() function invokes sprintf() directly on a __user pointer, which results into the crash.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-40978"
},
{
"cve": "CVE-2024-40980",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "drop_monitor: replace spin_lock by raw_spin_lock trace_drop_common() is called with preemption disabled, and it acquires a spin_lock. This is problematic for RT kernels because spin_locks are sleeping locks in this configuration, which causes the following splat.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-40980"
},
{
"cve": "CVE-2024-40984",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "ACPICA: Revert \"ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine.\"",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-40984"
},
{
"cve": "CVE-2024-40993",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "netfilter: ipset: suspicious rcu_dereference_protected().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-40993"
},
{
"cve": "CVE-2024-40995",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "net/sched: act_api: possible infinite loop in tcf_idr_check_alloc().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-40995"
},
{
"cve": "CVE-2024-41000",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "block/ioctl: prefer different overflow check Running syzkaller with the newly reintroduced signed integer overflow sanitizer.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-41000"
},
{
"cve": "CVE-2024-41004",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "tracing: Build event generation tests only as modules The kprobes and synth event generation test modules add events and lock (get a reference) those event file reference in module init function, and unlock and delete it in module exit function. This is because those are designed for playing as modules. If we make those modules as built-in, those events are left locked in the kernel, and never be removed.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-41004"
},
{
"cve": "CVE-2024-41005",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "summary",
"text": "netpoll: race condition in netpoll_owner_active KCSAN detected a race condition in netpoll.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-41005"
},
{
"cve": "CVE-2024-41006",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"notes": [
{
"category": "summary",
"text": "netrom: a memory leak in nr_heartbeat_expiry().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-41006"
},
{
"cve": "CVE-2024-41016",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "summary",
"text": "ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry()\r\n\r\nxattr in ocfs2 maybe \u0027non-indexed\u0027, which saved with additional space requested. It\u0027s better to check if the memory is out of bound before memcmp, although this possibility mainly comes from crafted poisonous images.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-41016"
},
{
"cve": "CVE-2024-41996",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"notes": [
{
"category": "summary",
"text": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-41996"
},
{
"cve": "CVE-2024-42070",
"cwe": {
"id": "CWE-401",
"name": "Missing Release of Memory after Effective Lifetime"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers register store validation for NFT_DATA_VALUE is conditional, however, the datatype is always either NFT_DATA_VALUE or NFT_DATA_VERDICT. This only requires a new helper function to infer the register type from the set datatype so this conditional check can be removed. Otherwise, pointer to chain object can be leaked through the registers.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-42070"
},
{
"cve": "CVE-2024-42082",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "summary",
"text": "xdp: unused WARN() in __xdp_reg_mem_model().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-42082"
},
{
"cve": "CVE-2024-42090",
"cwe": {
"id": "CWE-833",
"name": "Deadlock"
},
"notes": [
{
"category": "summary",
"text": "pinctrl: deadlock in create_pinctrl() when handling -EPROBE_DEFER. In create_pinctrl(), pinctrl_maps_mutex is acquired before calling add_setting(). If add_setting() returns -EPROBE_DEFER, create_pinctrl() calls pinctrl_free(). However, pinctrl_free() attempts to acquire pinctrl_maps_mutex, which is already held by create_pinctrl(), leading to a potential deadlock.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-42090"
},
{
"cve": "CVE-2024-42093",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "net/dpaa2: explicit cpumask var allocation on stack For CONFIG_CPUMASK_OFFSTACK=y kernel, explicit allocation of cpumask variable on stack can cause potential stack overflow.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-42093"
},
{
"cve": "CVE-2024-42094",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "net/iucv: explicit cpumask var allocation on stack For CONFIG_CPUMASK_OFFSTACK=y kernel, explicit allocation of cpumask variable on stack can cause potential stack overflow.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-42094"
},
{
"cve": "CVE-2024-42096",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: x86: stop playing stack games in profile_pc().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-42096"
},
{
"cve": "CVE-2024-42097",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "A missed validation vulnerability in the Linux Kernel\u0027s MIDI sequencer and router support functionality could allow a local user to crash the system.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-42097"
},
{
"cve": "CVE-2024-42114",
"cwe": {
"id": "CWE-667",
"name": "Improper Locking"
},
"notes": [
{
"category": "summary",
"text": "wifi: cfg80211: restrict NL80211_ATTR_TXQ_QUANTUM values",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-42114"
},
{
"cve": "CVE-2024-42259",
"cwe": {
"id": "CWE-131",
"name": "Incorrect Calculation of Buffer Size"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\ndrm/i915/gem: Fix Virtual Memory mapping boundaries calculation\r\n\r\nCalculating the size of the mapped area as the lesser value\r\nbetween the requested size and the actual size does not consider\r\nthe partial mapping offset. This can cause page fault access.\r\n\r\nFix the calculation of the starting and ending addresses, the\r\ntotal size is now deduced from the difference between the end and\r\nstart addresses.\r\n\r\nAdditionally, the calculations have been rewritten in a clearer\r\nand more understandable form.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-42259"
},
{
"cve": "CVE-2024-42265",
"cwe": {
"id": "CWE-99",
"name": "Improper Control of Resource Identifiers (\u0027Resource Injection\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nprotect the fetch of -\u003efd[fd] in do_dup2() from mispredictions\r\n\r\nboth callers have verified that fd is not greater than -\u003emax_fds;\r\nhowever, misprediction might end up with\r\n tofree = fdt-\u003efd[fd];\r\nbeing speculatively executed. That\u0027s wrong for the same reasons\r\nwhy it\u0027s wrong in close_fd()/file_close_fd_locked(); the same\r\nsolution applies - array_index_nospec(fd, fdt-\u003emax_fds) could differ\r\nfrom fd only in case of speculative execution on mispredicted path.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-42265"
},
{
"cve": "CVE-2024-42272",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "sched: act_ct: take care of padding in struct zones_ht_key.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-42272"
},
{
"cve": "CVE-2024-42276",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnvme-pci: add missing condition check for existence of mapped data\r\n\r\nnvme_map_data() is called when request has physical segments, hence\r\nthe nvme_unmap_data() should have same condition to avoid dereference.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-42276"
},
{
"cve": "CVE-2024-42281",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nbpf: Fix a segment issue when downgrading gso_size\r\n\r\nLinearize the skb when downgrading gso_size because it may trigger a\r\nBUG_ON() later when the skb is segmented as described in [1,2].",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-42281"
},
{
"cve": "CVE-2024-42283",
"cwe": {
"id": "CWE-908",
"name": "Use of Uninitialized Resource"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: nexthop: Initialize all fields in dumped nexthops\n\nstruct nexthop_grp contains two reserved fields that are not initialized by\nnla_put_nh_group(), and carry garbage. This can be observed e.g. with\nstrace (edited for clarity):\n\n # ip nexthop add id 1 dev lo\n # ip nexthop add id 101 group 1\n # strace -e recvmsg ip nexthop get id 101\n ...\n recvmsg(... [{nla_len=12, nla_type=NHA_GROUP},\n [{id=1, weight=0, resvd1=0x69, resvd2=0x67}]] ...) = 52\n\nThe fields are reserved and therefore not currently used. But as they are, they\nleak kernel memory, and the fact they are not just zero complicates repurposing\nof the fields for new ends. Initialize the full structure.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-42283"
},
{
"cve": "CVE-2024-42292",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nkobject_uevent: Fix OOB access within zap_modalias_env()\r\n\r\nzap_modalias_env() wrongly calculates size of memory block to move, so\r\nwill cause OOB memory access issue if variable MODALIAS is not the last\r\none within its @env parameter, fixed by correcting size to memmove.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-42292"
},
{
"cve": "CVE-2024-42302",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI/DPC: Fix use-after-free on concurrent DPC and hot-removal\n\nKeith reports a use-after-free when a DPC event occurs concurrently to\nhot-removal of the same portion of the hierarchy:\n\nThe dpc_handler() awaits readiness of the secondary bus below the\nDownstream Port where the DPC event occurred. To do so, it polls the\nconfig space of the first child device on the secondary bus. If that\nchild device is concurrently removed, accesses to its struct pci_dev\ncause the kernel to oops.\n\nThat\u0027s because pci_bridge_wait_for_secondary_bus() neglects to hold a\nreference on the child device. Before v6.3, the function was only\ncalled on resume from system sleep or on runtime resume. Holding a\nreference wasn\u0027t necessary back then because the pciehp IRQ thread\ncould never run concurrently. (On resume from system sleep, IRQs are\nnot enabled until after the resume_noirq phase. And runtime resume is\nalways awaited before a PCI device is removed.)\n\nHowever starting with v6.3, pci_bridge_wait_for_secondary_bus() is also\ncalled on a DPC event. Commit 53b54ad074de (\"PCI/DPC: Await readiness\nof secondary bus after reset\"), which introduced that, failed to\nappreciate that pci_bridge_wait_for_secondary_bus() now needs to hold a\nreference on the child device because dpc_handler() and pciehp may\nindeed run concurrently. The commit was backported to v5.10+ stable\nkernels, so that\u0027s the oldest one affected.\n\nAdd the missing reference acquisition.\n\nAbridged stack trace:\n\n BUG: unable to handle page fault for address: 00000000091400c0\n CPU: 15 PID: 2464 Comm: irq/53-pcie-dpc 6.9.0\n RIP: pci_bus_read_config_dword+0x17/0x50\n pci_dev_wait()\n pci_bridge_wait_for_secondary_bus()\n dpc_reset_link()\n pcie_do_recovery()\n dpc_handler()",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-42302"
},
{
"cve": "CVE-2024-42304",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\next4: make sure the first directory block is not a hole",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-42304"
},
{
"cve": "CVE-2024-42305",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\next4: check dot and dotdot of dx_root before making dir indexed",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-42305"
},
{
"cve": "CVE-2024-42306",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nudf: Avoid using corrupted block bitmap buffer",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-42306"
},
{
"cve": "CVE-2024-42312",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nsysctl: always initialize i_uid/i_gid\r\n\r\nAlways initialize i_uid/i_gid inside the sysfs core so set_ownership()\r\ncan safely skip setting them.\r\n\r\nCommit 5ec27ec735ba (\"fs/proc/proc_sysctl.c: fix the default values of\r\ni_uid/i_gid on /proc/sys inodes.\") added defaults for i_uid/i_gid when\r\nset_ownership() was not implemented. It also missed adjusting\r\nnet_ctl_set_ownership() to use the same default values in case the\r\ncomputation of a better value failed.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-42312"
},
{
"cve": "CVE-2024-43828",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix infinite loop when replaying fast_commit\n\nWhen doing fast_commit replay an infinite loop may occur due to an\nuninitialized extent_status struct. ext4_ext_determine_insert_hole() does\nnot detect the replay and calls ext4_es_find_extent_range(), which will\nreturn immediately without initializing the \u0027es\u0027 variable.\n\nBecause \u0027es\u0027 contains garbage, an integer overflow may happen causing an\ninfinite loop in this function, easily reproducible using fstest generic/039.\n\nThis commit fixes this issue by unconditionally initializing the structure\nin function ext4_es_find_extent_range().\n\nThanks to Zhang Yi, for figuring out the real problem!",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-43828"
},
{
"cve": "CVE-2024-43830",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nleds: trigger: Unregister sysfs attributes before calling deactivate()\r\n\r\nTriggers which have trigger specific sysfs attributes typically store\r\nrelated data in trigger-data allocated by the activate() callback and\r\nfreed by the deactivate() callback.\r\n\r\nCalling device_remove_groups() after calling deactivate() leaves a window\r\nwhere the sysfs attributes show/store functions could be called after\r\ndeactivation and then operate on the just freed trigger-data.\r\n\r\nMove the device_remove_groups() call to before deactivate() to close\r\nthis race window.\r\n\r\nThis also makes the deactivation path properly do things in reverse order\r\nof the activation path which calls the activate() callback before calling\r\ndevice_add_groups().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-43830"
},
{
"cve": "CVE-2024-43834",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nxdp: fix invalid wait context of page_pool_destroy()\r\n\r\nIf the driver uses a page pool, it creates a page pool with\r\npage_pool_create().\r\nThe reference count of page pool is 1 as default.\r\nA page pool will be destroyed only when a reference count reaches 0.\r\npage_pool_destroy() is used to destroy page pool, it decreases a\r\nreference count.\r\nWhen a page pool is destroyed, -\u003edisconnect() is called, which is\r\nmem_allocator_disconnect().\r\nThis function internally acquires mutex_lock().\r\n\r\nIf the driver uses XDP, it registers a memory model with\r\nxdp_rxq_info_reg_mem_model().\r\nThe xdp_rxq_info_reg_mem_model() internally increases a page pool\r\nreference count if a memory model is a page pool.\r\nNow the reference count is 2.\r\n\r\nTo destroy a page pool, the driver should call both page_pool_destroy()\r\nand xdp_unreg_mem_model().\r\nThe xdp_unreg_mem_model() internally calls page_pool_destroy().\r\nOnly page_pool_destroy() decreases a reference count.\r\n\r\nIf a driver calls page_pool_destroy() then xdp_unreg_mem_model(), we\r\nwill face an invalid wait context warning.\r\nBecause xdp_unreg_mem_model() calls page_pool_destroy() with\r\nrcu_read_lock().\r\nThe page_pool_destroy() internally acquires mutex_lock().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-43834"
},
{
"cve": "CVE-2024-43856",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndma: fix call order in dmam_free_coherent\n\ndmam_free_coherent() frees a DMA allocation, which makes the\nfreed vaddr available for reuse, then calls devres_destroy()\nto remove and free the data structure used to track the DMA\nallocation. Between the two calls, it is possible for a\nconcurrent task to make an allocation with the same vaddr\nand add it to the devres list.\n\nIf this happens, there will be two entries in the devres list\nwith the same vaddr and devres_destroy() can free the wrong\nentry, triggering the WARN_ON() in dmam_match.\n\nFix by destroying the devres entry before freeing the DMA\nallocation.\n\n kokonut //net/encryption\n http://sponge2/b9145fe6-0f72-4325-ac2f-a84d81075b03",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-43856"
},
{
"cve": "CVE-2024-43858",
"cwe": {
"id": "CWE-129",
"name": "Improper Validation of Array Index"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: Fix array-index-out-of-bounds in diFree",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-43858"
},
{
"cve": "CVE-2024-43871",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: devres: Fix memory leakage caused by driver API devm_free_percpu() It will cause memory leakage when use driver API devm_free_percpu() to free memory allocated by devm_alloc_percpu(), fixed by using devres_release() instead of devres_destroy() within devm_free_percpu().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-43871"
},
{
"cve": "CVE-2024-43879",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "wifi: cfg80211: Currently NL80211_RATE_INFO_HE_RU_ALLOC_2x996 is not handled in cfg80211_calculate_bitrate_he(), leading to warning.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-43879"
},
{
"cve": "CVE-2024-43882",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "exec: the execution may gain unintended privileges.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-43882"
},
{
"cve": "CVE-2024-43889",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "padata: vulnerability due to a possible divide-by-zero error in padata_mt_helper() during bootup, caused by an uninitialized chunk_size being zero.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-43889"
},
{
"cve": "CVE-2024-43890",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "tracing: vulnerability due to an overflow in get_free_elt(), which could lead to infinite loops and CPU hangs when the tracing map becomes full.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-43890"
},
{
"cve": "CVE-2024-43893",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "serial: core: vulnerability due to a missing check for uartclk being zero, leading to a potential divide-by-zero error when calling ioctl TIOCSSERIAL with an invalid baud_base.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-43893"
},
{
"cve": "CVE-2024-44935",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "sctp: Fix null-ptr-deref in reuseport_add_sock(). A Null Pointer Dereference in reuseport_add_sock() while accessing sk2-\u003esk_reuseport_cb . The repro first creates a listener with SO_REUSEPORT. Then, it creates another listener on the same port and concurrently closes the first listener. The second listen() calls reuseport_add_sock() with the first listener as sk2, where sk2-\u003esk_reuseport_cb is not expected to be cleared concurrently, but the close() does clear it by reuseport_detach_sock().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-44935"
},
{
"cve": "CVE-2024-44944",
"cwe": {
"id": "CWE-401",
"name": "Missing Release of Memory after Effective Lifetime"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: netfilter: ctnetlink: use helper function to calculate expect ID Delete expectation path is missing a call to the nf_expect_get_id() helper function to calculate the expectation ID, otherwise LSB of the expectation object address is leaked to userspace.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-44944"
},
{
"cve": "CVE-2024-44948",
"cwe": {
"id": "CWE-754",
"name": "Improper Check for Unusual or Exceptional Conditions"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nx86/mtrr: Check if fixed MTRRs exist before saving them\r\n\r\nMTRRs have an obsolete fixed variant for fine grained caching control\r\nof the 640K-1MB region that uses separate MSRs. This fixed variant has\r\na separate capability bit in the MTRR capability MSR.\r\n\r\nSo far all x86 CPUs which support MTRR have this separate bit set, so it\r\nwent unnoticed that mtrr_save_state() does not check the capability bit\r\nbefore accessing the fixed MTRR MSRs.\r\n\r\nThough on a CPU that does not support the fixed MTRR capability this\r\nresults in a #GP. The #GP itself is harmless because the RDMSR fault is\r\nhandled gracefully, but results in a WARN_ON().\r\n\r\nAdd the missing capability check to prevent this.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-44948"
},
{
"cve": "CVE-2024-44960",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "usb: gadget: core: Check for unset descriptor. It needs to be reassured that the descriptor has been set before looking at maxpacket. This fixes a null pointer panic in this case. This may happen if the gadget doesn\u0027t properly set up the endpoint for the current speed, or the gadget descriptors are malformed and the descriptor for the speed/endpoint are not found. No current gadget driver is known to have this problem, but this may cause a hard-to-find bug during development of new gadgets.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-44960"
},
{
"cve": "CVE-2024-44987",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: ipv6: prevent UAF in ip6_send_skb().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-44987"
},
{
"cve": "CVE-2024-44989",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: bonding: fix xfrm real_dev null pointer dereference.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-44989"
},
{
"cve": "CVE-2024-44990",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: bonding: fix null pointer deref in bond_ipsec_offload_ok We must check if there is an active slave before dereferencing the pointer.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-44990"
},
{
"cve": "CVE-2024-45016",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: netem: fix return value if duplicate enqueue fails.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-45016"
},
{
"cve": "CVE-2024-45018",
"cwe": {
"id": "CWE-456",
"name": "Missing Initialization of a Variable"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: initialise extack before use Fix missing initialisation of extack in flow offload.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-45018"
},
{
"cve": "CVE-2024-46679",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: ethtool: check device is present when getting link settings.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-46679"
},
{
"cve": "CVE-2024-46743",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: of/irq: Prevent device address out-of-bounds read in interrupt map walk.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-46743"
},
{
"cve": "CVE-2024-46744",
"cwe": {
"id": "CWE-908",
"name": "Use of Uninitialized Resource"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: Squashfs: sanity check symbolic link size.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-46744"
},
{
"cve": "CVE-2024-46745",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: Input: uinput - reject requests with unreasonable number of slots When exercising uinput interface syzkaller may try setting up device with a really large number of slots, which causes memory allocation failure in input_mt_init_slots(). While this allocation failure is handled properly and request is rejected, it results in syzkaller reports. Additionally, such request may put undue burden on the system which will try to free a lot of memory for a bogus request. Fix it by limiting allowed number of slots to 100. This can easily be extended if we see devices that can track more than 100 contacts.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-46745"
},
{
"cve": "CVE-2024-46750",
"cwe": {
"id": "CWE-413",
"name": "Improper Resource Locking"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: PCI: Add missing bridge lock to pci_bus_lock().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-46750"
},
{
"cve": "CVE-2024-46759",
"cwe": {
"id": "CWE-124",
"name": "Buffer Underwrite (\u0027Buffer Underflow\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: hwmon: (adc128d818) Fix underflows seen when writing limit attributes DIV_ROUND_CLOSEST() after kstrtol() results in an underflow if a large negative number such as -9223372036854775808 is provided by the user. Fix it by reordering clamp_val() and DIV_ROUND_CLOSEST() operations.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-46759"
},
{
"cve": "CVE-2024-46783",
"cwe": {
"id": "CWE-229",
"name": "Improper Handling of Values"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: tcp_bpf: fix return value of tcp_bpf_sendmsg().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-46783"
},
{
"cve": "CVE-2024-46854",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnet: dpaa: Pad packets to ETH_ZLEN\r\n\r\nWhen sending packets under 60 bytes, up to three bytes of the buffer following the data may be leaked. Avoid this by extending all packets to ETH_ZLEN, ensuring nothing is leaked in the padding. This bug can be reproduced by running\r\n\r\n\t$ ping -s 11 destination",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-46854"
},
{
"cve": "CVE-2024-46865",
"cwe": {
"id": "CWE-908",
"name": "Use of Uninitialized Resource"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nfou: fix initialization of grc\r\nThe grc must be initialize first. There can be a condition where if fou is NULL, goto out will be executed and grc would be used uninitialized.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-46865"
},
{
"cve": "CVE-2024-47660",
"cwe": {
"id": "CWE-413",
"name": "Improper Resource Locking"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: fsnotify: clear PARENT_WATCHED flags lazily In some setups directories can have many (usually negative) dentries. Hence __fsnotify_update_child_dentry_flags() function can take a significant amount of time. Since the bulk of this function happens under inode-\u003ei_lock this causes a significant contention on the lock when we remove the watch from the directory as the __fsnotify_update_child_dentry_flags() call from fsnotify_recalc_mask() races with __fsnotify_update_child_dentry_flags() calls from __fsnotify_parent() happening on children. This can lead upto softlockup reports reported by users. Fix the problem by calling fsnotify_update_children_dentry_flags() to set PARENT_WATCHED flags only when parent starts watching children. When parent stops watching children, clear false positive PARENT_WATCHED flags lazily in __fsnotify_parent() for each accessed child.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-47660"
},
{
"cve": "CVE-2024-47672",
"cwe": {
"id": "CWE-754",
"name": "Improper Check for Unusual or Exceptional Conditions"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nwifi: iwlwifi: mvm: don\u0027t wait for tx queues if firmware is dead\r\n\r\nThere is a WARNING in iwl_trans_wait_tx_queues_empty() (that was recently converted from just a message), that can be hit if we wait for TX queues to become empty after firmware died. Clearly, we can\u0027t expect anything from the firmware after it\u0027s declared dead.\r\n\r\nDon\u0027t call iwl_trans_wait_tx_queues_empty() in this case. While it could be a good idea to stop the flow earlier, the flush functions do some maintenance work that is not related to the firmware, so keep that part of the code running even when the firmware is not running.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-47672"
},
{
"cve": "CVE-2024-47684",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\ntcp: check skb is non-NULL in tcp_rto_delta_us()\r\n\r\nWe have some machines running stock Ubuntu 20.04.6 which is their 5.4.0-174-generic\r\nkernel that are running ceph and recently hit a null ptr dereference in\r\ntcp_rearm_rto(). Initially hitting it from the TLP path, but then later we also\r\nsaw it getting hit from the RACK case as well. Here are examples of the oops\r\nmessages we saw in each of those cases:\r\n\r\nJul 26 15:05:02 rx [11061395.780353] BUG: kernel NULL pointer dereference, address: 0000000000000020\r\nJul 26 15:05:02 rx [11061395.787572] #PF: supervisor read access in kernel mode\r\nJul 26 15:05:02 rx [11061395.792971] #PF: error_code(0x0000) - not-present page\r\nJul 26 15:05:02 rx [11061395.798362] PGD 0 P4D 0\r\nJul 26 15:05:02 rx [11061395.801164] Oops: 0000 [#1] SMP NOPTI\r\nJul 26 15:05:02 rx [11061395.805091] CPU: 0 PID: 9180 Comm: msgr-worker-1 Tainted: G W 5.4.0-174-generic #193-Ubuntu\r\nJul 26 15:05:02 rx [11061395.814996] Hardware name: Supermicro SMC 2x26 os-gen8 64C NVME-Y 256G/H12SSW-NTR, BIOS 2.5.V1.2U.NVMe.UEFI 05/09/2023\r\nJul 26 15:05:02 rx [11061395.825952] RIP: 0010:tcp_rearm_rto+0xe4/0x160\r\nJul 26 15:05:02 rx [11061395.830656] Code: 87 ca 04 00 00 00 5b 41 5c 41 5d 5d c3 c3 49 8b bc 24 40 06 00 00 eb 8d 48 bb cf f7 53 e3 a5 9b c4 20 4c 89 ef e8 0c fe 0e 00 \u003c48\u003e 8b 78 20 48 c1 ef 03 48 89 f8 41 8b bc 24 80 04 00 00 48 f7 e3\r\nJul 26 15:05:02 rx [11061395.849665] RSP: 0018:ffffb75d40003e08 EFLAGS: 00010246\r\nJul 26 15:05:02 rx [11061395.855149] RAX: 0000000000000000 RBX: 20c49ba5e353f7cf RCX: 0000000000000000\r\nJul 26 15:05:02 rx [11061395.862542] RDX: 0000000062177c30 RSI: 000000000000231c RDI: ffff9874ad283a60\r\nJul 26 15:05:02 rx [11061395.869933] RBP: ffffb75d40003e20 R08: 0000000000000000 R09: ffff987605e20aa8\r\nJul 26 15:05:02 rx [11061395.877318] R10: ffffb75d40003f00 R11: ffffb75d4460f740 R12: ffff9874ad283900\r\nJul 26 15:05:02 rx [11061395.884710] R13: ffff9874ad283a60 R14: ffff9874ad283980 R15: ffff9874ad283d30\r\nJul 26 15:05:02 rx [11061395.892095] FS: 00007f1ef4a2e700(0000) GS:ffff987605e00000(0000) knlGS:0000000000000000\r\nJul 26 15:05:02 rx [11061395.900438] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\r\nJul 26 15:05:02 rx [11061395.906435] CR2: 0000000000000020 CR3: 0000003e450ba003 CR4: 0000000000760ef0\r\nJul 26 15:05:02 rx [11061395.913822] PKRU: 55555554\r\nJul 26 15:05:02 rx [11061395.916786] Call Trace:\r\nJul 26 15:05:02 rx [11061395.919488]\r\nJul 26 15:05:02 rx [11061395.921765] ? show_regs.cold+0x1a/0x1f\r\nJul 26 15:05:02 rx [11061395.925859] ? __die+0x90/0xd9\r\nJul 26 15:05:02 rx [11061395.929169] ? no_context+0x196/0x380\r\nJul 26 15:05:02 rx [11061395.933088] ? ip6_protocol_deliver_rcu+0x4e0/0x4e0\r\nJul 26 15:05:02 rx [11061395.938216] ? ip6_sublist_rcv_finish+0x3d/0x50\r\nJul 26 15:05:02 rx [11061395.943000] ? __bad_area_nosemaphore+0x50/0x1a0\r\nJul 26 15:05:02 rx [11061395.947873] ? bad_area_nosemaphore+0x16/0x20\r\nJul 26 15:05:02 rx [11061395.952486] ? do_user_addr_fault+0x267/0x450\r\nJul 26 15:05:02 rx [11061395.957104] ? ipv6_list_rcv+0x112/0x140\r\nJul 26 15:05:02 rx [11061395.961279] ? __do_page_fault+0x58/0x90\r\nJul 26 15:05:02 rx [11061395.965458] ? do_page_fault+0x2c/0xe0\r\nJul 26 15:05:02 rx [11061395.969465] ? page_fault+0x34/0x40\r\nJul 26 15:05:02 rx [11061395.973217] ? tcp_rearm_rto+0xe4/0x160\r\nJul 26 15:05:02 rx [11061395.977313] ? tcp_rearm_rto+0xe4/0x160\r\nJul 26 15:05:02 rx [11061395.981408] tcp_send_loss_probe+0x10b/0x220\r\nJul 26 15:05:02 rx [11061395.985937] tcp_write_timer_handler+0x1b4/0x240\r\nJul 26 15:05:02 rx [11061395.990809] tcp_write_timer+0x9e/0xe0\r\nJul 26 15:05:02 rx [11061395.994814] ? tcp_write_timer_handler+0x240/0x240\r\nJul 26 15:05:02 rx [11061395.999866] call_timer_fn+0x32/0x130\r\nJul 26 15:05:02 rx [11061396.003782] __run_timers.part.0+0x180/0x280\r\nJul 26 15:05:02 rx [11061396.008309] ? recalibrate_cpu_khz+0x10/0x10\r\nJul 26 15:05:02 rx [11061396.012841] ? native_x2apic_icr_write+0x30/0x30\r\nJul 26 15:05:02 rx [11061396.017718] ? lapic_next_even\r\n---truncated---",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-47684"
},
{
"cve": "CVE-2024-47685",
"cwe": {
"id": "CWE-908",
"name": "Use of Uninitialized Resource"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnetfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put()\r\n\r\nsyzbot reported that nf_reject_ip6_tcphdr_put() was possibly sending garbage on the four reserved tcp bits (th-\u003eres1)\r\n\r\nUse skb_put_zero() to clear the whole TCP header, as done in nf_reject_ip_tcphdr_put()\r\n\r\nBUG: KMSAN: uninit-value in nf_reject_ip6_tcphdr_put+0x688/0x6c0 net/ipv6/netfilter/nf_reject_ipv6.c:255\r\n nf_reject_ip6_tcphdr_put+0x688/0x6c0 net/ipv6/netfilter/nf_reject_ipv6.c:255\r\n nf_send_reset6+0xd84/0x15b0 net/ipv6/netfilter/nf_reject_ipv6.c:344\r\n nft_reject_inet_eval+0x3c1/0x880 net/netfilter/nft_reject_inet.c:48\r\n expr_call_ops_eval net/netfilter/nf_tables_core.c:240 [inline]\r\n nft_do_chain+0x438/0x22a0 net/netfilter/nf_tables_core.c:288\r\n nft_do_chain_inet+0x41a/0x4f0 net/netfilter/nft_chain_filter.c:161\r\n nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]\r\n nf_hook_slow+0xf4/0x400 net/netfilter/core.c:626\r\n nf_hook include/linux/netfilter.h:269 [inline]\r\n NF_HOOK include/linux/netfilter.h:312 [inline]\r\n ipv6_rcv+0x29b/0x390 net/ipv6/ip6_input.c:310\r\n __netif_receive_skb_one_core net/core/dev.c:5661 [inline]\r\n __netif_receive_skb+0x1da/0xa00 net/core/dev.c:5775\r\n process_backlog+0x4ad/0xa50 net/core/dev.c:6108\r\n __napi_poll+0xe7/0x980 net/core/dev.c:6772\r\n napi_poll net/core/dev.c:6841 [inline]\r\n net_rx_action+0xa5a/0x19b0 net/core/dev.c:6963\r\n handle_softirqs+0x1ce/0x800 kernel/softirq.c:554\r\n __do_softirq+0x14/0x1a kernel/softirq.c:588\r\n do_softirq+0x9a/0x100 kernel/softirq.c:455\r\n __local_bh_enable_ip+0x9f/0xb0 kernel/softirq.c:382\r\n local_bh_enable include/linux/bottom_half.h:33 [inline]\r\n rcu_read_unlock_bh include/linux/rcupdate.h:908 [inline]\r\n __dev_queue_xmit+0x2692/0x5610 net/core/dev.c:4450\r\n dev_queue_xmit include/linux/netdevice.h:3105 [inline]\r\n neigh_resolve_output+0x9ca/0xae0 net/core/neighbour.c:1565\r\n neigh_output include/net/neighbour.h:542 [inline]\r\n ip6_finish_output2+0x2347/0x2ba0 net/ipv6/ip6_output.c:141\r\n __ip6_finish_output net/ipv6/ip6_output.c:215 [inline]\r\n ip6_finish_output+0xbb8/0x14b0 net/ipv6/ip6_output.c:226\r\n NF_HOOK_COND include/linux/netfilter.h:303 [inline]\r\n ip6_output+0x356/0x620 net/ipv6/ip6_output.c:247\r\n dst_output include/net/dst.h:450 [inline]\r\n NF_HOOK include/linux/netfilter.h:314 [inline]\r\n ip6_xmit+0x1ba6/0x25d0 net/ipv6/ip6_output.c:366\r\n inet6_csk_xmit+0x442/0x530 net/ipv6/inet6_connection_sock.c:135\r\n __tcp_transmit_skb+0x3b07/0x4880 net/ipv4/tcp_output.c:1466\r\n tcp_transmit_skb net/ipv4/tcp_output.c:1484 [inline]\r\n tcp_connect+0x35b6/0x7130 net/ipv4/tcp_output.c:4143\r\n tcp_v6_connect+0x1bcc/0x1e40 net/ipv6/tcp_ipv6.c:333\r\n __inet_stream_connect+0x2ef/0x1730 net/ipv4/af_inet.c:679\r\n inet_stream_connect+0x6a/0xd0 net/ipv4/af_inet.c:750\r\n __sys_connect_file net/socket.c:2061 [inline]\r\n __sys_connect+0x606/0x690 net/socket.c:2078\r\n __do_sys_connect net/socket.c:2088 [inline]\r\n __se_sys_connect net/socket.c:2085 [inline]\r\n __x64_sys_connect+0x91/0xe0 net/socket.c:2085\r\n x64_sys_call+0x27a5/0x3ba0 arch/x86/include/generated/asm/syscalls_64.h:43\r\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\r\n do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83\r\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\r\n\r\nUninit was stored to memory at:\r\n nf_reject_ip6_tcphdr_put+0x60c/0x6c0 net/ipv6/netfilter/nf_reject_ipv6.c:249\r\n nf_send_reset6+0xd84/0x15b0 net/ipv6/netfilter/nf_reject_ipv6.c:344\r\n nft_reject_inet_eval+0x3c1/0x880 net/netfilter/nft_reject_inet.c:48\r\n expr_call_ops_eval net/netfilter/nf_tables_core.c:240 [inline]\r\n nft_do_chain+0x438/0x22a0 net/netfilter/nf_tables_core.c:288\r\n nft_do_chain_inet+0x41a/0x4f0 net/netfilter/nft_chain_filter.c:161\r\n nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]\r\n nf_hook_slow+0xf4/0x400 net/netfilter/core.c:626\r\n nf_hook include/linux/netfilter.h:269 [inline]\r\n NF_HOOK include/linux/netfilter.h:312 [inline]\r\n ipv6_rcv+0x29b/0x390 net/ipv6/ip6_input.c:310\r\n __netif_receive_skb_one_core\r\n---truncated---",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-47685"
},
{
"cve": "CVE-2024-47692",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnfsd: return -EINVAL when namelen is 0\r\nWhen we have a corrupted main.sqlite in /var/lib/nfs/nfsdcld/, it may result in namelen being 0, which will cause memdup_user() to return ZERO_SIZE_PTR.\r\nWhen we access the name.data that has been assigned the value of ZERO_SIZE_PTR in nfs4_client_to_reclaim(), null pointer dereference is triggered.\r\n\r\n[ T1205] ==================================================================\r\n[ T1205] BUG: KASAN: null-ptr-deref in nfs4_client_to_reclaim+0xe9/0x260\r\n[ T1205] Read of size 1 at addr 0000000000000010 by task nfsdcld/1205\r\n[ T1205]\r\n[ T1205] CPU: 11 PID: 1205 Comm: nfsdcld Not tainted 5.10.0-00003-g2c1423731b8d #406\r\n[ T1205] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS ?-20190727_073836-buildvm-ppc64le-16.ppc.fedoraproject.org-3.fc31 04/01/2014\r\n[ T1205] Call Trace:\r\n[ T1205] dump_stack+0x9a/0xd0\r\n[ T1205] ? nfs4_client_to_reclaim+0xe9/0x260\r\n[ T1205] __kasan_report.cold+0x34/0x84\r\n[ T1205] ? nfs4_client_to_reclaim+0xe9/0x260\r\n[ T1205] kasan_report+0x3a/0x50\r\n[ T1205] nfs4_client_to_reclaim+0xe9/0x260\r\n[ T1205] ? nfsd4_release_lockowner+0x410/0x410\r\n[ T1205] cld_pipe_downcall+0x5ca/0x760\r\n[ T1205] ? nfsd4_cld_tracking_exit+0x1d0/0x1d0\r\n[ T1205] ? down_write_killable_nested+0x170/0x170\r\n[ T1205] ? avc_policy_seqno+0x28/0x40\r\n[ T1205] ? selinux_file_permission+0x1b4/0x1e0\r\n[ T1205] rpc_pipe_write+0x84/0xb0\r\n[ T1205] vfs_write+0x143/0x520\r\n[ T1205] ksys_write+0xc9/0x170\r\n[ T1205] ? __ia32_sys_read+0x50/0x50\r\n[ T1205] ? ktime_get_coarse_real_ts64+0xfe/0x110\r\n[ T1205] ? ktime_get_coarse_real_ts64+0xa2/0x110\r\n[ T1205] do_syscall_64+0x33/0x40\r\n[ T1205] entry_SYSCALL_64_after_hwframe+0x67/0xd1\r\n[ T1205] RIP: 0033:0x7fdbdb761bc7\r\n[ T1205] Code: 0f 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 01 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 514\r\n[ T1205] RSP: 002b:00007fff8c4b7248 EFLAGS: 00000246 ORIG_RAX: 0000000000000001\r\n[ T1205] RAX: ffffffffffffffda RBX: 000000000000042b RCX: 00007fdbdb761bc7\r\n[ T1205] RDX: 000000000000042b RSI: 00007fff8c4b75f0 RDI: 0000000000000008\r\n[ T1205] RBP: 00007fdbdb761bb0 R08: 0000000000000000 R09: 0000000000000001\r\n[ T1205] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000042b\r\n[ T1205] R13: 0000000000000008 R14: 00007fff8c4b75f0 R15: 0000000000000000\r\n[ T1205] ==================================================================",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-47692"
},
{
"cve": "CVE-2024-47696",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nRDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency\r\n\r\nIn the commit aee2424246f9 (\"RDMA/iwcm: Fix a use-after-free related to destroying CM IDs\"), the function flush_workqueue is invoked to flush the work queue iwcm_wq.\r\n\r\nBut at that time, the work queue iwcm_wq was created via the function alloc_ordered_workqueue without the flag WQ_MEM_RECLAIM.\r\n\r\nBecause the current process is trying to flush the whole iwcm_wq, if iwcm_wq doesn\u0027t have the flag WQ_MEM_RECLAIM, verify that the current process is not reclaiming memory or running on a workqueue which doesn\u0027t have the flag WQ_MEM_RECLAIM as that can break forward-progress guarantee leading to a deadlock.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-47696"
},
{
"cve": "CVE-2024-47697",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\ndrivers: media: dvb-frontends/rtl2830: fix an out-of-bounds write error\r\n\r\nEnsure index in rtl2830_pid_filter does not exceed 31 to prevent out-of-bounds access.\r\n\r\ndev-\u003efilters is a 32-bit value, so set_bit and clear_bit functions should only operate on indices from 0 to 31. If index is 32, it will attempt to access a non-existent 33rd bit, leading to out-of-bounds access.\r\nChange the boundary check from index \u003e 32 to index \u003e= 32 to resolve this issue.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-47697"
},
{
"cve": "CVE-2024-47699",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnilfs2: fix potential null-ptr-deref in nilfs_btree_insert()\r\n\r\nPatch series \"nilfs2: fix potential issues with empty b-tree nodes\".\r\n\r\nThis series addresses three potential issues with empty b-tree nodes that can occur with corrupted filesystem images, including one recently discovered by syzbot.\r\n\r\n\r\nThis patch (of 3):\r\n\r\nIf a b-tree is broken on the device, and the b-tree height is greater than 2 (the level of the root node is greater than 1) even if the number of child nodes of the b-tree root is 0, a NULL pointer dereference occurs in nilfs_btree_prepare_insert(), which is called from nilfs_btree_insert().\r\n\r\nThis is because, when the number of child nodes of the b-tree root is 0, nilfs_btree_do_lookup() does not set the block buffer head in any of path[x].bp_bh, leaving it as the initial value of NULL, but if the level of the b-tree root node is greater than 1, nilfs_btree_get_nonroot_node(), which accesses the buffer memory of path[x].bp_bh, is called.\r\n\r\nFix this issue by adding a check to nilfs_btree_root_broken(), which performs sanity checks when reading the root node from the device, to detect this inconsistency.\r\n\r\nThanks to Lizhi Xu for trying to solve the bug and clarifying the cause early on.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-47699"
},
{
"cve": "CVE-2024-47701",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: ext4: avoid OOB when system.data xattr changes underneath the filesystem.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-47701"
},
{
"cve": "CVE-2024-47705",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nblock: fix potential invalid pointer dereference in blk_add_partition\r\n\r\nThe blk_add_partition() function initially used a single if-condition (IS_ERR(part)) to check for errors when adding a partition. This was modified to handle the specific case of -ENXIO separately, allowing the function to proceed without logging the error in this case. However, this change unintentionally left a path where md_autodetect_dev() could be called without confirming that part is a valid pointer.\r\n\r\nThis commit separates the error handling logic by splitting the initial if-condition, improving code readability and handling specific error scenarios explicitly. The function now distinguishes the general error case from -ENXIO without altering the existing behavior of md_autodetect_dev() calls.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-47705"
},
{
"cve": "CVE-2024-47706",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nblock, bfq: fix possible UAF for bfqq-\u003ebic with merge chain\r\n\r\nIn this case, IO from Process 1 will get bfqq2 from BIC1 first, and then\r\nget bfqq3 through merge chain, and finially handle IO by bfqq3.\r\nHowerver, current code will think bfqq2 is owned by BIC1, like initial\r\nstate, and set bfqq2-\u003ebic to BIC1.\r\n\r\nAllocated by task 20776:\r\n kasan_save_stack+0x20/0x40 mm/kasan/common.c:45\r\n kasan_set_track+0x25/0x30 mm/kasan/common.c:52\r\n __kasan_slab_alloc+0x87/0x90 mm/kasan/common.c:328\r\n kasan_slab_alloc include/linux/kasan.h:188 [inline]\r\n slab_post_alloc_hook mm/slab.h:763 [inline]\r\n slab_alloc_node mm/slub.c:3458 [inline]\r\n kmem_cache_alloc_node+0x1a4/0x6f0 mm/slub.c:3503\r\n ioc_create_icq block/blk-ioc.c:370 [inline]\r\n---truncated---",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-47706"
},
{
"cve": "CVE-2024-47707",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "ipv6: A NULL dereference vulnerability may occur in rt6_uncached_list_flush_dev() due to the necessary check being removed by a previous commit.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-47707"
},
{
"cve": "CVE-2024-47709",
"cwe": {
"id": "CWE-825",
"name": "Expired Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "can: bcm: A warning is triggered when connect() is issued again for a socket whose connect()ed device has been unregistered. However, if the socket is just close()d without the 2nd connect(), the remaining bo-\u003ebcm_proc_read triggers unnecessary remove_proc_entry() in bcm_release().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-47709"
},
{
"cve": "CVE-2024-47710",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "summary",
"text": "sock_map: vulnerability result of adding a cond_resched() in sock_hash_free() to prevent CPU soft lockups when destroying maps with a large number of buckets.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-47710"
},
{
"cve": "CVE-2024-47713",
"cwe": {
"id": "CWE-664",
"name": "Improper Control of a Resource Through its Lifetime"
},
"notes": [
{
"category": "summary",
"text": "wifi: mac80211: vulnerability caused by implementing a two-phase skb reclamation in ieee80211_do_stop() to avoid warnings and potential issues caused by calling __dev_queue_xmit() with interrupts disabled.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-47713"
},
{
"cve": "CVE-2024-47718",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "wifi: rtw88: vulnerability may lead to a use-after-free (UAF) error if firmware loading is not properly synchronized during USB initialization and disconnection.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-47718"
},
{
"cve": "CVE-2024-47723",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\njfs: fix out-of-bounds in dbNextAG() and diAlloc()\r\n\r\nIn dbNextAG() , there is no check for the case where bmp-\u003edb_numag is greater or same than MAXAG due to a polluted image, which causes an out-of-bounds. Therefore, a bounds check should be added in dbMount().\r\n\r\nAnd in dbNextAG(), a check for the case where agpref is greater than bmp-\u003edb_numag should be added, so an out-of-bounds exception should be prevented.\r\n\r\nAdditionally, a check for the case where agno is greater or same than MAXAG should be added in diAlloc() to prevent out-of-bounds.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-47723"
},
{
"cve": "CVE-2024-47735",
"cwe": {
"id": "CWE-667",
"name": "Improper Locking"
},
"notes": [
{
"category": "summary",
"text": "RDMA/hns: missuse of spin_lock_irq()/spin_unlock_irq() when spin_lock_irqsave()/spin_lock_irqrestore() was hold.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-47735"
},
{
"cve": "CVE-2024-47737",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: nfsd: call cache_put if xdr_reserve_space returns NULL.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-47737"
},
{
"cve": "CVE-2024-47747",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "net: seeq: Fix use after free vulnerability in ether3 Driver Due to Race Condition. In the ether3_probe function, a timer is initialized with a callback function ether3_ledoff, bound to \u0026prev(dev)-\u003etimer. Once the timer is started, there is a risk of a race condition if the module or device is removed, triggering the ether3_remove function to perform cleanup.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-47747"
},
{
"cve": "CVE-2024-49851",
"cwe": {
"id": "CWE-459",
"name": "Incomplete Cleanup"
},
"notes": [
{
"category": "summary",
"text": "tpm: Clean up TPM space after command failure tpm_dev_transmit prepares the TPM space before attempting command transmission. However if the command fails no rollback of this preparation is done. This can result in transient handles being leaked if the device is subsequently closed with no further commands performed.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-49851"
},
{
"cve": "CVE-2024-49889",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\next4: avoid use-after-free in ext4_ext_show_leaf()\r\n\r\nIn ext4_find_extent(), path may be freed by error or be reallocated, so\r\nusing a previously saved *ppath may have been freed and thus may trigger\r\nuse-after-free, as follows:\r\n\r\next4_split_extent\r\n path = *ppath;\r\n ext4_split_extent_at(ppath)\r\n path = ext4_find_extent(ppath)\r\n ext4_split_extent_at(ppath)\r\n // ext4_find_extent fails to free path\r\n // but zeroout succeeds\r\n ext4_ext_show_leaf(inode, path)\r\n eh = path[depth].p_hdr\r\n // path use-after-free !!!\r\n\r\nSimilar to ext4_split_extent_at(), we use *ppath directly as an input to\r\next4_ext_show_leaf(). Fix a spelling error by the way.\r\n\r\nSame problem in ext4_ext_handle_unwritten_extents(). Since \u0027path\u0027 is only\r\nused in ext4_ext_show_leaf(), remove \u0027path\u0027 and use *ppath directly.\r\n\r\nThis issue is triggered only when EXT_DEBUG is defined and therefore does\r\nnot affect functionality.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-49889"
},
{
"cve": "CVE-2024-49890",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\ndrm/amd/pm: ensure the fw_info is not null before using it\r\n\r\nThis resolves the dereference null return value warning reported by Coverity.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-49890"
},
{
"cve": "CVE-2024-49892",
"cwe": {
"id": "CWE-369",
"name": "Divide By Zero"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\ndrm/amd/display: Initialize get_bytes_per_element\u0027s default to 1\r\n\r\nVariables, used as denominators and maybe not assigned to other values, should not be 0. bytes_per_element_y \u0026 bytes_per_element_c are initialized by get_bytes_per_element() which should never return 0.\r\n\r\nThis fixes 10 DIVIDE_BY_ZERO issues reported by Coverity.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-49892"
},
{
"cve": "CVE-2024-49894",
"cwe": {
"id": "CWE-129",
"name": "Improper Validation of Array Index"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\ndrm/amd/display: Fix index out of bounds in degamma hardware format translation\r\n\r\nFixes index out of bounds issue in\r\n`cm_helper_translate_curve_to_degamma_hw_format` function. The issue\r\ncould occur when the index \u0027i\u0027 exceeds the number of transfer function\r\npoints (TRANSFER_FUNC_POINTS).\r\n\r\nThe fix adds a check to ensure \u0027i\u0027 is within bounds before accessing the\r\ntransfer function points. If \u0027i\u0027 is out of bounds the function returns\r\nfalse to indicate an error.\r\n\r\nReported by smatch:\r\ndrivers/gpu/drm/amd/amdgpu/../display/dc/dcn10/dcn10_cm_common.c:594 cm_helper_translate_curve_to_degamma_hw_format() error: buffer overflow \u0027output_tf-\u003etf_pts.red\u0027 1025 \u003c= s32max\r\ndrivers/gpu/drm/amd/amdgpu/../display/dc/dcn10/dcn10_cm_common.c:595 cm_helper_translate_curve_to_degamma_hw_format() error: buffer overflow \u0027output_tf-\u003etf_pts.green\u0027 1025 \u003c= s32max\r\ndrivers/gpu/drm/amd/amdgpu/../display/dc/dcn10/dcn10_cm_common.c:596 cm_helper_translate_curve_to_degamma_hw_format() error: buffer overflow \u0027output_tf-\u003etf_pts.blue\u0027 1025 \u003c= s32max",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-49894"
},
{
"cve": "CVE-2024-49900",
"cwe": {
"id": "CWE-908",
"name": "Use of Uninitialized Resource"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\njfs: Fix uninit-value access of new_ea in ea_buffer\r\n\r\nsyzbot reports that lzo1x_1_do_compress is using uninit-value:\r\n\r\n=====================================================\r\nBUG: KMSAN: uninit-value in lzo1x_1_do_compress+0x19f9/0x2510 lib/lzo/lzo1x_compress.c:178\r\n\r\n...\r\n\r\nUninit was stored to memory at:\r\n ea_put fs/jfs/xattr.c:639 [inline]\r\n\r\n...\r\n\r\nLocal variable ea_buf created at:\r\n __jfs_setxattr+0x5d/0x1ae0 fs/jfs/xattr.c:662\r\n __jfs_xattr_set+0xe6/0x1f0 fs/jfs/xattr.c:934\r\n\r\n=====================================================\r\n\r\nThe reason is ea_buf-\u003enew_ea is not initialized properly.\r\n\r\nFix this by using memset to empty its content at the beginning\r\nin ea_get().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-49900"
},
{
"cve": "CVE-2024-49902",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "jfs: vulnerability caused by assigning msm_gpu-\u003epdev earlier in the initialization process to prevent null pointer dereferences in msm_gpu_cleanup.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-49902"
},
{
"cve": "CVE-2024-49903",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\njfs: Fix uaf in dbFreeBits\r\n\r\n[syzbot reported]\r\n==================================================================\r\nBUG: KASAN: slab-use-after-free in __mutex_lock_common kernel/locking/mutex.c:587 [inline]\r\nBUG: KASAN: slab-use-after-free in __mutex_lock+0xfe/0xd70 kernel/locking/mutex.c:752\r\nRead of size 8 at addr ffff8880229254b0 by task syz-executor357/5216\r\n\r\nCPU: 0 UID: 0 PID: 5216 Comm: syz-executor357 Not tainted 6.11.0-rc3-syzkaller-00156-gd7a5aa4b3c00 #0\r\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024\r\nCall Trace:\r\n \u003cTASK\u003e\r\n __dump_stack lib/dump_stack.c:93 [inline]\r\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119\r\n print_address_description mm/kasan/report.c:377 [inline]\r\n print_report+0x169/0x550 mm/kasan/report.c:488\r\n kasan_report+0x143/0x180 mm/kasan/report.c:601\r\n __mutex_lock_common kernel/locking/mutex.c:587 [inline]\r\n __mutex_lock+0xfe/0xd70 kernel/locking/mutex.c:752\r\n dbFreeBits+0x7ea/0xd90 fs/jfs/jfs_dmap.c:2390\r\n dbFreeDmap fs/jfs/jfs_dmap.c:2089 [inline]\r\n dbFree+0x35b/0x680 fs/jfs/jfs_dmap.c:409\r\n dbDiscardAG+0x8a9/0xa20 fs/jfs/jfs_dmap.c:1650\r\n jfs_ioc_trim+0x433/0x670 fs/jfs/jfs_discard.c:100\r\n jfs_ioctl+0x2d0/0x3e0 fs/jfs/ioctl.c:131\r\n vfs_ioctl fs/ioctl.c:51 [inline]\r\n __do_sys_ioctl fs/ioctl.c:907 [inline]\r\n __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:893\r\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\r\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\r\n\r\nFreed by task 5218:\r\n kasan_save_stack mm/kasan/common.c:47 [inline]\r\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\r\n kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:579\r\n poison_slab_object+0xe0/0x150 mm/kasan/common.c:240\r\n __kasan_slab_free+0x37/0x60 mm/kasan/common.c:256\r\n kasan_slab_free include/linux/kasan.h:184 [inline]\r\n slab_free_hook mm/slub.c:2252 [inline]\r\n slab_free mm/slub.c:4473 [inline]\r\n kfree+0x149/0x360 mm/slub.c:4594\r\n dbUnmount+0x11d/0x190 fs/jfs/jfs_dmap.c:278\r\n jfs_mount_rw+0x4ac/0x6a0 fs/jfs/jfs_mount.c:247\r\n jfs_remount+0x3d1/0x6b0 fs/jfs/super.c:454\r\n reconfigure_super+0x445/0x880 fs/super.c:1083\r\n vfs_cmd_reconfigure fs/fsopen.c:263 [inline]\r\n vfs_fsconfig_locked fs/fsopen.c:292 [inline]\r\n __do_sys_fsconfig fs/fsopen.c:473 [inline]\r\n __se_sys_fsconfig+0xb6e/0xf80 fs/fsopen.c:345\r\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\r\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\r\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\r\n\r\n[Analysis]\r\nThere are two paths (dbUnmount and jfs_ioc_trim) that generate race condition when accessing bmap, which leads to the occurrence of uaf.\r\n\r\nUse the lock s_umount to synchronize them, in order to avoid uaf caused by race condition.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-49903"
},
{
"cve": "CVE-2024-49930",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "wifi: ath11k: fix array out-of-bound access in SoC stats. Currently, the ath11k_soc_dp_stats::hal_reo_error array is defined with a maximum size of DP_REO_DST_RING_MAX. However, the ath11k_dp_process_rx() function access ath11k_soc_dp_stats::hal_reo_error using the REO destination SRNG ring ID, which is incorrect. SRNG ring ID differ from normal ring ID, and this usage leads to out-of-bounds array access.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-49930"
},
{
"cve": "CVE-2024-49938",
"cwe": {
"id": "CWE-824",
"name": "Access of Uninitialized Pointer"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nwifi: ath9k_htc: Use __skb_set_length() for resetting urb before resubmit\r\n\r\nSyzbot points out that skb_trim() has a sanity check on the existing length of the skb, which can be uninitialised in some error paths. The intent here is clearly just to reset the length to zero before resubmitting, so switch to calling __skb_set_length(skb, 0) directly. In addition, __skb_set_length() already contains a call to skb_reset_tail_pointer(), so remove the redundant call.\r\n\r\nThe syzbot report came from ath9k_hif_usb_reg_in_cb(), but there\u0027s a similar usage of skb_trim() in ath9k_hif_usb_rx_cb(), change both while we\u0027re at it.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-49938"
},
{
"cve": "CVE-2024-49944",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "sctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start. In sctp_listen_start() invoked by sctp_inet_listen(), it should set the sk_state back to CLOSED if sctp_autobind() fails due to whatever reason. Otherwise, next time when calling sctp_inet_listen(), if sctp_sk(sk)-\u003ereuse is already set via setsockopt(SCTP_REUSE_PORT), sctp_sk(sk)-\u003ebind_hash will be dereferenced as sk_state is LISTENING, which causes a crash as bind_hash is NULL",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-49944"
},
{
"cve": "CVE-2024-49948",
"cwe": {
"id": "CWE-124",
"name": "Buffer Underwrite (\u0027Buffer Underflow\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: net: add more sanity checks to qdisc_pkt_len_init().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-49948"
},
{
"cve": "CVE-2024-49949",
"cwe": {
"id": "CWE-124",
"name": "Buffer Underwrite (\u0027Buffer Underflow\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: net: avoid potential underflow in qdisc_pkt_len_init() with UFO.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-49949"
},
{
"cve": "CVE-2024-49952",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: prevent nf_skb_duplicated corruption.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-49952"
},
{
"cve": "CVE-2024-49955",
"cwe": {
"id": "CWE-672",
"name": "Operation on a Resource after Expiration or Release"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nACPI: battery: Fix possible crash when unregistering a battery hook\r\n\r\nWhen a battery hook returns an error when adding a new battery, then the battery hook is automatically unregistered.\r\nHowever the battery hook provider cannot know that, so it will later call battery_hook_unregister() on the already unregistered battery hook, resulting in a crash.\r\n\r\nFix this by using the list head to mark already unregistered battery hooks as already being unregistered so that they can be ignored by battery_hook_unregister().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-49955"
},
{
"cve": "CVE-2024-49973",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "r8169: RTL8125 added fields to the tally counter, this change could cause the chip to perform Direct Memory Access on these new fields, potentially writing to unallocated memory.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-49973"
},
{
"cve": "CVE-2024-49977",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "net: stmmac: port_transmit_rate_kbps could be set to a value of 0, which is then passed to the \"div_s64\" function when tc-cbs is disabled. This leads to a zero-division error.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-49977"
},
{
"cve": "CVE-2024-49997",
"cwe": {
"id": "CWE-226",
"name": "Sensitive Information in Resource Not Removed Before Reuse"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: net: ethernet: lantiq_etop: fix memory disclosure When applying padding, the buffer is not zeroed, which results in memory disclosure. The mentioned data is observed on the wire. This patch uses skb_put_padto() to pad Ethernet frames properly. The mentioned function zeroes the expanded buffer. In case the packet cannot be padded it is silently dropped. Statistics are also not incremented. This driver does not support statistics in the old 32-bit format or the new 64-bit format. These will be added in the future. In its current form, the patch should be easily backported to stable versions. Ethernet MACs on Amazon-SE and Danube cannot do padding of the packets in hardware, so software padding must be applied.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-49997"
},
{
"cve": "CVE-2024-50001",
"cwe": {
"id": "CWE-755",
"name": "Improper Handling of Exceptional Conditions"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnet/mlx5: Fix error path in multi-packet WQE transmit\r\n\r\nRemove the erroneous unmap in case no DMA mapping was established\r\n\r\nThe multi-packet WQE transmit code attempts to obtain a DMA mapping for the skb. This could fail, e.g. under memory pressure, when the IOMMU driver just can\u0027t allocate more memory for page tables. While the code tries to handle this in the path below the err_unmap label it erroneously unmaps one entry from the sq\u0027s FIFO list of active mappings. Since the current map attempt failed this unmap is removing some random DMA mapping that might still be required. If the PCI function now presents that IOVA, the IOMMU may assumes a rogue DMA access and e.g. on s390 puts the PCI function in error state.\r\n\r\nThe erroneous behavior was seen in a stress-test environment that created memory pressure.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-50001"
},
{
"cve": "CVE-2024-50006",
"cwe": {
"id": "CWE-833",
"name": "Deadlock"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: ext4: fix i_data_sem unlock order in ext4_ind_migrate().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-50006"
},
{
"cve": "CVE-2024-50008",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "wifi: mwifiex: memcpy() field-spanning write warning in mwifiex_cmd_802_11_scan_ext() Replace one-element array with a flexible-array member in `struct host_cmd_ds_802_11_scan_ext`.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-50008"
},
{
"cve": "CVE-2024-50010",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nexec: don\u0027t WARN for racy path_noexec check\r\n\r\nBoth i_mode and noexec checks wrapped in WARN_ON stem from an artifact\r\nof the previous implementation. They used to legitimately check for the\r\ncondition, but that got moved up in two commits:\r\n633fb6ac3980 (\"exec: move S_ISREG() check earlier\")\r\n0fd338b2d2cd (\"exec: move path_noexec() check earlier\")\r\n\r\nInstead of being removed said checks are WARN_ON\u0027ed instead, which has some debug value.\r\n\r\nHowever, the spurious path_noexec check is racy, resulting in unwarranted warnings should someone race with setting the noexec flag.\r\n\r\nOne can note there is more to perm-checking whether execve is allowed and none of the conditions are guaranteed to still hold after they were tested for.\r\n\r\nAdditionally this does not validate whether the code path did any perm checking to begin with -- it will pass if the inode happens to be regular.\r\n\r\nKeep the redundant path_noexec() check even though it\u0027s mindless nonsense checking for guarantee that isn\u0027t given so drop the WARN.\r\n\r\nReword the commentary and do small tidy ups while here.\r\n\r\n[brauner: keep redundant path_noexec() check]",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-50010"
},
{
"cve": "CVE-2024-50015",
"cwe": {
"id": "CWE-665",
"name": "Improper Initialization"
},
"notes": [
{
"category": "summary",
"text": "ext4: dax: Overflowing extents beyond inode size when partially writing.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-50015"
},
{
"cve": "CVE-2024-50033",
"cwe": {
"id": "CWE-908",
"name": "Use of Uninitialized Resource"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nslip: make slhc_remember() more robust against malicious packets\r\n\r\nsyzbot found that slhc_remember() was missing checks against\r\nmalicious packets [1].\r\n\r\nslhc_remember() only checked the size of the packet was at least 20,\r\nwhich is not good enough.\r\n\r\nWe need to make sure the packet includes the IPv4 and TCP header\r\nthat are supposed to be carried.\r\n\r\nAdd iph and th pointers to make the code more readable.\r\n\r\n[1]\r\n\r\nBUG: KMSAN: uninit-value in slhc_remember+0x2e8/0x7b0 drivers/net/slip/slhc.c:666\r\n slhc_remember+0x2e8/0x7b0 drivers/net/slip/slhc.c:666\r\n ppp_receive_nonmp_frame+0xe45/0x35e0 drivers/net/ppp/ppp_generic.c:2455\r\n ppp_receive_frame drivers/net/ppp/ppp_generic.c:2372 [inline]\r\n ppp_do_recv+0x65f/0x40d0 drivers/net/ppp/ppp_generic.c:2212\r\n ppp_input+0x7dc/0xe60 drivers/net/ppp/ppp_generic.c:2327\r\n pppoe_rcv_core+0x1d3/0x720 drivers/net/ppp/pppoe.c:379\r\n sk_backlog_rcv+0x13b/0x420 include/net/sock.h:1113\r\n __release_sock+0x1da/0x330 net/core/sock.c:3072\r\n release_sock+0x6b/0x250 net/core/sock.c:3626\r\n pppoe_sendmsg+0x2b8/0xb90 drivers/net/ppp/pppoe.c:903\r\n sock_sendmsg_nosec net/socket.c:729 [inline]\r\n __sock_sendmsg+0x30f/0x380 net/socket.c:744\r\n ____sys_sendmsg+0x903/0xb60 net/socket.c:2602\r\n ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2656\r\n __sys_sendmmsg+0x3c1/0x960 net/socket.c:2742\r\n __do_sys_sendmmsg net/socket.c:2771 [inline]\r\n __se_sys_sendmmsg net/socket.c:2768 [inline]\r\n __x64_sys_sendmmsg+0xbc/0x120 net/socket.c:2768\r\n x64_sys_call+0xb6e/0x3ba0 arch/x86/include/generated/asm/syscalls_64.h:308\r\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\r\n do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83\r\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\r\n\r\nUninit was created at:\r\n slab_post_alloc_hook mm/slub.c:4091 [inline]\r\n slab_alloc_node mm/slub.c:4134 [inline]\r\n kmem_cache_alloc_node_noprof+0x6bf/0xb80 mm/slub.c:4186\r\n kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:587\r\n __alloc_skb+0x363/0x7b0 net/core/skbuff.c:678\r\n alloc_skb include/linux/skbuff.h:1322 [inline]\r\n sock_wmalloc+0xfe/0x1a0 net/core/sock.c:2732\r\n pppoe_sendmsg+0x3a7/0xb90 drivers/net/ppp/pppoe.c:867\r\n sock_sendmsg_nosec net/socket.c:729 [inline]\r\n __sock_sendmsg+0x30f/0x380 net/socket.c:744\r\n ____sys_sendmsg+0x903/0xb60 net/socket.c:2602\r\n ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2656\r\n __sys_sendmmsg+0x3c1/0x960 net/socket.c:2742\r\n __do_sys_sendmmsg net/socket.c:2771 [inline]\r\n __se_sys_sendmmsg net/socket.c:2768 [inline]\r\n __x64_sys_sendmmsg+0xbc/0x120 net/socket.c:2768\r\n x64_sys_call+0xb6e/0x3ba0 arch/x86/include/generated/asm/syscalls_64.h:308\r\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\r\n do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83\r\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\r\n\r\nCPU: 0 UID: 0 PID: 5460 Comm: syz.2.33 Not tainted 6.12.0-rc2-syzkaller-00006-g87d6aab2389e #0\r\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-50033"
},
{
"cve": "CVE-2024-50035",
"cwe": {
"id": "CWE-908",
"name": "Use of Uninitialized Resource"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nppp: fix ppp_async_encode() illegal access\r\n\r\nsyzbot reported an issue in ppp_async_encode() [1]\r\n\r\nIn this case, pppoe_sendmsg() is called with a zero size.\r\nThen ppp_async_encode() is called with an empty skb.\r\n\r\nBUG: KMSAN: uninit-value in ppp_async_encode drivers/net/ppp/ppp_async.c:545 [inline]\r\n BUG: KMSAN: uninit-value in ppp_async_push+0xb4f/0x2660 drivers/net/ppp/ppp_async.c:675\r\n ppp_async_encode drivers/net/ppp/ppp_async.c:545 [inline]\r\n ppp_async_push+0xb4f/0x2660 drivers/net/ppp/ppp_async.c:675\r\n ppp_async_send+0x130/0x1b0 drivers/net/ppp/ppp_async.c:634\r\n ppp_channel_bridge_input drivers/net/ppp/ppp_generic.c:2280 [inline]\r\n ppp_input+0x1f1/0xe60 drivers/net/ppp/ppp_generic.c:2304\r\n pppoe_rcv_core+0x1d3/0x720 drivers/net/ppp/pppoe.c:379\r\n sk_backlog_rcv+0x13b/0x420 include/net/sock.h:1113\r\n __release_sock+0x1da/0x330 net/core/sock.c:3072\r\n release_sock+0x6b/0x250 net/core/sock.c:3626\r\n pppoe_sendmsg+0x2b8/0xb90 drivers/net/ppp/pppoe.c:903\r\n sock_sendmsg_nosec net/socket.c:729 [inline]\r\n __sock_sendmsg+0x30f/0x380 net/socket.c:744\r\n ____sys_sendmsg+0x903/0xb60 net/socket.c:2602\r\n ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2656\r\n __sys_sendmmsg+0x3c1/0x960 net/socket.c:2742\r\n __do_sys_sendmmsg net/socket.c:2771 [inline]\r\n __se_sys_sendmmsg net/socket.c:2768 [inline]\r\n __x64_sys_sendmmsg+0xbc/0x120 net/socket.c:2768\r\n x64_sys_call+0xb6e/0x3ba0 arch/x86/include/generated/asm/syscalls_64.h:308\r\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\r\n do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83\r\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\r\n\r\nUninit was created at:\r\n slab_post_alloc_hook mm/slub.c:4092 [inline]\r\n slab_alloc_node mm/slub.c:4135 [inline]\r\n kmem_cache_alloc_node_noprof+0x6bf/0xb80 mm/slub.c:4187\r\n kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:587\r\n __alloc_skb+0x363/0x7b0 net/core/skbuff.c:678\r\n alloc_skb include/linux/skbuff.h:1322 [inline]\r\n sock_wmalloc+0xfe/0x1a0 net/core/sock.c:2732\r\n pppoe_sendmsg+0x3a7/0xb90 drivers/net/ppp/pppoe.c:867\r\n sock_sendmsg_nosec net/socket.c:729 [inline]\r\n __sock_sendmsg+0x30f/0x380 net/socket.c:744\r\n ____sys_sendmsg+0x903/0xb60 net/socket.c:2602\r\n ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2656\r\n __sys_sendmmsg+0x3c1/0x960 net/socket.c:2742\r\n __do_sys_sendmmsg net/socket.c:2771 [inline]\r\n __se_sys_sendmmsg net/socket.c:2768 [inline]\r\n __x64_sys_sendmmsg+0xbc/0x120 net/socket.c:2768\r\n x64_sys_call+0xb6e/0x3ba0 arch/x86/include/generated/asm/syscalls_64.h:308\r\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\r\n do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83\r\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\r\n\r\nCPU: 1 UID: 0 PID: 5411 Comm: syz.1.14 Not tainted 6.12.0-rc1-syzkaller-00165-g360c1f1f24c6 #0\r\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-50035"
},
{
"cve": "CVE-2024-50039",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnet/sched: accept TCA_STAB only for root qdisc\r\n\r\nMost qdiscs maintain their backlog using qdisc_pkt_len(skb) on the assumption it is invariant between the enqueue() and dequeue() handlers.\r\n\r\nUnfortunately syzbot can crash a host rather easily using a TBF + SFQ combination, with an STAB on SFQ [1]\r\n\r\nWe can\u0027t support TCA_STAB on arbitrary level, this would require to maintain per-qdisc storage.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-50039"
},
{
"cve": "CVE-2024-50040",
"cwe": {
"id": "CWE-390",
"name": "Detection of Error Condition Without Action"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: igb: Do not bring the device up after non-fatal error.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-50040"
},
{
"cve": "CVE-2024-50044",
"cwe": {
"id": "CWE-667",
"name": "Improper Locking"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nBluetooth: RFCOMM: FIX possible deadlock in rfcomm_sk_state_change\r\n\r\nrfcomm_sk_state_change attempts to use sock_lock so it must never be called with it locked but rfcomm_sock_ioctl always attempt to lock it.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-50044"
},
{
"cve": "CVE-2024-50045",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: netfilter: br_netfilter: fix panic with metadata_dst skb.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-50045"
},
{
"cve": "CVE-2024-50046",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nNFSv4: Prevent NULL-pointer dereference in nfs42_complete_copies()\r\n\r\nOn the node of an NFS client, some files saved in the mountpoint of the NFS server were copied to another location of the same NFS server.\r\nAccidentally, the nfs42_complete_copies() got a NULL-pointer dereference crash.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-50046"
},
{
"cve": "CVE-2024-50058",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nserial: protect uart_port_dtr_rts() in uart_shutdown() too\r\n\r\nCommit af224ca2df29 (serial: core: Prevent unsafe uart port access, part 3) added few uport == NULL checks. It added one to uart_shutdown(), so the commit assumes, uport can be NULL in there. But right after that protection, there is an unprotected \"uart_port_dtr_rts(uport, false);\" call. That is invoked only if HUPCL is set, so I assume that is the reason why we do not see lots of these reports.\r\n\r\nOr it cannot be NULL at this point at all for some reason :P.\r\n\r\nUntil the above is investigated, stay on the safe side and move this dereference to the if too.\r\n\r\nI got this inconsistency from Coverity under CID 1585130. Thanks.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-50058"
},
{
"cve": "CVE-2024-50095",
"cwe": {
"id": "CWE-667",
"name": "Improper Locking"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nRDMA/mad: Improve handling of timed out WRs of mad agent\r\n\r\nCurrent timeout handler of mad agent acquires/releases mad_agent_priv lock for every timed out WRs. This causes heavy locking contention when higher no. of WRs are to be handled inside timeout handler.\r\n\r\nThis leads to softlockup with below trace in some use cases where rdma-cm path is used to establish connection between peer nodes\r\n\r\n\r\nSimplified timeout handler by creating local list of timed out WRs and invoke send handler post creating the list. The new method acquires/releases lock once to fetch the list and hence helps to reduce locking contetiong when processing higher no. of WRs",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-50095"
},
{
"cve": "CVE-2024-50121",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "nfsd: problematic nfsd_shrinker_work using sync mode in nfs4_state_shutdown_net. In the normal case, when we excute `echo 0 \u003e /proc/fs/nfsd/threads`, the function `nfs4_state_destroy_net` in `nfs4_state_shutdown_net` will release all resources related to the hashed `nfs4_client`.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-50121"
},
{
"cve": "CVE-2024-50127",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnet: sched: fix use-after-free in taprio_change()\r\n\r\nIn \u0027taprio_change()\u0027, \u0027admin\u0027 pointer may become dangling due to sched switch / removal caused by \u0027advance_sched()\u0027, and critical section protected by \u0027q-current_entry_lock\u0027 is too small to prevent from such a scenario (which causes use-after-free detected by KASAN). Fix this by prefer \u0027rcu_replace_pointer()\u0027 ver \u0027rcu_assign_pointer()\u0027 to update \u0027admin\u0027 immediately before an attempt to schedule freeing.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-50127"
},
{
"cve": "CVE-2024-50131",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\ntracing: Consider the NULL character when validating the event length\r\n\r\nstrlen() returns a string length excluding the null byte. If the string length equals to the maximum buffer length, the buffer will have no space for the NULL terminating character.\r\n\r\nThis commit checks this condition and returns failure for it.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-50131"
},
{
"cve": "CVE-2024-50134",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\ndrm/vboxvideo: Replace fake VLA at end of vbva_mouse_pointer_shape with real VLA\r\n\r\nReplace the fake VLA at end of the vbva_mouse_pointer_shape shape with a real VLA to fix a \"memcpy: detected field-spanning write error\".\r\n\r\nNote as mentioned in the added comment it seems the original length calculation for the allocated and send hgsmi buffer is 4 bytes too large.\r\nChanging this is not the goal of this patch, so this behavior is kept.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-50134"
},
{
"cve": "CVE-2024-50142",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nxfrm: validate new SA\u0027s prefixlen using SA family when sel.family is unset\r\n\r\nThis expands the validation introduced in commit 07bf7908950a (\"xfrm:Validate address prefix lengths in the xfrm selector.\")\r\n\r\nsyzbot created an SA with\r\n usersa.sel.family = AF_UNSPEC\r\n usersa.sel.prefixlen_s = 128\r\n usersa.family = AF_INET\r\n\r\nBecause of the AF_UNSPEC selector, verify_newsa_info doesn\u0027t put limits on prefixlen_{s,d}. But then copy_from_user_state sets x-\u003esel.family to usersa.family (AF_INET). Do the same conversion inverify_newsa_info before validating prefixlen_{s,d}, since that\u0027s howprefixlen is going to be used later on.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-50142"
},
{
"cve": "CVE-2024-50148",
"cwe": {
"id": "CWE-459",
"name": "Incomplete Cleanup"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nBluetooth: bnep: fix wild-memory-access in proto_unregister\r\n\r\nAs bnep_init() ignore bnep_sock_init()\u0027s return value, and bnep_sock_init() will cleanup all resource. Then when remove bnep module will call bnep_sock_cleanup() to cleanup sock\u0027s resource.\r\nTo solve above issue just return bnep_sock_init()\u0027s return value in bnep_exit().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-50148"
},
{
"cve": "CVE-2024-50150",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nusb: typec: altmode should keep reference to parent\r\n\r\nThe altmode device release refers to its parent device, but without keeping\r\na reference to it.\r\n\r\nWhen registering the altmode, get a reference to the parent and put it in\r\nthe release function.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-50150"
},
{
"cve": "CVE-2024-50151",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nsmb: client: fix OOBs when building SMB2_IOCTL request\r\n\r\nWhen using encryption, either enforced by the server or when using\r\n\u0027seal\u0027 mount option, the client will squash all compound request buffers\r\ndown for encryption into a single iov in smb2_set_next_command().\r\n\r\nSMB2_ioctl_init() allocates a small buffer (448 bytes) to hold the\r\nSMB2_IOCTL request in the first iov, and if the user passes an input\r\nbuffer that is greater than 328 bytes, smb2_set_next_command() will\r\nend up writing off the end of @rqst-\u003eiov[0].iov_base as shown below:\r\n\r\n mount.cifs //srv/share /mnt -o ...,seal\r\n ln -s $(perl -e \"print(\u0027a\u0027)for 1..1024\") /mnt/link\r\n\r\n BUG: KASAN: slab-out-of-bounds in\r\n smb2_set_next_command.cold+0x1d6/0x24c [cifs]\r\n Write of size 4116 at addr ffff8881148fcab8 by task ln/859",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-50151"
},
{
"cve": "CVE-2024-50153",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nscsi: target: core: Fix null-ptr-deref in target_alloc_device()\r\n\r\nThere is a null-ptr-deref issue reported by KASAN:\r\n\r\nBUG: KASAN: null-ptr-deref in target_alloc_device+0xbc4/0xbe0 [target_core_mod]\r\n...\r\n kasan_report+0xb9/0xf0\r\n target_alloc_device+0xbc4/0xbe0 [target_core_mod]\r\n core_dev_setup_virtual_lun0+0xef/0x1f0 [target_core_mod]\r\n target_core_init_configfs+0x205/0x420 [target_core_mod]\r\n do_one_initcall+0xdd/0x4e0\r\n...\r\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\r\n\r\nIn target_alloc_device(), if allocing memory for dev queues fails, then\r\ndev will be freed by dev-\u003etransport-\u003efree_device(), but dev-\u003etransport\r\nis not initialized at that time, which will lead to a null pointer\r\nreference problem.\r\n\r\nFixing this bug by freeing dev with hba-\u003ebackend-\u003eops-\u003efree_device().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-50153"
},
{
"cve": "CVE-2024-50188",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "net: phy: dp83869: fix memory corruption when enabling fiber. When configuring the fiber port, the DP83869 PHY driver incorrectly calls linkmode_set_bit() with a bit mask (1 \u0026lt;\u0026lt; 10) rather than a bit number (10). This corrupts some other memory location -- in case of arm64 the priv pointer in the same structure.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-50188"
},
{
"cve": "CVE-2024-50205",
"cwe": {
"id": "CWE-369",
"name": "Divide By Zero"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size()\r\n\r\nThe step variable is initialized to zero. It is changed in the loop,\r\nbut if it\u0027s not changed it will remain zero. Add a variable check\r\nbefore the division.\r\n\r\nThe observed behavior was introduced by commit 826b5de90c0b\r\n(\"ALSA: firewire-lib: fix insufficient PCM rule for period/buffer size\"),\r\nand it is difficult to show that any of the interval parameters will\r\nsatisfy the snd_interval_test() condition with data from the\r\namdtp_rate_table[] table.\r\n\r\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-50205"
},
{
"cve": "CVE-2024-50210",
"cwe": {
"id": "CWE-667",
"name": "Improper Locking"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nposix-clock: posix-clock: Fix unbalanced locking in pc_clock_settime()\r\n\r\nIf get_clock_desc() succeeds, it calls fget() for the clockid\u0027s fd,\r\nand get the clk-\u003erwsem read lock, so the error path should release\r\nthe lock to make the lock balance and fput the clockid\u0027s fd to make\r\nthe refcount balance and release the fd related resource.\r\n\r\nHowever the below commit left the error path locked behind resulting in\r\nunbalanced locking. Check timespec64_valid_strict() before\r\nget_clock_desc() to fix it, because the \"ts\" is not changed\r\nafter that.\r\n\r\n[pabeni@redhat.com: fixed commit message typo]",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-50210"
},
{
"cve": "CVE-2024-50251",
"cwe": {
"id": "CWE-131",
"name": "Incorrect Calculation of Buffer Size"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_payload: sanitize offset and length before calling skb_checksum() If access to offset + length is larger than the skbuff length, then skb_checksum() triggers BUG_ON(). skb_checksum() internally subtracts the length parameter while iterating over skbuff, BUG_ON(len) at the end of it checks that the expected length to be included in the checksum calculation is fully consumed.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-50251"
},
{
"cve": "CVE-2024-50262",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: bpf: Fix out-of-bounds write in trie_get_next_key().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-50262"
},
{
"cve": "CVE-2024-50299",
"cwe": {
"id": "CWE-131",
"name": "Incorrect Calculation of Buffer Size"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: sctp: properly validate chunk size in sctp_sf_ootb()",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-50299"
},
{
"cve": "CVE-2024-50301",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: security/keys: fix slab-out-of-bounds in key_task_permission.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-50301"
},
{
"cve": "CVE-2024-50302",
"cwe": {
"id": "CWE-908",
"name": "Use of Uninitialized Resource"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: HID: core: zero-initialize the report buffer Since the report buffer is used by all kinds of drivers in various ways, let\u0027s zero-initialize it during allocation to make sure that it can\u0027t be ever used to leak kernel memory via specially-crafted report.",
"title": "Summary"
},
{
"category": "summary",
"text": "The information disclosure is limited to HID driver report data. Successful exploitation requires the installation of malicious code on the device.",
"title": "For SIMATIC S7-1500 TM MFP - GNU/Linux subsystem"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-50302"
},
{
"cve": "CVE-2024-53042",
"cwe": {
"id": "CWE-662",
"name": "Improper Synchronization"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_init_flow()\r\n\r\nThere are code paths from which the function is called without holding\r\nthe RCU read lock, resulting in a suspicious RCU usage warning [1].\r\n\r\nFix by using l3mdev_master_upper_ifindex_by_index() which will acquire\r\nthe RCU read lock before calling\r\nl3mdev_master_upper_ifindex_by_index_rcu().\r\n\r\n[1]\r\nWARNING: suspicious RCU usage\r\n6.12.0-rc3-custom-gac8f72681cf2 #141 Not tainted\r\n-----------------------------\r\nnet/core/dev.c:876 RCU-list traversed in non-reader section!!\r\n\r\nother info that might help us debug this:\r\n\r\nrcu_scheduler_active = 2, debug_locks = 1\r\n1 lock held by ip/361:\r\n #0: ffffffff86fc7cb0 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x377/0xf60",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-53042"
},
{
"cve": "CVE-2024-53057",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-53057"
},
{
"cve": "CVE-2024-53059",
"cwe": {
"id": "CWE-460",
"name": "Improper Cleanup on Thrown Exception"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nwifi: iwlwifi: mvm: Fix response handling in iwl_mvm_send_recovery_cmd()\r\n\r\n1. The size of the response packet is not validated.\r\n2. The response buffer is not freed.\r\n\r\nResolve these issues by switching to iwl_mvm_send_cmd_status(), which handles both size validation and frees the buffer.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-53059"
},
{
"cve": "CVE-2024-53101",
"cwe": {
"id": "CWE-456",
"name": "Missing Initialization of a Variable"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: fs: Fix uninitialized value issue in from_kuid and from_kgid ocfs2_setattr() uses attr-\u003eia_mode, attr-\u003eia_uid and attr-\u003eia_gid in a trace point even though ATTR_MODE, ATTR_UID and ATTR_GID aren\u0027t set. Initialize all fields of newattrs to avoid uninitialized variables, by checking if ATTR_MODE, ATTR_UID, ATTR_GID are initialized, otherwise 0.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-53101"
},
{
"cve": "CVE-2024-53124",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "summary",
"text": "net: fix data-races around sk sk_forward_alloc.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-53124"
},
{
"cve": "CVE-2024-56631",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\nscsi: sg: Fix slab-use-after-free read in sg_release()\r\nFix a use-after-free bug in sg_release(), detected by syzbot with KASAN:\r\n\r\nThe fix has been tested and validated by syzbot. This patch closes the\r\nbug reported at the following syzkaller link and ensures proper\r\nsequencing of resource cleanup and mutex operations, eliminating the\r\nrisk of use-after-free errors in sg_release().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-56631"
},
{
"cve": "CVE-2024-56672",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nblk-cgroup: Fix UAF in blkcg_unpin_online()\r\n\r\nblkcg_unpin_online() walks up the blkcg hierarchy putting the online pin. To\r\nwalk up, it uses blkcg_parent(blkcg) but it was calling that after\r\nblkcg_destroy_blkgs(blkcg) which could free the blkcg",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-56672"
},
{
"cve": "CVE-2024-57901",
"cwe": {
"id": "CWE-664",
"name": "Improper Control of a Resource Through its Lifetime"
},
"notes": [
{
"category": "summary",
"text": "af_packet: vlan_get_protocol_dgram() vs MSG_PEEK Blamed allowing a crash.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-57901"
},
{
"cve": "CVE-2024-57902",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\naf_packet: fix vlan_get_tci() vs MSG_PEEK\r\n\r\nBlamed commit forgot MSG_PEEK case, allowing a crash [1] as found\r\nby syzbot.\r\n\r\nRework vlan_get_tci() to not touch skb at all,\r\nso that it can be used from many cpus on the same skb.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-57902"
},
{
"cve": "CVE-2024-57913",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nusb: gadget: f_fs: Remove WARN_ON in functionfs_bind",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-57913"
},
{
"cve": "CVE-2024-57929",
"cwe": {
"id": "CWE-672",
"name": "Operation on a Resource after Expiration or Release"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\ndm array: fix releasing a faulty array block twice in dm_array_cursor_end\r\n\r\nWhen dm_bm_read_lock() fails due to locking or checksum errors, it\r\nreleases the faulty block implicitly while leaving an invalid output\r\npointer behind. The caller of dm_bm_read_lock() should not operate on\r\nthis invalid dm_block pointer, or it will lead to undefined result.\r\nFor example, the dm_array_cursor incorrectly caches the invalid pointer\r\non reading a faulty array block, causing a double release in\r\ndm_array_cursor_end(), then hitting the BUG_ON in dm-bufio cache_put().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-57929"
},
{
"cve": "CVE-2024-57940",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"notes": [
{
"category": "summary",
"text": "exfat: fix the infinite loop in exfat_readdir() If the file system is corrupted so that a cluster is linked to itself in the cluster chain, and there is an unused directory entry in the cluster, dentry will not be incremented, causing condition dentry \u003c max_dentries unable to prevent an infinite loop. This infinite loop causes s_lock not to be released, and other tasks will hang, such as exfat_sync_fs().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-57940"
},
{
"cve": "CVE-2024-57948",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nmac802154: check local interfaces before deleting sdata list\r\n\r\nsyzkaller reported a corrupted list in ieee802154_if_remove. [1]\r\n\r\nRemove an IEEE 802.15.4 network interface after unregister an IEEE 802.15.4\r\nhardware device from the system.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-57948"
},
{
"cve": "CVE-2024-57951",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nhrtimers: Handle CPU state correctly on hotplug\r\n\r\nConsider a scenario where a CPU transitions from CPUHP_ONLINE to halfway\r\nthrough a CPU hotunplug down to CPUHP_HRTIMERS_PREPARE, and then back to\r\nCPUHP_ONLINE:\r\n\r\nSince hrtimers_prepare_cpu() does not run, cpu_base.hres_active remains set\r\nto 1 throughout. However, during a CPU unplug operation, the tick and the\r\nclockevents are shut down at CPUHP_AP_TICK_DYING. On return to the online\r\nstate, for instance CFS incorrectly assumes that the hrtick is already\r\nactive, and the chance of the clockevent device to transition to oneshot\r\nmode is also lost forever for the CPU, unless it goes back to a lower state\r\nthan CPUHP_HRTIMERS_PREPARE once.\r\n\r\nThis round-trip reveals another issue; cpu_base.online is not set to 1\r\nafter the transition, which appears as a WARN_ON_ONCE in enqueue_hrtimer().\r\n\r\nAside of that, the bulk of the per CPU state is not reset either, which\r\nmeans there are dangling pointers in the worst case.\r\n\r\nAddress this by adding a corresponding startup() callback, which resets the\r\nstale per CPU state and sets the online flag.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-57951"
},
{
"cve": "CVE-2024-57977",
"cwe": {
"id": "CWE-667",
"name": "Improper Locking"
},
"notes": [
{
"category": "summary",
"text": "memcg: A soft lockup vulnerability in the product with about 56,000 tasks were in the OOM cgroup, it was traversing them when the soft lockup was triggered.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-57977"
},
{
"cve": "CVE-2024-57979",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "pps: Fix a use-after-free",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-57979"
},
{
"cve": "CVE-2024-57981",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "usb: xhci: NULL pointer dereference on certain command aborts. If a command is queued to the final usable TRB of a ring segment, the enqueue pointer is advanced to the subsequent link TRB and no further. If the command is later aborted, when the abort completion is handled the dequeue pointer is advanced to the first TRB of the next segment. If no further commands are queued, xhci_handle_stopped_cmd_ring() sees the ring pointers unequal and assumes that there is a pending command, so it calls xhci_mod_cmd_timer() which crashes if cur_cmd was NULL.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-57981"
},
{
"cve": "CVE-2024-57986",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "HID: core: Fix assumption that Resolution Multipliers must be in Logical Collections",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-57986"
},
{
"cve": "CVE-2024-58005",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "tpm: Change to kvalloc() in eventlog/acpi.c.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-58005"
},
{
"cve": "CVE-2024-58009",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "Bluetooth: L2CAP: handle NULL sock pointer in l2cap_sock_alloc",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-58009"
},
{
"cve": "CVE-2024-58014",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy()",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.0,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-58014"
},
{
"cve": "CVE-2024-58016",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "safesetid: check size of policy writes",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-58016"
},
{
"cve": "CVE-2024-58017",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-58017"
},
{
"cve": "CVE-2024-58020",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "HID: multitouch: Add NULL check in mt_input_configured",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-58020"
},
{
"cve": "CVE-2024-58051",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "ipmi: ipmb: Add check devm_kasprintf() returned value",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-58051"
},
{
"cve": "CVE-2024-58058",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "ubifs: skip dumping tnc tree when zroot is null",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-58058"
},
{
"cve": "CVE-2024-58063",
"cwe": {
"id": "CWE-401",
"name": "Missing Release of Memory after Effective Lifetime"
},
"notes": [
{
"category": "summary",
"text": "wifi: rtlwifi: fix memory leaks and invalid access at probe error path",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-58063"
},
{
"cve": "CVE-2024-58071",
"cwe": {
"id": "CWE-667",
"name": "Improper Locking"
},
"notes": [
{
"category": "summary",
"text": "team: prevent adding a device which is already a team device lower",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-58071"
},
{
"cve": "CVE-2024-58072",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "wifi: rtlwifi: remove unused check_buddy_priv",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-58072"
},
{
"cve": "CVE-2024-58085",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "tomoyo: don\u0027t emit warning in tomoyo_write_control()",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-58085"
},
{
"cve": "CVE-2025-9230",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write. Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service for an application. The out-of-bounds write can cause a memory corruption which can have various consequences including a Denial of Service or Execution of attacker-supplied code. Although the consequences of a successful exploit of this vulnerability could be severe, the probability that the attacker would be able to perform it is low. Besides, password based (PWRI) encryption support in CMS messages is very rarely used. For that reason the issue was assessed as Moderate severity according to our Security Policy. The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue, as the CMS implementation is outside the OpenSSL FIPS module boundary.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2025-9230"
},
{
"cve": "CVE-2025-21638",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: sysctl: auth_enable: avoid using current-\u003ensproxy\n\nAs mentioned in a previous commit of this series, using the \u0027net\u0027\nstructure via \u0027current\u0027 is not recommended for different reasons:\n\n- Inconsistency: getting info from the reader\u0027s/writer\u0027s netns vs only\n from the opener\u0027s netns.\n\n- current-\u003ensproxy can be NULL in some cases, resulting in an \u0027Oops\u0027\n (null-ptr-deref), e.g. when the current task is exiting, as spotted by\n syzbot [1] using acct(2).\n\nThe \u0027net\u0027 structure can be obtained from the table-\u003edata using\ncontainer_of().\n\nNote that table-\u003edata could also be used directly, but that would\nincrease the size of this fix, while \u0027sctp.ctl_sock\u0027 still needs to be\nretrieved from \u0027net\u0027 structure.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2025-21638"
},
{
"cve": "CVE-2025-21639",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: sysctl: rto_min/max: avoid using current-\u003ensproxy\n\nAs mentioned in a previous commit of this series, using the \u0027net\u0027\nstructure via \u0027current\u0027 is not recommended for different reasons:\n\n- Inconsistency: getting info from the reader\u0027s/writer\u0027s netns vs only\n from the opener\u0027s netns.\n\n- current-\u003ensproxy can be NULL in some cases, resulting in an \u0027Oops\u0027\n (null-ptr-deref), e.g. when the current task is exiting, as spotted by\n syzbot [1] using acct(2).\n\nThe \u0027net\u0027 structure can be obtained from the table-\u003edata using\ncontainer_of().\n\nNote that table-\u003edata could also be used directly, as this is the only\nmember needed from the \u0027net\u0027 structure, but that would increase the size\nof this fix, to use \u0027*data\u0027 everywhere \u0027net-\u003esctp.rto_min/max\u0027 is used.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2025-21639"
},
{
"cve": "CVE-2025-21640",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: sysctl: cookie_hmac_alg: avoid using current-\u003ensproxy\n\nAs mentioned in a previous commit of this series, using the \u0027net\u0027\nstructure via \u0027current\u0027 is not recommended for different reasons:\n\n- Inconsistency: getting info from the reader\u0027s/writer\u0027s netns vs only\n from the opener\u0027s netns.\n\n- current-\u003ensproxy can be NULL in some cases, resulting in an \u0027Oops\u0027\n (null-ptr-deref), e.g. when the current task is exiting, as spotted by\n syzbot [1] using acct(2).\n\nThe \u0027net\u0027 structure can be obtained from the table-\u003edata using\ncontainer_of().\n\nNote that table-\u003edata could also be used directly, as this is the only\nmember needed from the \u0027net\u0027 structure, but that would increase the size\nof this fix, to use \u0027*data\u0027 everywhere \u0027net-\u003esctp.sctp_hmac_alg\u0027 is\nused.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2025-21640"
},
{
"cve": "CVE-2025-21647",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\nsched: sch_cake: add bounds checks to host bulk flow fairness counts",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2025-21647"
},
{
"cve": "CVE-2025-21648",
"cwe": {
"id": "CWE-789",
"name": "Memory Allocation with Excessive Size Value"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnetfilter: conntrack: clamp maximum hashtable size to INT_MAX\r\n\r\nUse INT_MAX as maximum size for the conntrack hashtable. Otherwise, it\r\nis possible to hit WARN_ON_ONCE in __kvmalloc_node_noprof() when\r\nresizing hashtable because __GFP_NOWARN is unset. See:\r\n\r\n 0708a0afe291 (\"mm: Consider __GFP_NOWARN flag for oversized kvmalloc() calls\")\r\n\r\nNote: hashtable resize is only possible from init_netns.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2025-21648"
},
{
"cve": "CVE-2025-21653",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "net_sched: cls_flow: validate TCA_FLOW_RSHIFT attribute",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2025-21653"
},
{
"cve": "CVE-2025-21664",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "dm thin: make get_first_thin use rcu-safe list first function",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2025-21664"
},
{
"cve": "CVE-2025-21666",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "vsock: prevent null-ptr-deref in vsock_has_data|has_space",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2025-21666"
},
{
"cve": "CVE-2025-21669",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "vsock/virtio: discard packets if the transport changes",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2025-21669"
},
{
"cve": "CVE-2025-21678",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "gtp: Destroy device along with udp socket\u0027s netns dismantle",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2025-21678"
},
{
"cve": "CVE-2025-21683",
"cwe": {
"id": "CWE-401",
"name": "Missing Release of Memory after Effective Lifetime"
},
"notes": [
{
"category": "summary",
"text": "bpf: Fix bpf_sk_select_reuseport() memory leak",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2025-21683"
},
{
"cve": "CVE-2025-21692",
"cwe": {
"id": "CWE-129",
"name": "Improper Validation of Array Index"
},
"notes": [
{
"category": "summary",
"text": "net: sched: fix ets qdisc OOB Indexing",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2025-21692"
},
{
"cve": "CVE-2025-21694",
"cwe": {
"id": "CWE-667",
"name": "Improper Locking"
},
"notes": [
{
"category": "summary",
"text": "fs/proc: softlockup in __read_vmcore",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2025-21694"
},
{
"cve": "CVE-2025-21704",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "usb: cdc-acm: Check control transfer buffer size before access",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2025-21704"
},
{
"cve": "CVE-2025-21711",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "net/rose: prevent integer overflows in rose_setsockopt()",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2025-21711"
},
{
"cve": "CVE-2025-21719",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "ipmr: do not call mr_mfc_uses_dev() for unres entries",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2025-21719"
},
{
"cve": "CVE-2025-21726",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "padata: avoid UAF for reorder_work",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2025-21726"
},
{
"cve": "CVE-2025-21727",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "padata: fix UAF in padata_reorder",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2025-21727"
},
{
"cve": "CVE-2025-21728",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "bpf: Send signals asynchronously if !preemptible BPF programs can execute in all kinds of contexts and when a program running in a non-preemptible context uses the bpf_send_signal() kfunc, it will cause issues because this kfunc can sleep.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2025-21728"
},
{
"cve": "CVE-2025-21735",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "NFC: nci: Add bounds checking in nci_hci_create_pipe()",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2025-21735"
},
{
"cve": "CVE-2025-21744",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "wifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize()",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2025-21744"
},
{
"cve": "CVE-2025-21745",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nblk-cgroup: Fix class @block_class\u0027s subsystem refcount leakage\r\n\r\nblkcg_fill_root_iostats() iterates over @block_class\u0027s devices by\r\nclass_dev_iter_(init|next)(), but does not end iterating with\r\nclass_dev_iter_exit(), so causes the class\u0027s subsystem refcount leakage.\r\n\r\nFix by ending the iterating with class_dev_iter_exit().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2025-21745"
},
{
"cve": "CVE-2025-21753",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "btrfs: fix use-after-free when attempting to join an aborted transaction",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2025-21753"
},
{
"cve": "CVE-2025-21756",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "vsock: Keep the binding until socket destruction Preserve sockets bindings; this includes both resulting from an explicit bind() and those implicitly bound through autobind during connect().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2025-21756"
},
{
"cve": "CVE-2025-21760",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "ndisc: extend RCU protection in ndisc_send_skb()",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2025-21760"
},
{
"cve": "CVE-2025-21761",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "openvswitch: use RCU protection in ovs_vport_cmd_fill_info()",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2025-21761"
},
{
"cve": "CVE-2025-21762",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: arp: use RCU protection in arp_xmit() arp_xmit() can be called without RTNL or RCU protection. Use RCU protection to avoid potential UAF.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2025-21762"
},
{
"cve": "CVE-2025-21763",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "neighbour: use RCU protection in __neigh_notify()",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2025-21763"
},
{
"cve": "CVE-2025-21764",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "ndisc: use RCU protection in ndisc_alloc_skb()",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2025-21764"
},
{
"cve": "CVE-2025-21765",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "ipv6: use RCU protection in ip6_default_advmss() ip6_default_advmss() needs rcu protection to make sure the net structure it reads does not disappear.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2025-21765"
},
{
"cve": "CVE-2025-21772",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "partitions: mac: fix handling of bogus partition table",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2025-21772"
},
{
"cve": "CVE-2025-21776",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "USB: hub: Ignore non-compliant devices with too many configs or interfaces. A test program can cause usb_hub_to_struct_hub() to dereference a NULL or inappropriate pointer.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2025-21776"
},
{
"cve": "CVE-2025-21787",
"cwe": {
"id": "CWE-908",
"name": "Use of Uninitialized Resource"
},
"notes": [
{
"category": "summary",
"text": "team: better TEAM_OPTION_TYPE_STRING validation",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2025-21787"
},
{
"cve": "CVE-2025-21795",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "NFSD: hang in nfsd4_shutdown_callback. If nfs4_client is in courtesy state then there is no point to send the callback. This causes nfsd4_shutdown_callback to hang since cl_cb_inflight is not 0. This hang lasts about 15 minutes until TCP notifies NFSD that the connection was dropped.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2025-21795"
},
{
"cve": "CVE-2025-21796",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "nfsd: clear acl_access/acl_default after releasing them If getting acl_default fails, acl_access and acl_default will be released simultaneously.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2025-21796"
},
{
"cve": "CVE-2025-21806",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "net: let net.core.dev_weight always be non-zero. The following problem was encountered during stability test: (NULL net_device).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2025-21806"
},
{
"cve": "CVE-2025-21814",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "ptp: Ensure info-\u003eenable callback is always set",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2025-21814"
},
{
"cve": "CVE-2025-21826",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "netfilter: nf_tables: reject mismatching sum of field_len with set key length. The field length description provides the length of each separated key field in the concatenation, each field gets rounded up to 32-bits to calculate the pipapo rule width from pipapo_init(). The set key length provides the total size of the key aligned to 32-bits. Register-based arithmetics still allows for combining mismatching set key length and field length description, eg. set key length 10 and field description [ 5, 4 ] leading to pipapo width of 12.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2025-21826"
},
{
"cve": "CVE-2025-21835",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "usb: gadget: f_midi: fix MIDI Streaming descriptor lengths",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2025-21835"
},
{
"cve": "CVE-2025-21844",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "smb: client: Add check for next_buffer in receive_encrypted_standard()",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2025-21844"
},
{
"cve": "CVE-2025-21846",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "acct: perform last write from workqueue",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2025-21846"
},
{
"cve": "CVE-2025-21858",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "geneve: Fix use-after-free in geneve_find_dev()",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2025-21858"
},
{
"cve": "CVE-2025-21859",
"cwe": {
"id": "CWE-667",
"name": "Improper Locking"
},
"notes": [
{
"category": "summary",
"text": "USB: gadget: f_midi: f_midi_complete to call queue_work",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2025-21859"
},
{
"cve": "CVE-2025-21862",
"cwe": {
"id": "CWE-908",
"name": "Use of Uninitialized Resource"
},
"notes": [
{
"category": "summary",
"text": "drop_monitor: incorrect initialization order. If drop_monitor is built as a kernel module, syzkaller may have time to send a netlink NET_DM_CMD_START message during the module loading. This will call the net_dm_monitor_start() function that uses a spinlock that has not yet been initialized.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2025-21862"
},
{
"cve": "CVE-2025-21865",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl(). Commit eb28fd76c0a0 (\"gtp: Destroy device along with udp socket\u0027s netns dismantle.\") added the for_each_netdev() loop in gtp_net_exit_batch_rtnl() to destroy devices in each netns as done in geneve and ip tunnels. However, this could trigger -\u003edellink() twice for the same device during -\u003eexit_batch_rtnl().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2025-21865"
}
]
}
SSA-355557
Vulnerability from csaf_siemens - Published: 2025-08-12 00:00 - Updated: 2025-08-12 00:00Summary
SSA-355557: Multiple Vulnerabilities in Third-Party Components in SINEC OS before V3.2
Notes
Summary
SINEC OS before V3.2 contains third-party components with multiple vulnerabilities.
Siemens has released new versions for the affected products and recommends to update to the latest versions.
General Recommendations
As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download:
https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.
Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity
Additional Resources
For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Terms of Use
The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited. (TLPv2: TLP:CLEAR)",
"tlp": {
"label": "WHITE"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "SINEC OS before V3.2 contains third-party components with multiple vulnerabilities.\n\nSiemens has released new versions for the affected products and recommends to update to the latest versions.",
"title": "Summary"
},
{
"category": "general",
"text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: \nhttps://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
"title": "General Recommendations"
},
{
"category": "general",
"text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "productcert@siemens.com",
"name": "Siemens ProductCERT",
"namespace": "https://www.siemens.com"
},
"references": [
{
"category": "self",
"summary": "SSA-355557: Multiple Vulnerabilities in Third-Party Components in SINEC OS before V3.2 - HTML Version",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-355557.html"
},
{
"category": "self",
"summary": "SSA-355557: Multiple Vulnerabilities in Third-Party Components in SINEC OS before V3.2 - CSAF Version",
"url": "https://cert-portal.siemens.com/productcert/csaf/ssa-355557.json"
}
],
"title": "SSA-355557: Multiple Vulnerabilities in Third-Party Components in SINEC OS before V3.2",
"tracking": {
"current_release_date": "2025-08-12T00:00:00Z",
"generator": {
"engine": {
"name": "Siemens ProductCERT CSAF Generator",
"version": "1"
}
},
"id": "SSA-355557",
"initial_release_date": "2025-08-12T00:00:00Z",
"revision_history": [
{
"date": "2025-08-12T00:00:00Z",
"legacy_version": "1.0",
"number": "1",
"summary": "Publication Date"
}
],
"status": "interim",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003c3.2",
"product": {
"name": "RUGGEDCOM RST2428P (6GK6242-6PA00)",
"product_id": "1",
"product_identification_helper": {
"model_numbers": [
"6GK6242-6PA00"
]
}
}
}
],
"category": "product_name",
"name": "RUGGEDCOM RST2428P (6GK6242-6PA00)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003c3.2",
"product": {
"name": "SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family",
"product_id": "2"
}
}
],
"category": "product_name",
"name": "SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003c3.2",
"product": {
"name": "SCALANCE XCM-/XRM-/XCH-/XRH-300 family",
"product_id": "3"
}
}
],
"category": "product_name",
"name": "SCALANCE XCM-/XRM-/XCH-/XRH-300 family"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-47316",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "nfsd: NULL dereference in nfs3svc_encode_getaclres.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2021-47316"
},
{
"cve": "CVE-2022-48666",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "scsi: core: use-after-free vulnerability.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2022-48666"
},
{
"cve": "CVE-2022-48827",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "NFSD: vulnerability caused by loff_t overflow on the server when a client reads near the maximum offset, causing the server to return an EINVAL error, which the client retries indefinitely, instead of handling out-of-range READ requests by returning a short result with an EOF flag.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2022-48827"
},
{
"cve": "CVE-2022-48828",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "NFSD: Vulnerability caused by an underflow in ia_size due to a mismatch between signed and unsigned 64-bit file size values, which can cause issues when handling large file sizes from NFS clients.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2022-48828"
},
{
"cve": "CVE-2022-48829",
"cwe": {
"id": "CWE-253",
"name": "Incorrect Check of Function Return Value"
},
"notes": [
{
"category": "summary",
"text": "NFSD: Vulnerability handling large file sizes for NFSv3 improperly capping client size values larger than s64_max, leading to unexpected behavior and potential data corruption.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2022-48829"
},
{
"cve": "CVE-2022-49034",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "sh: cpuinfo: warning for CONFIG_CPUMASK_OFFSTACK. When CONFIG_CPUMASK_OFFSTACK and CONFIG_DEBUG_PER_CPU_MAPS are selected, cpu_max_bits_warn() generates a runtime warning when showing /proc/cpuinfo.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2022-49034"
},
{
"cve": "CVE-2023-52887",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "net: can: j1939: vulnerability related to error handling for closely received RTS messages in xtp_rx_rts_session_new, which is addressed by replacing less informative backtraces with a new method that provides clearer error messages and allows for early termination of problematic sessions.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2023-52887"
},
{
"cve": "CVE-2023-52917",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "ntb: intel: Fix the NULL vs IS_ERR() bug for debugfs_create_dir(). The debugfs_create_dir() function returns error pointers. It never returns NULL. So use IS_ERR() to check it.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2023-52917"
},
{
"cve": "CVE-2024-9681",
"cwe": {
"id": "CWE-697",
"name": "Incorrect Comparison"
},
"notes": [
{
"category": "summary",
"text": "When curl is asked to use HSTS, the expiry time for a subdomain might\r\noverwrite a parent domain\u0027s cache entry, making it end sooner or later than\r\notherwise intended.\r\n\r\nThis affects curl using applications that enable HSTS and use URLs with the\r\ninsecure `HTTP://` scheme and perform transfers with hosts like\r\n`x.example.com` as well as `example.com` where the first host is a subdomain\r\nof the second host.\r\n\r\n(The HSTS cache either needs to have been populated manually or there needs to\r\nhave been previous HTTPS accesses done as the cache needs to have entries for\r\nthe domains involved to trigger this problem.)\r\n\r\nWhen `x.example.com` responds with `Strict-Transport-Security:` headers, this\r\nbug can make the subdomain\u0027s expiry timeout *bleed over* and get set for the\r\nparent domain `example.com` in curl\u0027s HSTS cache.\r\n\r\nThe result of a triggered bug is that HTTP accesses to `example.com` get\r\nconverted to HTTPS for a different period of time than what was asked for by\r\nthe origin server. If `example.com` for example stops supporting HTTPS at its\r\nexpiry time, curl might then fail to access `http://example.com` until the\r\n(wrongly set) timeout expires. This bug can also expire the parent\u0027s entry\r\n*earlier*, thus making curl inadvertently switch back to insecure HTTP earlier\r\nthan otherwise intended.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-9681"
},
{
"cve": "CVE-2024-36484",
"cwe": {
"id": "CWE-99",
"name": "Improper Control of Resource Identifiers (\u0027Resource Injection\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: net: relax socket state check at accept time.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-36484"
},
{
"cve": "CVE-2024-36894",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-36894"
},
{
"cve": "CVE-2024-36901",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "ipv6: prevent NULL dereference in ip6_output() According to syzbot, there is a chance that ip6_dst_idev() returns NULL in ip6_output().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-36901"
},
{
"cve": "CVE-2024-36938",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "Denial of Service Vulnerability in the Linux Kernel: bpf, skmsg: Fix NULL pointer dereference in sk_psock_skb_ingress_enqueue Fix NULL pointer data-races in sk_psock_skb_ingress_enqueue() which syzbot reported.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-36938"
},
{
"cve": "CVE-2024-36974",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP. If one TCA_TAPRIO_ATTR_PRIOMAP attribute has been provided, taprio_parse_mqprio_opt() must validate it, or userspace can inject arbitrary data to the kernel, the second time taprio_change() is called. First call (with valid attributes) sets dev-\u003enum_tc to a non zero value. Second call (with arbitrary mqprio attributes) returns early from taprio_parse_mqprio_opt() and bad things can happen.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-36974"
},
{
"cve": "CVE-2024-36978",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "net: sched: sch_multiq: possible OOB write in multiq_tune() q-\u003ebands will be assigned to qopt-\u003ebands to execute subsequent code logic after kmalloc. So the old q-\u003ebands should not be used in kmalloc. Otherwise, an out-of-bounds write will occur.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-36978"
},
{
"cve": "CVE-2024-37078",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "nilfs2: kernel vulnerability due to lack of writeback flag waiting. When the log writer starts a writeback for segment summary blocks or a super root block that use the backing devices page cache, it does not wait for the ongoing folio/page writeback, resulting in an inconsistent writeback state.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-37078"
},
{
"cve": "CVE-2024-38586",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "r8169: possible ring buffer corruption on fragmented Tx packets. Vulnerability on the RTL8125b when transmitting small fragmented packets, whereby invalid entries were inserted into the transmit ring buffer, subsequently leading to calls to dma_unmap_single() with a null address. This was caused by rtl8169_start_xmit() not noticing changes to nr_frags which may occur when small packets are padded (to work around hardware quirks) in rtl8169_tso_csum_v2().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-38586"
},
{
"cve": "CVE-2024-38619",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "usb-storage: alauda: Check whether the media is initialized. The member \"uzonesize\" of struct alauda_info will remain 0 if alauda_init_media() fails, potentially causing divide errors in alauda_read_data() and alauda_write_lba().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-38619"
},
{
"cve": "CVE-2024-39468",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "smb: client: Deadlock in smb2_find_smb_tcon().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-39468"
},
{
"cve": "CVE-2024-39469",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix nilfs_empty_dir() misjudgment and long loop on I/O errors The error handling in nilfs_empty_dir() when a directory folio/page read fails is incorrect, as in the old ext2 implementation, and if the folio/page cannot be read or nilfs_check_folio() fails, it will falsely determine the directory as empty and corrupt the file system. In addition, since nilfs_empty_dir() does not immediately return on a failed folio/page read, but continues to loop, this can cause a long loop with I/O if i_size of the directory\u0027s inode is also corrupted, causing the log writer thread to wait and hang, as reported by syzbot. Fix these issues by making nilfs_empty_dir() immediately return a false value (0) if it fails to get a directory folio/page.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-39469"
},
{
"cve": "CVE-2024-39482",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "bcache: Variable length array abuse in btree_iter.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-39482"
},
{
"cve": "CVE-2024-39484",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "summary",
"text": "mmc: davinci: Vulnerability from resource leaks. Using __exit for the remove function results in the remove callback being discarded with CONFIG_MMC_DAVINCI=y. When such a device gets unbound (e.g. using sysfs or hotplug), the driver is just removed without the cleanup being performed.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-39484"
},
{
"cve": "CVE-2024-39487",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-39487"
},
{
"cve": "CVE-2024-39495",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "greybus: use-after-free vulnerability in gb_interface_release due to race condition.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-39495"
},
{
"cve": "CVE-2024-39499",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "summary",
"text": "vmci: speculation leaks by sanitizing event in event_deliver(). event_msg is controlled by user-space, event_msg-\u003eevent_data.event is passed to event_deliver() and used as an index without sanitization, leading to information leaks.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-39499"
},
{
"cve": "CVE-2024-39501",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "drivers: core: synchronize really_probe() and dev_uevent(). Synchronize the dev-\u003edriver usage in really_probe() and dev_uevent(). These can run in different threads, what can result in the following race condition for dev-\u003edriver uninitialization.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-39501"
},
{
"cve": "CVE-2024-39502",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "ionic: use after netif_napi_del(). When queues are started, netif_napi_add() and napi_enable() are called. If there are 4 queues and only 3 queues are used for the current configuration, only 3 queues\u0027 napi should be registered and enabled. The ionic_qcq_enable() checks whether the .poll pointer is not NULL for enabling only the using queue\u0027 napi. Unused queues\u0027 napi will not be registered by netif_napi_add(), so the .poll pointer indicates NULL. But it couldn\u0027t distinguish whether the napi was unregistered or not because netif_napi_del() doesn\u0027t reset the .poll pointer to NULL. So, ionic_qcq_enable() calls napi_enable() for the queue, which was unregistered by netif_napi_del().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-39502"
},
{
"cve": "CVE-2024-39503",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "netfilter: ipset: race between namespace cleanup and gc in the list:set type. The namespace cleanup can destroy the list:set type of sets while the gc of the set type is waiting to run in rcu cleanup. The latter uses data from the destroyed set which thus leads use after free.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-39503"
},
{
"cve": "CVE-2024-39505",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "drm/komeda: check for error-valued pointer. komeda_pipeline_get_state() may return an error-valued pointer, thus check the pointer for negative or null value before dereferencing.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-39505"
},
{
"cve": "CVE-2024-39506",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "liquidio: Adjust a NULL pointer handling path in lio_vf_rep_copy_packet. In lio_vf_rep_copy_packet() pg_info-\u003epage is compared to a NULL value, but then it is unconditionally passed to skb_add_rx_frag(), which could lead to null pointer dereference.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-39506"
},
{
"cve": "CVE-2024-39509",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "HID: core: remove unnecessary WARN_ON() in implement(). There is a warning in a call to implement() when trying to write a value into a field of smaller size in an output report. Since implement() already has a warn message printed out with the help of hid_warn() and value in question gets trimmed with: ... value \u0026= m; ... WARN_ON may be considered superfluous.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-39509"
},
{
"cve": "CVE-2024-40901",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated memory.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-40901"
},
{
"cve": "CVE-2024-40902",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"notes": [
{
"category": "summary",
"text": "jfs: xattr: buffer overflow for invalid xattr. When an xattr size is not what is expected, it is printed out to the kernel log in hex format as a form of debugging. But when that xattr size is bigger than the expected size, printing it out can cause an access off the end of the buffer.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-40902"
},
{
"cve": "CVE-2024-40904",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "USB: class: cdc-wdm: CPU lockup caused by excessive log messages.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-40904"
},
{
"cve": "CVE-2024-40905",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "ipv6: possible race in __fib6_drop_pcpu_from().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-40905"
},
{
"cve": "CVE-2024-40912",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "wifi: mac80211: deadlock in ieee80211_sta_ps_deliver_wakeup().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-40912"
},
{
"cve": "CVE-2024-40916",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "drm/exynos: hdmi: report safe 640x480 mode as a fallback when no EDID found When reading EDID fails and driver reports no modes available, the DRM core adds an artificial 1024x786 mode to the connector.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-40916"
},
{
"cve": "CVE-2024-40929",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "wifi: iwlwifi: mvm: check n_ssids before accessing the ssids.In some versions of cfg80211, the ssids poinet might be a valid one even though n_ssids is 0. Accessing the pointer in this case will cuase an out-of-bound access.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-40929"
},
{
"cve": "CVE-2024-40931",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "mptcp: ensure snd_una is properly initialized on connect.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-40931"
},
{
"cve": "CVE-2024-40932",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "drm/exynos/vidi: memory leak in .get_modes().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-40932"
},
{
"cve": "CVE-2024-40934",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"notes": [
{
"category": "summary",
"text": "HID: logitech-dj: Fix memory leak in logi_dj_recv_switch_to_dj_mode() Fix a memory leak on logi_dj_recv_send_report() error path.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-40934"
},
{
"cve": "CVE-2024-40941",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "wifi: iwlwifi: mvm: don\u0027t read past the mfuart notifcation. In case the firmware sends a notification that claims it has more data than it has, it will read past that was allocated for the notification.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-40941"
},
{
"cve": "CVE-2024-40942",
"cwe": {
"id": "CWE-402",
"name": "Transmission of Private Resources into a New Sphere (\u0027Resource Leak\u0027)"
},
"notes": [
{
"category": "summary",
"text": "wifi: mac80211: mesh: Fix leak of mesh_preq_queue objects The hwmp code use objects of type mesh_preq_queue, added to a list in ieee80211_if_mesh, to keep track of mpath we need to resolve. If the mpath gets deleted, ex mesh interface is removed, the entries in that list will never get cleaned.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-40942"
},
{
"cve": "CVE-2024-40943",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "summary",
"text": "ocfs2: fix races between hole punching and AIO+DIO.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-40943"
},
{
"cve": "CVE-2024-40945",
"cwe": {
"id": "CWE-393",
"name": "Return of Wrong Status Code"
},
"notes": [
{
"category": "summary",
"text": "iommu: Return right value in iommu_sva_bind_device() iommu_sva_bind_device() should return either a sva bond handle or an ERR_PTR value in error cases. Existing drivers (idxd and uacce) only check the return value with IS_ERR(). This could potentially lead to a kernel NULL pointer dereference issue if the function returns NULL instead of an error pointer. In reality, this doesn\u0027t cause any problems because iommu_sva_bind_device() only returns NULL when the kernel is not configured with CONFIG_IOMMU_SVA.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-40945"
},
{
"cve": "CVE-2024-40947",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "ima: Avoid blocking in RCU read-side critical section, a panic happens in ima_match_policy.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-40947"
},
{
"cve": "CVE-2024-40958",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "netns: Make get_net_ns() handle zero refcount net Syzkaller hit a warning: refcount_t: addition on 0; use-after-free.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.0,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-40958"
},
{
"cve": "CVE-2024-40959",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-40959"
},
{
"cve": "CVE-2024-40960",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "ipv6: prevent possible NULL dereference in rt6_probe() syzbot caught a NULL dereference in rt6_probe() [1] Bail out if __in6_dev_get() returns NULL.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-40960"
},
{
"cve": "CVE-2024-40961",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "ipv6: prevent possible NULL deref in fib6_nh_init() syzbot reminds us that in6_dev_get() can return NULL.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-40961"
},
{
"cve": "CVE-2024-40963",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "mips: bmips: BCM6358: Some device have CBR address set to 0 causing kernel panic when arch_sync_dma_for_cpu_all is called.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-40963"
},
{
"cve": "CVE-2024-40968",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "MIPS:The standard PCIe configuration read-write interface is used to access the configuration space of the peripheral PCIe devices of the mips processor after the PCIe link surprise down, it can generate kernel panic caused by \"Data bus error\".",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-40968"
},
{
"cve": "CVE-2024-40971",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "f2fs: remove clear SB_INLINECRYPT flag in default_options In f2fs_remount, SB_INLINECRYPT flag will be clear and re-set. If create new file or open file during this gap, these files will not use inlinecrypt. Worse case, it may lead to data corruption if wrappedkey_v0 is enable.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.0,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-40971"
},
{
"cve": "CVE-2024-40974",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "powerpc/pseries: stack corruption at runtime when plpar_hcall9() stores results past the end of the array.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-40974"
},
{
"cve": "CVE-2024-40976",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "drm/lima: There is a race condition in which a rendering job might take just long enough to trigger the drm sched job timeout handler but also still complete before the hard reset is done by the timeout handler. This runs into race conditions not expected by the timeout handler. In some very specific cases it currently may result in a refcount imbalance on lima_pm_idle, with a stack dump.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-40976"
},
{
"cve": "CVE-2024-40978",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "scsi: qedi: crash while reading debugfs attribute. The qedi_dbg_do_not_recover_cmd_read() function invokes sprintf() directly on a __user pointer, which results into the crash.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-40978"
},
{
"cve": "CVE-2024-40980",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "drop_monitor: replace spin_lock by raw_spin_lock trace_drop_common() is called with preemption disabled, and it acquires a spin_lock. This is problematic for RT kernels because spin_locks are sleeping locks in this configuration, which causes the following splat.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-40980"
},
{
"cve": "CVE-2024-40981",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "batman-adv: empty buckets in batadv_purge_orig_ref() are pointing to soft lockups in batadv_purge_orig_ref().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-40981"
},
{
"cve": "CVE-2024-40983",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "tipc: possible crash before doing decryption.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-40983"
},
{
"cve": "CVE-2024-40984",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "ACPICA: Revert \"ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine.\"",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-40984"
},
{
"cve": "CVE-2024-40987",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "drm/amdgpu: UBSAN warning in kv_dpm.c.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-40987"
},
{
"cve": "CVE-2024-40988",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "drm/radeon: UBSAN warning in kv_dpm.c.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-40988"
},
{
"cve": "CVE-2024-40990",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "ptp: integer overflow in max_vclocks_store.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-40990"
},
{
"cve": "CVE-2024-40995",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "net/sched: act_api: possible infinite loop in tcf_idr_check_alloc().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-40995"
},
{
"cve": "CVE-2024-41000",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "block/ioctl: prefer different overflow check Running syzkaller with the newly reintroduced signed integer overflow sanitizer.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-41000"
},
{
"cve": "CVE-2024-41004",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "tracing: Build event generation tests only as modules The kprobes and synth event generation test modules add events and lock (get a reference) those event file reference in module init function, and unlock and delete it in module exit function. This is because those are designed for playing as modules. If we make those modules as built-in, those events are left locked in the kernel, and never be removed.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-41004"
},
{
"cve": "CVE-2024-41005",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "summary",
"text": "netpoll: race condition in netpoll_owner_active KCSAN detected a race condition in netpoll.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-41005"
},
{
"cve": "CVE-2024-41006",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"notes": [
{
"category": "summary",
"text": "netrom: a memory leak in nr_heartbeat_expiry().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-41006"
},
{
"cve": "CVE-2024-41007",
"cwe": {
"id": "CWE-99",
"name": "Improper Control of Resource Identifiers (\u0027Resource Injection\u0027)"
},
"notes": [
{
"category": "summary",
"text": "tcp: avoid too many retransmit packets If a TCP socket is using TCP_USER_TIMEOUT.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-41007"
},
{
"cve": "CVE-2024-41009",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "summary",
"text": "bpf: Fix overrunning reservations in ringbuf.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-41009"
},
{
"cve": "CVE-2024-41012",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "filelock: Remove locks reliably when fcntl/close race is detected When fcntl_setlk() races with close(), it removes the created lock with do_lock_file_wait().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-41012"
},
{
"cve": "CVE-2024-41015",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "ocfs2: add bounds checking to ocfs2_check_dir_entry(). This adds sanity checks for ocfs2_dir_entry to make sure all members of ocfs2_dir_entry don\u0027t stray beyond valid memory region.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-41015"
},
{
"cve": "CVE-2024-41017",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "jfs: vulnerability involves the risk of accessing memory beyond the end of ealist, which can lead to undefined behavior or crashes.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-41017"
},
{
"cve": "CVE-2024-41020",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "filelock: race condition vulnerability between fcntl and close operations, which can lead to issues in the recovery compatibility path.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-41020"
},
{
"cve": "CVE-2024-41022",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "drm/amdgpu: vulnerability involves a signedness problem in sdma_v4_0_process_trap_irq(), which can lead to incorrect handling of values and potential errors.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-41022"
},
{
"cve": "CVE-2024-41034",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "nilfs2: kernel bug on rename operation of broken directory.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-41034"
},
{
"cve": "CVE-2024-41035",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "USB: core: duplicate endpoint bug.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-41035"
},
{
"cve": "CVE-2024-41040",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "net/sched: UAF when resolving a clash.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-41040"
},
{
"cve": "CVE-2024-41041",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "udp: small race window.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-41041"
},
{
"cve": "CVE-2024-41044",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "ppp: claimed-as-LCP but actually malformed packets.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-41044"
},
{
"cve": "CVE-2024-41046",
"cwe": {
"id": "CWE-415",
"name": "Double Free"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: net: ethernet: lantiq_etop: fix double free in detach The number of the currently released descriptor is never incremented which results in the same skb being released multiple times.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-41046"
},
{
"cve": "CVE-2024-41049",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: filelock: fix potential use-after-free in posix_lock_inode Light Hsieh reported a KASAN UAF warning in trace_posix_lock_inode(). The request pointer had been changed earlier to point to a lock entry that was added to the inode\u0027s list. However, before the tracepoint could fire, another task raced in and freed that lock. Fix this by moving the tracepoint inside the spinlock, which should ensure that this doesn\u0027t happen.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-41049"
},
{
"cve": "CVE-2024-41055",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: mm: prevent derefencing NULL ptr in pfn_section_valid() Commit 5ec8e8ea8b77 (\"mm/sparsemem: fix race in accessing memory_section-\u003eusage\") changed pfn_section_valid() to add a READ_ONCE() call around \"ms-\u003eusage\" to fix a race with section_deactivate() where ms-\u003eusage can be cleared. The READ_ONCE() call, by itself, is not enough to prevent NULL pointer dereference. We need to check its value before dereferencing it.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-41055"
},
{
"cve": "CVE-2024-41059",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "hfsplus: uninit-value in copy_name.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-41059"
},
{
"cve": "CVE-2024-41063",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "Bluetooth: hci_core: deadlock at destroy_workqueue().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-41063"
},
{
"cve": "CVE-2024-41064",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "powerpc/eeh: possible crash when edev-\u003epdev changes.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-41064"
},
{
"cve": "CVE-2024-41065",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "powerpc/pseries: Reading the dispatch trace log from /sys/kernel/debug/powerpc/dtl/cpu-* results in a BUG().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-41065"
},
{
"cve": "CVE-2024-41068",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "s390/sclp: sclp_init() failure.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-41068"
},
{
"cve": "CVE-2024-41070",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "KVM: PPC: Book3S HV: UAF in kvm_spapr_tce_attach_iommu_group().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-41070"
},
{
"cve": "CVE-2024-41072",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: wext: add extra SIOCSIWSCAN data check In \u0027cfg80211_wext_siwscan()\u0027, add extra check whether number of channels passed via \u0027ioctl(sock, SIOCSIWSCAN, ...)\u0027 doesn\u0027t exceed IW_MAX_FREQUENCIES and reject invalid request with -EINVAL otherwise.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-41072"
},
{
"cve": "CVE-2024-41077",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "null_blk: validation error on block size.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-41077"
},
{
"cve": "CVE-2024-41078",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "btrfs: qgroup: quota root leak after quota disable failure.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-41078"
},
{
"cve": "CVE-2024-41081",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "ila: block BH in ila_output().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-41081"
},
{
"cve": "CVE-2024-41087",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "ata: libata-core: double free on error.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-41087"
},
{
"cve": "CVE-2024-41089",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "drm/nouveau/dispnv04: null pointer dereference in nv17_tv_get_hd_modes.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-41089"
},
{
"cve": "CVE-2024-41090",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "tap: add missing verification for short frame. Missing to check against the validity of the frame length in the tap_get_user_xdp() path, which could cause a corrupted skb to be sent downstack. Even before the skb is transmitted, the tap_get_user_xdp()--\u003eskb_set_network_header() may assume the size is more than ETH_HLEN. Once transmitted, this could either cause out-of-bound access beyond the actual length, or confuse the underlayer with incorrect or inconsistent header length in the skb metadata.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-41090"
},
{
"cve": "CVE-2024-41091",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "tun: add missing verification for short frame. Missing to check against the validity of the frame length in the tun_xdp_one() path could cause a corrupted skb to be sent downstack. Even before the skb is transmitted, the tun_xdp_one--\u003eeth_type_trans() may access the Ethernet header although it can be less than ETH_HLEN. Once transmitted, this could either causeout-of-bound access beyond the actual length, or confuse the underlayer with incorrect or inconsistent header length in the skb metadata.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-41091"
},
{
"cve": "CVE-2024-41092",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "drm/i915/gt: potential UAF by revoke of fence registers.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-41092"
},
{
"cve": "CVE-2024-41095",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "drm/nouveau/dispnv04: null pointer dereference in nv17_tv_get_ld_modes.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-41095"
},
{
"cve": "CVE-2024-41097",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "usb: atm: cxacru: incomplete endpoint checking in cxacru_bind().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-41097"
},
{
"cve": "CVE-2024-42076",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "net: can: j1939: unused data in j1939_send_one().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-42076"
},
{
"cve": "CVE-2024-42077",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "ocfs2: DIO failure due to insufficient transaction credits.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-42077"
},
{
"cve": "CVE-2024-42082",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "summary",
"text": "xdp: unused WARN() in __xdp_reg_mem_model().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-42082"
},
{
"cve": "CVE-2024-42084",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "ftruncate: passing a negative length accidentally succeeds in truncating to file size between 2GiB and 4GiB.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-42084"
},
{
"cve": "CVE-2024-42086",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "iio: chemical: bme680: overflows in compensate() functions.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-42086"
},
{
"cve": "CVE-2024-42087",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "drm/panel: ilitek-ili9881c: warning with GPIO controllers.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-42087"
},
{
"cve": "CVE-2024-42092",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "gpio: davinci: There can be out of chips-\u003eirqs array boundaries access in davinci_gpio_probe().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-42092"
},
{
"cve": "CVE-2024-42093",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "net/dpaa2: explicit cpumask var allocation on stack For CONFIG_CPUMASK_OFFSTACK=y kernel, explicit allocation of cpumask variable on stack can cause potential stack overflow.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-42093"
},
{
"cve": "CVE-2024-42094",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "net/iucv: explicit cpumask var allocation on stack For CONFIG_CPUMASK_OFFSTACK=y kernel, explicit allocation of cpumask variable on stack can cause potential stack overflow.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-42094"
},
{
"cve": "CVE-2024-42095",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "serial: 8250_omap: Erroneous timeout can be triggered, and it may lead to storm of interrupts.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-42095"
},
{
"cve": "CVE-2024-42101",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "drm/nouveau: null pointer dereference in nouveau_connector_get_modes.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-42101"
},
{
"cve": "CVE-2024-42105",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "nilfs2: use-after-free.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-42105"
},
{
"cve": "CVE-2024-42143",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "orangefs: out-of-bounds fsid access.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-42143"
},
{
"cve": "CVE-2024-42145",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "IB/core: an unbounded UMAD receive list, poses a risk of uncontrolled growth.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-42145"
},
{
"cve": "CVE-2024-42148",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "bnx2x: multiple UBSAN array-index-out-of-bounds.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-42148"
},
{
"cve": "CVE-2024-42152",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "nvmet: possible leak when destroy a ctrl during qp establishment.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-42152"
},
{
"cve": "CVE-2024-42153",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "i2c: pnx: potential deadlock warning from del_timer_sync() call in isr.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-42153"
},
{
"cve": "CVE-2024-42154",
"cwe": {
"id": "CWE-805",
"name": "Buffer Access with Incorrect Length Value"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: tcp_metrics: validate source addr length I don\u0027t see anything checking that TCP_METRICS_ATTR_SADDR_IPV4 is at least 4 bytes long, and the policy doesn\u0027t have an entry for this attribute at all (neither does it for IPv6 but v6 is manually validated).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-42154"
},
{
"cve": "CVE-2024-42161",
"cwe": {
"id": "CWE-457",
"name": "Use of Uninitialized Variable"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: bpf: Avoid uninitialized value in BPF_CORE_READ_BITFIELD.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-42161"
},
{
"cve": "CVE-2024-42223",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "media: dvb-frontends: tda10048: integer overflow state-\u003extal_hz can be up to 16M, so it can overflow a 32 bit integer when multiplied by pll_mfactor.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-42223"
},
{
"cve": "CVE-2024-42224",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "net: dsa: mv88e6xxx: wrong check on empty list.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-42224"
},
{
"cve": "CVE-2024-42229",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "crypto: aead,cipher - key buffer after use not zeroized.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-42229"
},
{
"cve": "CVE-2024-42232",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "summary",
"text": "libceph: fix race between delayed_work() and ceph_monc_stop() The way the delayed work is handled in ceph_monc_stop() is prone to races with mon_fault() and possibly also finish_hunting(). Both of these can requeue the delayed work which wouldn\u0027t be canceled by any of the following code in case that happens after cancel_delayed_work_sync() runs -- __close_session() doesn\u0027t mess with the delayed work in order to avoid interfering with the hunting interval logic. This part was missed in(libceph: behave in mon_fault() if cur_mon \u003c \") and use-after-free can still ensue on monc and objects that hang off of it, with monc-\u003e auth and monc-\u003emonmap being particularly susceptible to quickly being reused.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-42232"
},
{
"cve": "CVE-2024-42236",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "usb: gadget: configfs: OOB read/write in usb_string_copy().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-42236"
},
{
"cve": "CVE-2024-42244",
"cwe": {
"id": "CWE-99",
"name": "Improper Control of Resource Identifiers (\u0027Resource Injection\u0027)"
},
"notes": [
{
"category": "summary",
"text": "USB: serial: mos7840: fix crash on resume Since(\"USB: serial: use generic method if no alternative is provided in usb serial layer\"), USB serial core calls the generic resume implementation when the driver has not provided one. This can trigger a crash on resume with mos7840 since support for multiple read URBs was added back in 2011. Specifically, both port read URBs are now submitted on resume for open ports, but the context pointer of the second URB is left set to the core rather than mos7840 port structure.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-42244"
},
{
"cve": "CVE-2024-42247",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "wireguard: allowedips: unaligned 64-bit memory accesses.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-42247"
},
{
"cve": "CVE-2024-43098",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "i3c: Use i3cdev-\u003edesc-\u003einfo instead of calling i3c_device_get_info() to avoid deadlock. A deadlock may happen since the i3c_master_register() acquires i3cbus-\u003elock twice.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-43098"
},
{
"cve": "CVE-2024-43861",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "net: usb: qmi_wwan: memory leak for not ip packets.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-43861"
},
{
"cve": "CVE-2024-43867",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "drm/nouveau: prime: refcount underflow.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-43867"
},
{
"cve": "CVE-2024-43871",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: devres: Fix memory leakage caused by driver API devm_free_percpu() It will cause memory leakage when use driver API devm_free_percpu() to free memory allocated by devm_alloc_percpu(), fixed by using devres_release() instead of devres_destroy() within devm_free_percpu().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-43871"
},
{
"cve": "CVE-2024-43879",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "wifi: cfg80211: Currently NL80211_RATE_INFO_HE_RU_ALLOC_2x996 is not handled in cfg80211_calculate_bitrate_he(), leading to warning.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-43879"
},
{
"cve": "CVE-2024-43880",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "mlxsw: spectrum_acl_erp: object nesting warning.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-43880"
},
{
"cve": "CVE-2024-43882",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "exec: the execution may gain unintended privileges.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-43882"
},
{
"cve": "CVE-2024-43883",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "usb: vhci-hcd: vulnerability due to the vhci-hcd driver dropping references before new ones were gained, potentially leading to the use of stale pointers.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-43883"
},
{
"cve": "CVE-2024-43889",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "padata: vulnerability due to a possible divide-by-zero error in padata_mt_helper() during bootup, caused by an uninitialized chunk_size being zero.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-43889"
},
{
"cve": "CVE-2024-43890",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "tracing: vulnerability due to an overflow in get_free_elt(), which could lead to infinite loops and CPU hangs when the tracing map becomes full.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-43890"
},
{
"cve": "CVE-2024-43893",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "serial: core: vulnerability due to a missing check for uartclk being zero, leading to a potential divide-by-zero error when calling ioctl TIOCSSERIAL with an invalid baud_base.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-43893"
},
{
"cve": "CVE-2024-43894",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "drm/client: vulnerability due to a potential null pointer dereference in drm_client_modeset_probe() when drm_mode_duplicate() fails, which was fixed by adding a check.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-43894"
},
{
"cve": "CVE-2024-43907",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "drm/amdgpu/pm: null pointer dereference in apply_state_adjust_rules.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-43907"
},
{
"cve": "CVE-2024-43908",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "drm/amdgpu: null pointer dereference in ras_manager.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-43908"
},
{
"cve": "CVE-2024-43914",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "md/raid5: BUG_ON() while continue reshape after reassembling.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-43914"
},
{
"cve": "CVE-2024-44935",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "sctp: Fix null-ptr-deref in reuseport_add_sock(). A Null Pointer Dereference in reuseport_add_sock() while accessing sk2-\u003esk_reuseport_cb . The repro first creates a listener with SO_REUSEPORT. Then, it creates another listener on the same port and concurrently closes the first listener. The second listen() calls reuseport_add_sock() with the first listener as sk2, where sk2-\u003esk_reuseport_cb is not expected to be cleared concurrently, but the close() does clear it by reuseport_detach_sock().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-44935"
},
{
"cve": "CVE-2024-44944",
"cwe": {
"id": "CWE-401",
"name": "Missing Release of Memory after Effective Lifetime"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: netfilter: ctnetlink: use helper function to calculate expect ID Delete expectation path is missing a call to the nf_expect_get_id() helper function to calculate the expectation ID, otherwise LSB of the expectation object address is leaked to userspace.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-44944"
},
{
"cve": "CVE-2024-44949",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "parisc: fix a possible DMA corruption ARCH_DMA_MINALIGN was defined as 16 - this is too small - it may be possible that two unrelated 16-byte allocations share a cache line. If one of these allocations is written using DMA and the other is written using cached write, the value that was written with DMA may be corrupted.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-44949"
},
{
"cve": "CVE-2024-44952",
"cwe": {
"id": "CWE-667",
"name": "Improper Locking"
},
"notes": [
{
"category": "summary",
"text": "driver core: vulnerability due to a potential deadlock due to improper handling of device attributes and driver detachment, which has been fixed by using synchronize_rcu() to prevent race conditions.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-44952"
},
{
"cve": "CVE-2024-44954",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "ALSA: line6: vulnerability involved racy access to the midibuf in the ALSA line6 driver, which has been fixed by using a spinlock to prevent concurrent access issues.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-44954"
},
{
"cve": "CVE-2024-44960",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "usb: gadget: core: Check for unset descriptor. It needs to be reassured that the descriptor has been set before looking at maxpacket. This fixes a null pointer panic in this case. This may happen if the gadget doesn\u0027t properly set up the endpoint for the current speed, or the gadget descriptors are malformed and the descriptor for the speed/endpoint are not found. No current gadget driver is known to have this problem, but this may cause a hard-to-find bug during development of new gadgets.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-44960"
},
{
"cve": "CVE-2024-44965",
"cwe": {
"id": "CWE-229",
"name": "Improper Handling of Values"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: x86/mm: Fix pti_clone_pgtable() alignment assumption Guenter reported dodgy crashes on an i386-nosmp build using GCC-11 that had the form of endless traps until entry stack exhaust and then #DF from the stack guard. It turned out that pti_clone_pgtable() had alignment assumptions on the start address, notably it hard assumes start is PMD aligned. This is true on x86_64, but very much not true on i386. These assumptions can cause the end condition to malfunction, leading to a \u0027short\u0027 clone. Guess what happens when the user mapping has a short copy of the entry text? Use the correct increment form for addr to avoid alignment assumptions.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-44965"
},
{
"cve": "CVE-2024-44969",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "s390/sclp: vulnerability could lead to data corruption if a Store Data operation is interrupted and the halt attempt fails, which was resolved by preventing the release of data buffers in such cases.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-44969"
},
{
"cve": "CVE-2024-44971",
"cwe": {
"id": "CWE-401",
"name": "Missing Release of Memory after Effective Lifetime"
},
"notes": [
{
"category": "summary",
"text": "net: dsa: bcm_sf2: vulnerability caused a memory leak by not decrementing the reference count after finding and removing PHY devices, which has been fixed by adding a call to phy_device_free() to balance the reference count.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-44971"
},
{
"cve": "CVE-2024-44987",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: ipv6: prevent UAF in ip6_send_skb().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-44987"
},
{
"cve": "CVE-2024-44988",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "net: dsa: mv88e6xxx: vulnerability caused an out-of-bound access in the mv88e6xxx driver due to an ATU violation causing the SPID to exceed DSA_MAX_PORTS, which was resolved by ensuring the SPID stays within the valid range.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-44988"
},
{
"cve": "CVE-2024-44989",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: bonding: fix xfrm real_dev null pointer dereference.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-44989"
},
{
"cve": "CVE-2024-44990",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: bonding: fix null pointer deref in bond_ipsec_offload_ok We must check if there is an active slave before dereferencing the pointer.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-44990"
},
{
"cve": "CVE-2024-44995",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "net: hns3: a deadlock problem when config TC during resetting.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-44995"
},
{
"cve": "CVE-2024-44998",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "atm: idt77252: use after free in dequeue_rx().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-44998"
},
{
"cve": "CVE-2024-44999",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "gtp: missing network headers in gtp_dev_xmit().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-44999"
},
{
"cve": "CVE-2024-45003",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "vfs: Some filesystems(eg. ext4 with ea_inode feature, ubifs with xattr) may do inode lookup in the inode evicting callback function, if the inode lookup is operated under the inode lru traversing context, deadlock problems may happen.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-45003"
},
{
"cve": "CVE-2024-45006",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "xhci: Panther point NULL pointer deref at full-speed re-enumeration.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-45006"
},
{
"cve": "CVE-2024-45008",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "Input: missing limit on max slots results in too large allocation at input_mt_init_slots().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-45008"
},
{
"cve": "CVE-2024-45021",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "memcg_write_event_control(): a user-triggerable oops.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-45021"
},
{
"cve": "CVE-2024-45025",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE copy_fd_bitmaps.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-45025"
},
{
"cve": "CVE-2024-46673",
"cwe": {
"id": "CWE-415",
"name": "Double Free"
},
"notes": [
{
"category": "summary",
"text": "scsi: aacraid: Fix double-free on probe failure. aac_probe_one() calls hardware-specific init functions through the aac_driver_ident::init pointer, all of which eventually call down to aac_init_adapter(). If aac_init_adapter() fails after allocating memory for aac_dev::queues, it frees the memory but does not clear that member. After the hardware-specific init function returns an error, aac_probe_one() goes down an error path that frees the memory pointed to by aac_dev::queues, resulting in a double-free.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-46673"
},
{
"cve": "CVE-2024-46674",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "usb: dwc3: st: fix probed platform device ref count on probe error path. The probe function never performs any paltform device allocation, thus error path \"undo_platform_dev_alloc\" is entirely bogus. It drops the reference count from the platform device being probed. If error path is triggered, this will lead to unbalanced device reference counts and premature release of device resources, thus possible use-after-free when releasing remaining devm-managed resources.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-46674"
},
{
"cve": "CVE-2024-46675",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "usb: dwc3: core: A vulnerability where the USB core could access an invalid event buffer address during runtime suspend, potentially causing SMMU faults and other memory issues in Exynos platforms.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-46675"
},
{
"cve": "CVE-2024-46676",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "nfc: pn533: Add poll mod list filling check. In case of im_protocols value is 1 and tm_protocols value is 0 this combination successfully passes the check \u0027if (!im_protocols \u0026\u0026 !tm_protocols)\u0027 in the nfc_start_poll(). But then after pn533_poll_create_mod_list() call in pn533_start_poll() poll mod list will remain empty and dev-\u003epoll_mod_count will remain 0 which lead to division by zero.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-46676"
},
{
"cve": "CVE-2024-46677",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "gtp: fix NULL pointer dereference. When sockfd_lookup() fails, gtp_encap_enable_socket() returns a NULL pointer, but its callers only check for error pointers thus miss the NULL pointer case.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-46677"
},
{
"cve": "CVE-2024-46679",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: ethtool: check device is present when getting link settings.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-46679"
},
{
"cve": "CVE-2024-46685",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "pinctrl: single: fix NULL dereference in pcs_get_function(). pinmux_generic_get_function() can return NULL and the pointer \u0027function\u0027 was dereferenced without checking against NULL.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-46685"
},
{
"cve": "CVE-2024-46689",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "soc: qcom: cmd-db: Map shared memory as WC, not WB Linux does not write into cmd-db region. This region of memory is write protected by XPU. XPU may sometime falsely detect clean cache eviction as \"write\" into the write protected region leading to secure interrupt which causes an endless loop somewhere in Trust Zone.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-46689"
},
{
"cve": "CVE-2024-46702",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "thunderbolt: Mark XDomain as unplugged when router is removed.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-46702"
},
{
"cve": "CVE-2024-46707",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "KVM: arm64: Make ICC_*SGI*_EL1 undef in the absence of a vGICv3 On a system with a GICv3, if a guest hasn\u0027t been configured with GICv3 and that the host is not capable of GICv2 emulation, a write to any of the ICC_*SGI*_EL1 registers is trapped to EL2.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-46707"
},
{
"cve": "CVE-2024-46713",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "perf/aux: AUX buffer serialization.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-46713"
},
{
"cve": "CVE-2024-46714",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "drm/amd/display: Skip wbscl_set_scaler_filter if filter is null Callers can pass null in filter (i.e. from returned from the function wbscl_get_filter_coeffs_16p) and a null check is added to ensure that is not the case.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-46714"
},
{
"cve": "CVE-2024-46719",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "usb: typec: ucsi: Fix null pointer dereference in trace ucsi_register_altmode checks IS_ERR for the alt pointer and treats NULL as valid. When CONFIG_TYPEC_DP_ALTMODE is not enabled, ucsi_register_displayport returns NULL which causes a NULL pointer dereference in trace. Rather than return NULL, call typec_port_register_altmode to register DisplayPort alternate mode as a non-controllable mode when CONFIG_TYPEC_DP_ALTMODE is not enabled.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-46719"
},
{
"cve": "CVE-2024-46721",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "apparmor: fix possible NULL pointer dereference. profile-\u003eparent-\u003edents[AAFS_PROF_DIR] could be NULL only if its parent is made from __create_missing_ancestors(..) and \u0027ent-\u003eold\u0027 is NULL in aa_replace_profiles(..). In that case, it must return an error code and the code, -ENOENT represents its state that the path of its parent is not existed yet.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-46721"
},
{
"cve": "CVE-2024-46722",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "drm/amdgpu: vulnerability due to an out-of-bounds read warning when accessing mc_data[i-1].",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-46722"
},
{
"cve": "CVE-2024-46723",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "drm/amdgpu: vulnerability due to an out-of-bounds read warning when accessing ucode[].",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-46723"
},
{
"cve": "CVE-2024-46724",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "drm/amdgpu: vulnerability in drm/amdgpu that involved an out-of-bounds read of df_v1_7_channel_number.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-46724"
},
{
"cve": "CVE-2024-46725",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "drm/amdgpu: vulnerability caused by an out-of-bounds write warning due to an unchecked ring type value.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-46725"
},
{
"cve": "CVE-2024-46731",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "drm/amd/pm: vulnerability caused by an out-of-bounds read warning where the index i - 1U can exceed the bounds of the mc_data[] array when i is zero.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-46731"
},
{
"cve": "CVE-2024-46737",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "nvmet-tcp: kernel crash if commands allocation fails.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-46737"
},
{
"cve": "CVE-2024-46738",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "VMCI: use-after-free when removing resource in vmci_resource_remove().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-46738"
},
{
"cve": "CVE-2024-46739",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "uio_hv_generic: kernel NULL pointer dereference in hv_uio_rescind.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-46739"
},
{
"cve": "CVE-2024-46740",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "binder: UAF caused by offsets overwrite.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-46740"
},
{
"cve": "CVE-2024-46743",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: of/irq: Prevent device address out-of-bounds read in interrupt map walk.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-46743"
},
{
"cve": "CVE-2024-46744",
"cwe": {
"id": "CWE-908",
"name": "Use of Uninitialized Resource"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: Squashfs: sanity check symbolic link size.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-46744"
},
{
"cve": "CVE-2024-46745",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: Input: uinput - reject requests with unreasonable number of slots When exercising uinput interface syzkaller may try setting up device with a really large number of slots, which causes memory allocation failure in input_mt_init_slots(). While this allocation failure is handled properly and request is rejected, it results in syzkaller reports. Additionally, such request may put undue burden on the system which will try to free a lot of memory for a bogus request. Fix it by limiting allowed number of slots to 100. This can easily be extended if we see devices that can track more than 100 contacts.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-46745"
},
{
"cve": "CVE-2024-46747",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "HID: cougar: slab-out-of-bounds Read in cougar_report_fixup. Report_fixup for the Cougar 500k Gaming Keyboard was not verifying that the report descriptor size was correct before accessing it.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-46747"
},
{
"cve": "CVE-2024-46750",
"cwe": {
"id": "CWE-413",
"name": "Improper Resource Locking"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: PCI: Add missing bridge lock to pci_bus_lock().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-46750"
},
{
"cve": "CVE-2024-46755",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "wifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id(). mwifiex_get_priv_by_id() returns the priv pointer corresponding to the bss_num and bss_type, but without checking if the priv is actually currently in use. Unused priv pointers do not have a wiphy attached to them which can lead to NULL pointer dereferences further down the callstack.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-46755"
},
{
"cve": "CVE-2024-46756",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "hwmon: (w83627ehf) underflows seen when writing limit attributes DIV_ROUND_CLOSEST() after kstrtol() results in an underflow if a large negative number such as -9223372036854775808 is provided by the user.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-46756"
},
{
"cve": "CVE-2024-46757",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "hwmon: (nct6775-core) underflows seen when writing limit attributes DIV_ROUND_CLOSEST() after kstrtol() results in an underflow if a large negative number such as -9223372036854775808 is provided by the user.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-46757"
},
{
"cve": "CVE-2024-46758",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "hwmon: (lm95234) underflows seen when writing limit attributes DIV_ROUND_CLOSEST() after kstrtol() results in an underflow if a large negative number such as -9223372036854775808 is provided by the user.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-46758"
},
{
"cve": "CVE-2024-46759",
"cwe": {
"id": "CWE-124",
"name": "Buffer Underwrite (\u0027Buffer Underflow\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: hwmon: (adc128d818) Fix underflows seen when writing limit attributes DIV_ROUND_CLOSEST() after kstrtol() results in an underflow if a large negative number such as -9223372036854775808 is provided by the user. Fix it by reordering clamp_val() and DIV_ROUND_CLOSEST() operations.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-46759"
},
{
"cve": "CVE-2024-46761",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "pci/hotplug/pnv_php: hotplug driver crash on Powernv.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-46761"
},
{
"cve": "CVE-2024-46763",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "fou: null-ptr-deref in GRO.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-46763"
},
{
"cve": "CVE-2024-46771",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "can: bcm: Remove proc entry when dev is unregistered.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-46771"
},
{
"cve": "CVE-2024-46777",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "udf: Avoid excessive partition lengths Avoid mounting filesystems where the partition would overflow the 32-bits used for block number. Also refuse to mount filesystems where the partition length is so large we cannot safely index bits in a block bitmap.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-46777"
},
{
"cve": "CVE-2024-46780",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "nilfs2: vulnerability caused by the need for mutual exclusion using nilfs-\u003ens_sem when accessing superblock buffers in sysfs attribute show methods to prevent issues with pointer dereferencing and memory access.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-46780"
},
{
"cve": "CVE-2024-46781",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "nilfs2: vulnerability involves a use-after-free bug during mount-time recovery, where inodes with recovered data are not freed if an error occurs before the log writer starts, leading to potential memory issues.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-46781"
},
{
"cve": "CVE-2024-46782",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "ila: call nf_unregister_net_hooks() use-after-free Read in ila_nf_input.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-46782"
},
{
"cve": "CVE-2024-46783",
"cwe": {
"id": "CWE-229",
"name": "Improper Handling of Values"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: tcp_bpf: fix return value of tcp_bpf_sendmsg().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-46783"
},
{
"cve": "CVE-2024-46791",
"cwe": {
"id": "CWE-667",
"name": "Improper Locking"
},
"notes": [
{
"category": "summary",
"text": "can: mcp251x: fix deadlock if an interrupt occurs during mcp251x_open The mcp251x_hw_wake() function is called with the mpc_lock mutex held and disables the interrupt handler so that no interrupts can be processed while waking the device.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-46791"
},
{
"cve": "CVE-2024-46798",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "ASoC: dapm: vulnerability is an use-after-free bug where snd_pcm_suspend_all() accessed a freed snd_soc_pcm_runtime object during system suspension, detected with KASAN configurations.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-46798"
},
{
"cve": "CVE-2024-46800",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "sch/netem: use after free in netem_dequeue If netem_dequeue() enqueues packet to inner qdisc and that qdisc returns __NET_XMIT_STOLEN.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-46800"
},
{
"cve": "CVE-2024-46804",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "drm/amd/display: Add array index check for hdcp ddc access.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-46804"
},
{
"cve": "CVE-2024-46814",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "drm/amd/display: Check msg_id before processing transcation.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-46814"
},
{
"cve": "CVE-2024-46815",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "drm/amd/display: Check num_valid_sets before accessing reader_wm_sets[].",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-46815"
},
{
"cve": "CVE-2024-46817",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-46817"
},
{
"cve": "CVE-2024-46818",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "drm/amd/display: Check gpio_id before used as array index.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-46818"
},
{
"cve": "CVE-2024-46819",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "drm/amdgpu: the warning dereferencing obj for nbio_v7_4 if ras_manager obj null, don\u0027t print NBIO err data.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-46819"
},
{
"cve": "CVE-2024-46822",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-46822"
},
{
"cve": "CVE-2024-46828",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "sched: sch_cake: fix bulk flow accounting logic for host fairness In sch_cake, we keep track of the count of active bulk flows per host, when running in dst/src host fairness mode, which is used as the round-robin weight when iterating through flows.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-46828"
},
{
"cve": "CVE-2024-46829",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "rtmutex: Drop rt_mutex::wait_lock before scheduling. rt_mutex_handle_deadlock() is called with rt_mutex::wait_lock held. In the good case it returns with the lock held and in the deadlock case it emits a warning and goes into an endless scheduling loop with the lock held, which triggers the \u0027scheduling in atomic\u0027 warning. Unlock rt_mutex::wait_lock in the dead lock case before issuing the warning and dropping into the schedule for ever loop.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-46829"
},
{
"cve": "CVE-2024-46832",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "MIPS: cevt-r4k: Don\u0027t call get_c0_compare_int if timer irq is installed This avoids warning: [ 0.118053] BUG: sleeping function called from invalid context at kernel/locking/mutex.c:283 Caused by get_c0_compare_int on secondary CPU. We also skipped saving IRQ number to struct clock_event_device *cd as it\u0027s never used by clockevent core, as per comments it\u0027s only meant for \"non CPU local devices\".",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-46832"
},
{
"cve": "CVE-2024-46840",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "btrfs: clean up our handling of refs == 0 in snapshot delete. In reada we BUG_ON(refs == 0), which may be problematic because there is no lock on the extent leave, potentially leading to a transient incorrect answer. In walk_down_proc, BUG_ON(refs == 0) is also used, which could occur due to extent tree corruption. This has been changed to return -EUCLEAN. In do_walk_down() this case is caught and handled correctly, however -EIO is returned, whereas -EUCLEAN would a more appropriate error code. Finally in walk_up_proc, BUG_ON(refs == 0) is also used, it has also been converted to proper error handling.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-46840"
},
{
"cve": "CVE-2024-46844",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "um: line: always fill *error_out in setup_one_line() The pointer isn\u0027t initialized by callers, but I have encountered cases where it\u0027s still printed; initialize it in all possible cases in setup_one_line().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-46844"
},
{
"cve": "CVE-2024-47143",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "dma-debug: possible deadlock on radix_lock. radix_lock() shouldn\u0027t be held while holding dma_hash_entry[idx].lock otherwise, there\u0027s a possible deadlock scenario when dma debug API is called holding rq_lock().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-47143"
},
{
"cve": "CVE-2024-47659",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "smack: tcp: vulnerability in Smack\u2019s TCP/IPv4 labeling allows packets to be incorrectly labeled, enabling unauthorized data writing from one label to another.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-47659"
},
{
"cve": "CVE-2024-47660",
"cwe": {
"id": "CWE-413",
"name": "Improper Resource Locking"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: fsnotify: clear PARENT_WATCHED flags lazily In some setups directories can have many (usually negative) dentries. Hence __fsnotify_update_child_dentry_flags() function can take a significant amount of time. Since the bulk of this function happens under inode-\u003ei_lock this causes a significant contention on the lock when we remove the watch from the directory as the __fsnotify_update_child_dentry_flags() call from fsnotify_recalc_mask() races with __fsnotify_update_child_dentry_flags() calls from __fsnotify_parent() happening on children. This can lead upto softlockup reports reported by users. Fix the problem by calling fsnotify_update_children_dentry_flags() to set PARENT_WATCHED flags only when parent starts watching children. When parent stops watching children, clear false positive PARENT_WATCHED flags lazily in __fsnotify_parent() for each accessed child.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-47660"
},
{
"cve": "CVE-2024-47663",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "staging: iio: frequency: ad9834: In ad9834_write_frequency() clk_get_rate() can return 0. In such case ad9834_calc_freqreg() call will lead to division by zero. Checking \u0027if (fout \u003e (clk_freq / 2))\u0027 doesn\u0027t protect in case of \u0027fout\u0027 is 0. ad9834_write_frequency() is called from ad9834_write(), where fout is taken from text buffer, which can contain any value.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-47663"
},
{
"cve": "CVE-2024-47667",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "PCI: keystone: Missing workaround for Errata #i2037 (AM65x SR 1.0).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-47667"
},
{
"cve": "CVE-2024-47668",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "lib/generic-radix-tree.c: race in __genradix_ptr_alloc().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-47668"
},
{
"cve": "CVE-2024-47669",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "nilfs2: state management vulnerability in error path of log writing function.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-47669"
},
{
"cve": "CVE-2024-47679",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "vfs: race between evice_inodes() and find_inode()\u0026iput().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-47679"
},
{
"cve": "CVE-2024-47684",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\ntcp: check skb is non-NULL in tcp_rto_delta_us()\r\n\r\nWe have some machines running stock Ubuntu 20.04.6 which is their 5.4.0-174-generic\r\nkernel that are running ceph and recently hit a null ptr dereference in\r\ntcp_rearm_rto(). Initially hitting it from the TLP path, but then later we also\r\nsaw it getting hit from the RACK case as well. Here are examples of the oops\r\nmessages we saw in each of those cases:\r\n\r\nJul 26 15:05:02 rx [11061395.780353] BUG: kernel NULL pointer dereference, address: 0000000000000020\r\nJul 26 15:05:02 rx [11061395.787572] #PF: supervisor read access in kernel mode\r\nJul 26 15:05:02 rx [11061395.792971] #PF: error_code(0x0000) - not-present page\r\nJul 26 15:05:02 rx [11061395.798362] PGD 0 P4D 0\r\nJul 26 15:05:02 rx [11061395.801164] Oops: 0000 [#1] SMP NOPTI\r\nJul 26 15:05:02 rx [11061395.805091] CPU: 0 PID: 9180 Comm: msgr-worker-1 Tainted: G W 5.4.0-174-generic #193-Ubuntu\r\nJul 26 15:05:02 rx [11061395.814996] Hardware name: Supermicro SMC 2x26 os-gen8 64C NVME-Y 256G/H12SSW-NTR, BIOS 2.5.V1.2U.NVMe.UEFI 05/09/2023\r\nJul 26 15:05:02 rx [11061395.825952] RIP: 0010:tcp_rearm_rto+0xe4/0x160\r\nJul 26 15:05:02 rx [11061395.830656] Code: 87 ca 04 00 00 00 5b 41 5c 41 5d 5d c3 c3 49 8b bc 24 40 06 00 00 eb 8d 48 bb cf f7 53 e3 a5 9b c4 20 4c 89 ef e8 0c fe 0e 00 \u003c48\u003e 8b 78 20 48 c1 ef 03 48 89 f8 41 8b bc 24 80 04 00 00 48 f7 e3\r\nJul 26 15:05:02 rx [11061395.849665] RSP: 0018:ffffb75d40003e08 EFLAGS: 00010246\r\nJul 26 15:05:02 rx [11061395.855149] RAX: 0000000000000000 RBX: 20c49ba5e353f7cf RCX: 0000000000000000\r\nJul 26 15:05:02 rx [11061395.862542] RDX: 0000000062177c30 RSI: 000000000000231c RDI: ffff9874ad283a60\r\nJul 26 15:05:02 rx [11061395.869933] RBP: ffffb75d40003e20 R08: 0000000000000000 R09: ffff987605e20aa8\r\nJul 26 15:05:02 rx [11061395.877318] R10: ffffb75d40003f00 R11: ffffb75d4460f740 R12: ffff9874ad283900\r\nJul 26 15:05:02 rx [11061395.884710] R13: ffff9874ad283a60 R14: ffff9874ad283980 R15: ffff9874ad283d30\r\nJul 26 15:05:02 rx [11061395.892095] FS: 00007f1ef4a2e700(0000) GS:ffff987605e00000(0000) knlGS:0000000000000000\r\nJul 26 15:05:02 rx [11061395.900438] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\r\nJul 26 15:05:02 rx [11061395.906435] CR2: 0000000000000020 CR3: 0000003e450ba003 CR4: 0000000000760ef0\r\nJul 26 15:05:02 rx [11061395.913822] PKRU: 55555554\r\nJul 26 15:05:02 rx [11061395.916786] Call Trace:\r\nJul 26 15:05:02 rx [11061395.919488]\r\nJul 26 15:05:02 rx [11061395.921765] ? show_regs.cold+0x1a/0x1f\r\nJul 26 15:05:02 rx [11061395.925859] ? __die+0x90/0xd9\r\nJul 26 15:05:02 rx [11061395.929169] ? no_context+0x196/0x380\r\nJul 26 15:05:02 rx [11061395.933088] ? ip6_protocol_deliver_rcu+0x4e0/0x4e0\r\nJul 26 15:05:02 rx [11061395.938216] ? ip6_sublist_rcv_finish+0x3d/0x50\r\nJul 26 15:05:02 rx [11061395.943000] ? __bad_area_nosemaphore+0x50/0x1a0\r\nJul 26 15:05:02 rx [11061395.947873] ? bad_area_nosemaphore+0x16/0x20\r\nJul 26 15:05:02 rx [11061395.952486] ? do_user_addr_fault+0x267/0x450\r\nJul 26 15:05:02 rx [11061395.957104] ? ipv6_list_rcv+0x112/0x140\r\nJul 26 15:05:02 rx [11061395.961279] ? __do_page_fault+0x58/0x90\r\nJul 26 15:05:02 rx [11061395.965458] ? do_page_fault+0x2c/0xe0\r\nJul 26 15:05:02 rx [11061395.969465] ? page_fault+0x34/0x40\r\nJul 26 15:05:02 rx [11061395.973217] ? tcp_rearm_rto+0xe4/0x160\r\nJul 26 15:05:02 rx [11061395.977313] ? tcp_rearm_rto+0xe4/0x160\r\nJul 26 15:05:02 rx [11061395.981408] tcp_send_loss_probe+0x10b/0x220\r\nJul 26 15:05:02 rx [11061395.985937] tcp_write_timer_handler+0x1b4/0x240\r\nJul 26 15:05:02 rx [11061395.990809] tcp_write_timer+0x9e/0xe0\r\nJul 26 15:05:02 rx [11061395.994814] ? tcp_write_timer_handler+0x240/0x240\r\nJul 26 15:05:02 rx [11061395.999866] call_timer_fn+0x32/0x130\r\nJul 26 15:05:02 rx [11061396.003782] __run_timers.part.0+0x180/0x280\r\nJul 26 15:05:02 rx [11061396.008309] ? recalibrate_cpu_khz+0x10/0x10\r\nJul 26 15:05:02 rx [11061396.012841] ? native_x2apic_icr_write+0x30/0x30\r\nJul 26 15:05:02 rx [11061396.017718] ? lapic_next_even\r\n---truncated---",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-47684"
},
{
"cve": "CVE-2024-47685",
"cwe": {
"id": "CWE-908",
"name": "Use of Uninitialized Resource"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnetfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put()\r\n\r\nsyzbot reported that nf_reject_ip6_tcphdr_put() was possibly sending garbage on the four reserved tcp bits (th-\u003eres1)\r\n\r\nUse skb_put_zero() to clear the whole TCP header, as done in nf_reject_ip_tcphdr_put()\r\n\r\nBUG: KMSAN: uninit-value in nf_reject_ip6_tcphdr_put+0x688/0x6c0 net/ipv6/netfilter/nf_reject_ipv6.c:255\r\n nf_reject_ip6_tcphdr_put+0x688/0x6c0 net/ipv6/netfilter/nf_reject_ipv6.c:255\r\n nf_send_reset6+0xd84/0x15b0 net/ipv6/netfilter/nf_reject_ipv6.c:344\r\n nft_reject_inet_eval+0x3c1/0x880 net/netfilter/nft_reject_inet.c:48\r\n expr_call_ops_eval net/netfilter/nf_tables_core.c:240 [inline]\r\n nft_do_chain+0x438/0x22a0 net/netfilter/nf_tables_core.c:288\r\n nft_do_chain_inet+0x41a/0x4f0 net/netfilter/nft_chain_filter.c:161\r\n nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]\r\n nf_hook_slow+0xf4/0x400 net/netfilter/core.c:626\r\n nf_hook include/linux/netfilter.h:269 [inline]\r\n NF_HOOK include/linux/netfilter.h:312 [inline]\r\n ipv6_rcv+0x29b/0x390 net/ipv6/ip6_input.c:310\r\n __netif_receive_skb_one_core net/core/dev.c:5661 [inline]\r\n __netif_receive_skb+0x1da/0xa00 net/core/dev.c:5775\r\n process_backlog+0x4ad/0xa50 net/core/dev.c:6108\r\n __napi_poll+0xe7/0x980 net/core/dev.c:6772\r\n napi_poll net/core/dev.c:6841 [inline]\r\n net_rx_action+0xa5a/0x19b0 net/core/dev.c:6963\r\n handle_softirqs+0x1ce/0x800 kernel/softirq.c:554\r\n __do_softirq+0x14/0x1a kernel/softirq.c:588\r\n do_softirq+0x9a/0x100 kernel/softirq.c:455\r\n __local_bh_enable_ip+0x9f/0xb0 kernel/softirq.c:382\r\n local_bh_enable include/linux/bottom_half.h:33 [inline]\r\n rcu_read_unlock_bh include/linux/rcupdate.h:908 [inline]\r\n __dev_queue_xmit+0x2692/0x5610 net/core/dev.c:4450\r\n dev_queue_xmit include/linux/netdevice.h:3105 [inline]\r\n neigh_resolve_output+0x9ca/0xae0 net/core/neighbour.c:1565\r\n neigh_output include/net/neighbour.h:542 [inline]\r\n ip6_finish_output2+0x2347/0x2ba0 net/ipv6/ip6_output.c:141\r\n __ip6_finish_output net/ipv6/ip6_output.c:215 [inline]\r\n ip6_finish_output+0xbb8/0x14b0 net/ipv6/ip6_output.c:226\r\n NF_HOOK_COND include/linux/netfilter.h:303 [inline]\r\n ip6_output+0x356/0x620 net/ipv6/ip6_output.c:247\r\n dst_output include/net/dst.h:450 [inline]\r\n NF_HOOK include/linux/netfilter.h:314 [inline]\r\n ip6_xmit+0x1ba6/0x25d0 net/ipv6/ip6_output.c:366\r\n inet6_csk_xmit+0x442/0x530 net/ipv6/inet6_connection_sock.c:135\r\n __tcp_transmit_skb+0x3b07/0x4880 net/ipv4/tcp_output.c:1466\r\n tcp_transmit_skb net/ipv4/tcp_output.c:1484 [inline]\r\n tcp_connect+0x35b6/0x7130 net/ipv4/tcp_output.c:4143\r\n tcp_v6_connect+0x1bcc/0x1e40 net/ipv6/tcp_ipv6.c:333\r\n __inet_stream_connect+0x2ef/0x1730 net/ipv4/af_inet.c:679\r\n inet_stream_connect+0x6a/0xd0 net/ipv4/af_inet.c:750\r\n __sys_connect_file net/socket.c:2061 [inline]\r\n __sys_connect+0x606/0x690 net/socket.c:2078\r\n __do_sys_connect net/socket.c:2088 [inline]\r\n __se_sys_connect net/socket.c:2085 [inline]\r\n __x64_sys_connect+0x91/0xe0 net/socket.c:2085\r\n x64_sys_call+0x27a5/0x3ba0 arch/x86/include/generated/asm/syscalls_64.h:43\r\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\r\n do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83\r\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\r\n\r\nUninit was stored to memory at:\r\n nf_reject_ip6_tcphdr_put+0x60c/0x6c0 net/ipv6/netfilter/nf_reject_ipv6.c:249\r\n nf_send_reset6+0xd84/0x15b0 net/ipv6/netfilter/nf_reject_ipv6.c:344\r\n nft_reject_inet_eval+0x3c1/0x880 net/netfilter/nft_reject_inet.c:48\r\n expr_call_ops_eval net/netfilter/nf_tables_core.c:240 [inline]\r\n nft_do_chain+0x438/0x22a0 net/netfilter/nf_tables_core.c:288\r\n nft_do_chain_inet+0x41a/0x4f0 net/netfilter/nft_chain_filter.c:161\r\n nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]\r\n nf_hook_slow+0xf4/0x400 net/netfilter/core.c:626\r\n nf_hook include/linux/netfilter.h:269 [inline]\r\n NF_HOOK include/linux/netfilter.h:312 [inline]\r\n ipv6_rcv+0x29b/0x390 net/ipv6/ip6_input.c:310\r\n __netif_receive_skb_one_core\r\n---truncated---",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-47685"
},
{
"cve": "CVE-2024-47692",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnfsd: return -EINVAL when namelen is 0\r\nWhen we have a corrupted main.sqlite in /var/lib/nfs/nfsdcld/, it may result in namelen being 0, which will cause memdup_user() to return ZERO_SIZE_PTR.\r\nWhen we access the name.data that has been assigned the value of ZERO_SIZE_PTR in nfs4_client_to_reclaim(), null pointer dereference is triggered.\r\n\r\n[ T1205] ==================================================================\r\n[ T1205] BUG: KASAN: null-ptr-deref in nfs4_client_to_reclaim+0xe9/0x260\r\n[ T1205] Read of size 1 at addr 0000000000000010 by task nfsdcld/1205\r\n[ T1205]\r\n[ T1205] CPU: 11 PID: 1205 Comm: nfsdcld Not tainted 5.10.0-00003-g2c1423731b8d #406\r\n[ T1205] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS ?-20190727_073836-buildvm-ppc64le-16.ppc.fedoraproject.org-3.fc31 04/01/2014\r\n[ T1205] Call Trace:\r\n[ T1205] dump_stack+0x9a/0xd0\r\n[ T1205] ? nfs4_client_to_reclaim+0xe9/0x260\r\n[ T1205] __kasan_report.cold+0x34/0x84\r\n[ T1205] ? nfs4_client_to_reclaim+0xe9/0x260\r\n[ T1205] kasan_report+0x3a/0x50\r\n[ T1205] nfs4_client_to_reclaim+0xe9/0x260\r\n[ T1205] ? nfsd4_release_lockowner+0x410/0x410\r\n[ T1205] cld_pipe_downcall+0x5ca/0x760\r\n[ T1205] ? nfsd4_cld_tracking_exit+0x1d0/0x1d0\r\n[ T1205] ? down_write_killable_nested+0x170/0x170\r\n[ T1205] ? avc_policy_seqno+0x28/0x40\r\n[ T1205] ? selinux_file_permission+0x1b4/0x1e0\r\n[ T1205] rpc_pipe_write+0x84/0xb0\r\n[ T1205] vfs_write+0x143/0x520\r\n[ T1205] ksys_write+0xc9/0x170\r\n[ T1205] ? __ia32_sys_read+0x50/0x50\r\n[ T1205] ? ktime_get_coarse_real_ts64+0xfe/0x110\r\n[ T1205] ? ktime_get_coarse_real_ts64+0xa2/0x110\r\n[ T1205] do_syscall_64+0x33/0x40\r\n[ T1205] entry_SYSCALL_64_after_hwframe+0x67/0xd1\r\n[ T1205] RIP: 0033:0x7fdbdb761bc7\r\n[ T1205] Code: 0f 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 01 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 514\r\n[ T1205] RSP: 002b:00007fff8c4b7248 EFLAGS: 00000246 ORIG_RAX: 0000000000000001\r\n[ T1205] RAX: ffffffffffffffda RBX: 000000000000042b RCX: 00007fdbdb761bc7\r\n[ T1205] RDX: 000000000000042b RSI: 00007fff8c4b75f0 RDI: 0000000000000008\r\n[ T1205] RBP: 00007fdbdb761bb0 R08: 0000000000000000 R09: 0000000000000001\r\n[ T1205] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000042b\r\n[ T1205] R13: 0000000000000008 R14: 00007fff8c4b75f0 R15: 0000000000000000\r\n[ T1205] ==================================================================",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-47692"
},
{
"cve": "CVE-2024-47696",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nRDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency\r\n\r\nIn the commit aee2424246f9 (\"RDMA/iwcm: Fix a use-after-free related to destroying CM IDs\"), the function flush_workqueue is invoked to flush the work queue iwcm_wq.\r\n\r\nBut at that time, the work queue iwcm_wq was created via the function alloc_ordered_workqueue without the flag WQ_MEM_RECLAIM.\r\n\r\nBecause the current process is trying to flush the whole iwcm_wq, if iwcm_wq doesn\u0027t have the flag WQ_MEM_RECLAIM, verify that the current process is not reclaiming memory or running on a workqueue which doesn\u0027t have the flag WQ_MEM_RECLAIM as that can break forward-progress guarantee leading to a deadlock.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-47696"
},
{
"cve": "CVE-2024-47697",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\ndrivers: media: dvb-frontends/rtl2830: fix an out-of-bounds write error\r\n\r\nEnsure index in rtl2830_pid_filter does not exceed 31 to prevent out-of-bounds access.\r\n\r\ndev-\u003efilters is a 32-bit value, so set_bit and clear_bit functions should only operate on indices from 0 to 31. If index is 32, it will attempt to access a non-existent 33rd bit, leading to out-of-bounds access.\r\nChange the boundary check from index \u003e 32 to index \u003e= 32 to resolve this issue.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-47697"
},
{
"cve": "CVE-2024-47698",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "drivers: media: dvb-frontends/rtl2832: An out-of-bounds access occurs if rtl2832_pid_filter exceed 31, which was not verified.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-47698"
},
{
"cve": "CVE-2024-47699",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnilfs2: fix potential null-ptr-deref in nilfs_btree_insert()\r\n\r\nPatch series \"nilfs2: fix potential issues with empty b-tree nodes\".\r\n\r\nThis series addresses three potential issues with empty b-tree nodes that can occur with corrupted filesystem images, including one recently discovered by syzbot.\r\n\r\n\r\nThis patch (of 3):\r\n\r\nIf a b-tree is broken on the device, and the b-tree height is greater than 2 (the level of the root node is greater than 1) even if the number of child nodes of the b-tree root is 0, a NULL pointer dereference occurs in nilfs_btree_prepare_insert(), which is called from nilfs_btree_insert().\r\n\r\nThis is because, when the number of child nodes of the b-tree root is 0, nilfs_btree_do_lookup() does not set the block buffer head in any of path[x].bp_bh, leaving it as the initial value of NULL, but if the level of the b-tree root node is greater than 1, nilfs_btree_get_nonroot_node(), which accesses the buffer memory of path[x].bp_bh, is called.\r\n\r\nFix this issue by adding a check to nilfs_btree_root_broken(), which performs sanity checks when reading the root node from the device, to detect this inconsistency.\r\n\r\nThanks to Lizhi Xu for trying to solve the bug and clarifying the cause early on.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-47699"
},
{
"cve": "CVE-2024-47701",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: ext4: avoid OOB when system.data xattr changes underneath the filesystem.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-47701"
},
{
"cve": "CVE-2024-47705",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nblock: fix potential invalid pointer dereference in blk_add_partition\r\n\r\nThe blk_add_partition() function initially used a single if-condition (IS_ERR(part)) to check for errors when adding a partition. This was modified to handle the specific case of -ENXIO separately, allowing the function to proceed without logging the error in this case. However, this change unintentionally left a path where md_autodetect_dev() could be called without confirming that part is a valid pointer.\r\n\r\nThis commit separates the error handling logic by splitting the initial if-condition, improving code readability and handling specific error scenarios explicitly. The function now distinguishes the general error case from -ENXIO without altering the existing behavior of md_autodetect_dev() calls.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-47705"
},
{
"cve": "CVE-2024-47706",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nblock, bfq: fix possible UAF for bfqq-\u003ebic with merge chain\r\n\r\nIn this case, IO from Process 1 will get bfqq2 from BIC1 first, and then\r\nget bfqq3 through merge chain, and finially handle IO by bfqq3.\r\nHowerver, current code will think bfqq2 is owned by BIC1, like initial\r\nstate, and set bfqq2-\u003ebic to BIC1.\r\n\r\nAllocated by task 20776:\r\n kasan_save_stack+0x20/0x40 mm/kasan/common.c:45\r\n kasan_set_track+0x25/0x30 mm/kasan/common.c:52\r\n __kasan_slab_alloc+0x87/0x90 mm/kasan/common.c:328\r\n kasan_slab_alloc include/linux/kasan.h:188 [inline]\r\n slab_post_alloc_hook mm/slab.h:763 [inline]\r\n slab_alloc_node mm/slub.c:3458 [inline]\r\n kmem_cache_alloc_node+0x1a4/0x6f0 mm/slub.c:3503\r\n ioc_create_icq block/blk-ioc.c:370 [inline]\r\n---truncated---",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-47706"
},
{
"cve": "CVE-2024-47709",
"cwe": {
"id": "CWE-825",
"name": "Expired Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "can: bcm: A warning is triggered when connect() is issued again for a socket whose connect()ed device has been unregistered. However, if the socket is just close()d without the 2nd connect(), the remaining bo-\u003ebcm_proc_read triggers unnecessary remove_proc_entry() in bcm_release().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-47709"
},
{
"cve": "CVE-2024-47710",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "summary",
"text": "sock_map: vulnerability result of adding a cond_resched() in sock_hash_free() to prevent CPU soft lockups when destroying maps with a large number of buckets.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-47710"
},
{
"cve": "CVE-2024-47712",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "wifi: wilc1000: vulnerability caused by a potential RCU dereference issue in wilc_parse_join_bss_param by storing the TSF value in a local variable before releasing the RCU lock to prevent use-after-free errors.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-47712"
},
{
"cve": "CVE-2024-47713",
"cwe": {
"id": "CWE-664",
"name": "Improper Control of a Resource Through its Lifetime"
},
"notes": [
{
"category": "summary",
"text": "wifi: mac80211: vulnerability caused by implementing a two-phase skb reclamation in ieee80211_do_stop() to avoid warnings and potential issues caused by calling __dev_queue_xmit() with interrupts disabled.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-47713"
},
{
"cve": "CVE-2024-47718",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "wifi: rtw88: vulnerability may lead to a use-after-free (UAF) error if firmware loading is not properly synchronized during USB initialization and disconnection.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-47718"
},
{
"cve": "CVE-2024-47723",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\njfs: fix out-of-bounds in dbNextAG() and diAlloc()\r\n\r\nIn dbNextAG() , there is no check for the case where bmp-\u003edb_numag is greater or same than MAXAG due to a polluted image, which causes an out-of-bounds. Therefore, a bounds check should be added in dbMount().\r\n\r\nAnd in dbNextAG(), a check for the case where agpref is greater than bmp-\u003edb_numag should be added, so an out-of-bounds exception should be prevented.\r\n\r\nAdditionally, a check for the case where agno is greater or same than MAXAG should be added in diAlloc() to prevent out-of-bounds.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-47723"
},
{
"cve": "CVE-2024-47735",
"cwe": {
"id": "CWE-667",
"name": "Improper Locking"
},
"notes": [
{
"category": "summary",
"text": "RDMA/hns: missuse of spin_lock_irq()/spin_unlock_irq() when spin_lock_irqsave()/spin_lock_irqrestore() was hold.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-47735"
},
{
"cve": "CVE-2024-47737",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: nfsd: call cache_put if xdr_reserve_space returns NULL.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-47737"
},
{
"cve": "CVE-2024-47739",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "padata: missing integer wrap around can cause deadlock on seq_nr overflow.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-47739"
},
{
"cve": "CVE-2024-47740",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "Inf2fs: Require FMODE_WRITE for atomic write ioctls. The F2FS ioctls for starting and committing atomic writes check for inode_owner_or_capable(), but this does not give LSMs like SELinux or Landlock an opportunity to deny the write access - if the caller\u0027s FSUID matches the inode\u0027s UID, inode_owner_or_capable() immediately returns true.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-47740"
},
{
"cve": "CVE-2024-47742",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "summary",
"text": "firmware_loader: Block path traversal Most firmware names are hardcoded strings, or are constructed from fairly constrained format strings where the dynamic parts are just some hex numbers or such. However, there are a couple codepaths in the kernel where firmware file names contain string components that are passed through from a device or semi-privileged userspace.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-47742"
},
{
"cve": "CVE-2024-47747",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "net: seeq: Fix use after free vulnerability in ether3 Driver Due to Race Condition. In the ether3_probe function, a timer is initialized with a callback function ether3_ledoff, bound to \u0026prev(dev)-\u003etimer. Once the timer is started, there is a risk of a race condition if the module or device is removed, triggering the ether3_remove function to perform cleanup.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-47747"
},
{
"cve": "CVE-2024-47748",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "vhost_vdpa: assign irq bypass producer token correctly.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-47748"
},
{
"cve": "CVE-2024-47749",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "RDMA/cxgb4: Added NULL check for lookup_atid. The lookup_atid() function can return NULL if the ATID is invalid or does not exist in the identifier table, which could lead to dereferencing a null pointer without a check in the `act_establish()` and `act_open_rpl()` functions.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-47749"
},
{
"cve": "CVE-2024-47756",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "PCI: keystone: Fix if-statement expression in ks_pcie_quirk(). This code accidentally uses \u0026\u0026 where || was intended. It potentially results in a NULL dereference.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-47756"
},
{
"cve": "CVE-2024-47757",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "nilfs2: potential oob read in nilfs_btree_check_delete(). The function nilfs_btree_check_delete(), which checks whether degeneration to direct mapping occurs before deleting a b-tree entry, causes memory access outside the block buffer when retrieving the maximum key if the root node has no entries.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-47757"
},
{
"cve": "CVE-2024-48881",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "bcache: revert replacing IS_ERR_OR_NULL with IS_ERR again.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-48881"
},
{
"cve": "CVE-2024-49851",
"cwe": {
"id": "CWE-459",
"name": "Incomplete Cleanup"
},
"notes": [
{
"category": "summary",
"text": "tpm: Clean up TPM space after command failure tpm_dev_transmit prepares the TPM space before attempting command transmission. However if the command fails no rollback of this preparation is done. This can result in transient handles being leaked if the device is subsequently closed with no further commands performed.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-49851"
},
{
"cve": "CVE-2024-49858",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "efistub/tpm: Use ACPI reclaim memory for event log to avoid corruption The TPM event log table is a Linux specific construct, where the data produced by the GetEventLog() boot service is cached in memory, and passed on to the OS using an EFI configuration table. The use of EFI_LOADER_DATA here results in the region being left unreserved in the E820 memory map constructed by the EFI stub, and this is the memory description that is passed on to the incoming kernel by kexec, which is therefore unaware that the region should be reserved. Even though the utility of the TPM2 event log after a kexec is questionable, any corruption might send the parsing code off into the weeds and crash the kernel.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-49858"
},
{
"cve": "CVE-2024-49860",
"cwe": {
"id": "CWE-843",
"name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
},
"notes": [
{
"category": "summary",
"text": "CPI: sysfs: validate return type of _STR method Only buffer objects are valid return values of _STR. If something else is returned description_show() will access invalid memory.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-49860"
},
{
"cve": "CVE-2024-49863",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "vhost/scsi: null-ptr-dereference in vhost_scsi_get_req().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-49863"
},
{
"cve": "CVE-2024-49867",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "btrfs: wait for fixup workers before stopping cleaner kthread during umount During unmount, at close_ctree().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-49867"
},
{
"cve": "CVE-2024-49868",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "btrfs: a NULL pointer dereference when failed to start a new trasacntion.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-49868"
},
{
"cve": "CVE-2024-49875",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "nfsd: map the EBADMSG to nfserr_io to avoid warning Ext4 will throw -EBADMSG through ext4_readdir when a checksum error occurs.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-49875"
},
{
"cve": "CVE-2024-49877",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "ocfs2: When doing cleanup, if flags do not have OCFS2_BH_READAHEAD set, it may trigger NULL pointer dereference in the following ocfs2_set_buffer_uptodate() if bh is NULL.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-49877"
},
{
"cve": "CVE-2024-49878",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "resource: Because drivers/dax/kmem.c calls add_memory_driver_managed() during onlining CXL memory, which makes \"System RAM (kmem)\" a descendant of \"CXL Window X\". This confuses region_intersects(), which expects all \"System RAM\" resources to be at the top level of iomem_resource.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-49878"
},
{
"cve": "CVE-2024-49879",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "drm: omapdrm: alloc_ordered_workqueue may return NULL pointer and cause NULL pointer dereference.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-49879"
},
{
"cve": "CVE-2024-49881",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: ext4: update orig_path in ext4_find_extent().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-49881"
},
{
"cve": "CVE-2024-49882",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "ext4: In ext4_ext_try_to_merge_up(), path[1].p_bh should be set to NULL after it has been released, otherwise it may be released twice.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-49882"
},
{
"cve": "CVE-2024-49883",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "ext4: In ext4_ext_insert_extent(), if the path is reallocated in ext4_ext_create_new_leaf(), the stale path will be used and cause use-after-free.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-49883"
},
{
"cve": "CVE-2024-49884",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: ext4: fix slab-use-after-free in ext4_split_extent_at().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-49884"
},
{
"cve": "CVE-2024-49889",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\next4: avoid use-after-free in ext4_ext_show_leaf()\r\n\r\nIn ext4_find_extent(), path may be freed by error or be reallocated, so\r\nusing a previously saved *ppath may have been freed and thus may trigger\r\nuse-after-free, as follows:\r\n\r\next4_split_extent\r\n path = *ppath;\r\n ext4_split_extent_at(ppath)\r\n path = ext4_find_extent(ppath)\r\n ext4_split_extent_at(ppath)\r\n // ext4_find_extent fails to free path\r\n // but zeroout succeeds\r\n ext4_ext_show_leaf(inode, path)\r\n eh = path[depth].p_hdr\r\n // path use-after-free !!!\r\n\r\nSimilar to ext4_split_extent_at(), we use *ppath directly as an input to\r\next4_ext_show_leaf(). Fix a spelling error by the way.\r\n\r\nSame problem in ext4_ext_handle_unwritten_extents(). Since \u0027path\u0027 is only\r\nused in ext4_ext_show_leaf(), remove \u0027path\u0027 and use *ppath directly.\r\n\r\nThis issue is triggered only when EXT_DEBUG is defined and therefore does\r\nnot affect functionality.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-49889"
},
{
"cve": "CVE-2024-49890",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\ndrm/amd/pm: ensure the fw_info is not null before using it\r\n\r\nThis resolves the dereference null return value warning reported by Coverity.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-49890"
},
{
"cve": "CVE-2024-49892",
"cwe": {
"id": "CWE-369",
"name": "Divide By Zero"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\ndrm/amd/display: Initialize get_bytes_per_element\u0027s default to 1\r\n\r\nVariables, used as denominators and maybe not assigned to other values, should not be 0. bytes_per_element_y \u0026 bytes_per_element_c are initialized by get_bytes_per_element() which should never return 0.\r\n\r\nThis fixes 10 DIVIDE_BY_ZERO issues reported by Coverity.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-49892"
},
{
"cve": "CVE-2024-49894",
"cwe": {
"id": "CWE-129",
"name": "Improper Validation of Array Index"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\ndrm/amd/display: Fix index out of bounds in degamma hardware format translation\r\n\r\nFixes index out of bounds issue in\r\n`cm_helper_translate_curve_to_degamma_hw_format` function. The issue\r\ncould occur when the index \u0027i\u0027 exceeds the number of transfer function\r\npoints (TRANSFER_FUNC_POINTS).\r\n\r\nThe fix adds a check to ensure \u0027i\u0027 is within bounds before accessing the\r\ntransfer function points. If \u0027i\u0027 is out of bounds the function returns\r\nfalse to indicate an error.\r\n\r\nReported by smatch:\r\ndrivers/gpu/drm/amd/amdgpu/../display/dc/dcn10/dcn10_cm_common.c:594 cm_helper_translate_curve_to_degamma_hw_format() error: buffer overflow \u0027output_tf-\u003etf_pts.red\u0027 1025 \u003c= s32max\r\ndrivers/gpu/drm/amd/amdgpu/../display/dc/dcn10/dcn10_cm_common.c:595 cm_helper_translate_curve_to_degamma_hw_format() error: buffer overflow \u0027output_tf-\u003etf_pts.green\u0027 1025 \u003c= s32max\r\ndrivers/gpu/drm/amd/amdgpu/../display/dc/dcn10/dcn10_cm_common.c:596 cm_helper_translate_curve_to_degamma_hw_format() error: buffer overflow \u0027output_tf-\u003etf_pts.blue\u0027 1025 \u003c= s32max",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-49894"
},
{
"cve": "CVE-2024-49895",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "drm/amd/display: vulnerability caused by adding a check to ensure the index \u0027i\u0027 is within bounds before accessing transfer function points in cm_helper_translate_curve_to_degamma_hw_format, preventing buffer overflow errors.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-49895"
},
{
"cve": "CVE-2024-49896",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "drm/amd/display: vulnerability caused by adding a null check for the stream before dereferencing it in dc_is_stream_unchanged to prevent null pointer dereference.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-49896"
},
{
"cve": "CVE-2024-49900",
"cwe": {
"id": "CWE-908",
"name": "Use of Uninitialized Resource"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\njfs: Fix uninit-value access of new_ea in ea_buffer\r\n\r\nsyzbot reports that lzo1x_1_do_compress is using uninit-value:\r\n\r\n=====================================================\r\nBUG: KMSAN: uninit-value in lzo1x_1_do_compress+0x19f9/0x2510 lib/lzo/lzo1x_compress.c:178\r\n\r\n...\r\n\r\nUninit was stored to memory at:\r\n ea_put fs/jfs/xattr.c:639 [inline]\r\n\r\n...\r\n\r\nLocal variable ea_buf created at:\r\n __jfs_setxattr+0x5d/0x1ae0 fs/jfs/xattr.c:662\r\n __jfs_xattr_set+0xe6/0x1f0 fs/jfs/xattr.c:934\r\n\r\n=====================================================\r\n\r\nThe reason is ea_buf-\u003enew_ea is not initialized properly.\r\n\r\nFix this by using memset to empty its content at the beginning\r\nin ea_get().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-49900"
},
{
"cve": "CVE-2024-49901",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "drm/msm/adreno: vulnerability caused by assigning msm_gpu-\u003epdev earlier in the initialization process to prevent null pointer dereferences in msm_gpu_cleanup.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-49901"
},
{
"cve": "CVE-2024-49902",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "jfs: vulnerability caused by assigning msm_gpu-\u003epdev earlier in the initialization process to prevent null pointer dereferences in msm_gpu_cleanup.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-49902"
},
{
"cve": "CVE-2024-49903",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\njfs: Fix uaf in dbFreeBits\r\n\r\n[syzbot reported]\r\n==================================================================\r\nBUG: KASAN: slab-use-after-free in __mutex_lock_common kernel/locking/mutex.c:587 [inline]\r\nBUG: KASAN: slab-use-after-free in __mutex_lock+0xfe/0xd70 kernel/locking/mutex.c:752\r\nRead of size 8 at addr ffff8880229254b0 by task syz-executor357/5216\r\n\r\nCPU: 0 UID: 0 PID: 5216 Comm: syz-executor357 Not tainted 6.11.0-rc3-syzkaller-00156-gd7a5aa4b3c00 #0\r\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024\r\nCall Trace:\r\n \u003cTASK\u003e\r\n __dump_stack lib/dump_stack.c:93 [inline]\r\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119\r\n print_address_description mm/kasan/report.c:377 [inline]\r\n print_report+0x169/0x550 mm/kasan/report.c:488\r\n kasan_report+0x143/0x180 mm/kasan/report.c:601\r\n __mutex_lock_common kernel/locking/mutex.c:587 [inline]\r\n __mutex_lock+0xfe/0xd70 kernel/locking/mutex.c:752\r\n dbFreeBits+0x7ea/0xd90 fs/jfs/jfs_dmap.c:2390\r\n dbFreeDmap fs/jfs/jfs_dmap.c:2089 [inline]\r\n dbFree+0x35b/0x680 fs/jfs/jfs_dmap.c:409\r\n dbDiscardAG+0x8a9/0xa20 fs/jfs/jfs_dmap.c:1650\r\n jfs_ioc_trim+0x433/0x670 fs/jfs/jfs_discard.c:100\r\n jfs_ioctl+0x2d0/0x3e0 fs/jfs/ioctl.c:131\r\n vfs_ioctl fs/ioctl.c:51 [inline]\r\n __do_sys_ioctl fs/ioctl.c:907 [inline]\r\n __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:893\r\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\r\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\r\n\r\nFreed by task 5218:\r\n kasan_save_stack mm/kasan/common.c:47 [inline]\r\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\r\n kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:579\r\n poison_slab_object+0xe0/0x150 mm/kasan/common.c:240\r\n __kasan_slab_free+0x37/0x60 mm/kasan/common.c:256\r\n kasan_slab_free include/linux/kasan.h:184 [inline]\r\n slab_free_hook mm/slub.c:2252 [inline]\r\n slab_free mm/slub.c:4473 [inline]\r\n kfree+0x149/0x360 mm/slub.c:4594\r\n dbUnmount+0x11d/0x190 fs/jfs/jfs_dmap.c:278\r\n jfs_mount_rw+0x4ac/0x6a0 fs/jfs/jfs_mount.c:247\r\n jfs_remount+0x3d1/0x6b0 fs/jfs/super.c:454\r\n reconfigure_super+0x445/0x880 fs/super.c:1083\r\n vfs_cmd_reconfigure fs/fsopen.c:263 [inline]\r\n vfs_fsconfig_locked fs/fsopen.c:292 [inline]\r\n __do_sys_fsconfig fs/fsopen.c:473 [inline]\r\n __se_sys_fsconfig+0xb6e/0xf80 fs/fsopen.c:345\r\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\r\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\r\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\r\n\r\n[Analysis]\r\nThere are two paths (dbUnmount and jfs_ioc_trim) that generate race condition when accessing bmap, which leads to the occurrence of uaf.\r\n\r\nUse the lock s_umount to synchronize them, in order to avoid uaf caused by race condition.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-49903"
},
{
"cve": "CVE-2024-49907",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "drm/amd/display: missing null pointer check before using dc-\u003eclk_mgr.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-49907"
},
{
"cve": "CVE-2024-49913",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "drm/amd/display: missing null check for top_pipe_to_program in commit_planes_for_stream.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-49913"
},
{
"cve": "CVE-2024-49924",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "fbdev: pxafb:use after free in pxafb_task(). In the pxafb_probe function, it calls the pxafb_init_fbinfo function, after which \u0026fbi-\u003etask is associated with pxafb_task. Moreover, within this pxafb_init_fbinfo function, the pxafb_blank function within the \u0026pxafb_ops struct is capable of scheduling work. If we remove the module which will call pxafb_remove to make cleanup, it will call unregister_framebuffer function which can call do_unregister_framebuffer to free fbi-\u003efb through put_fb_info(fb_info), while the work mentioned above will be used.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-49924"
},
{
"cve": "CVE-2024-49930",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "wifi: ath11k: fix array out-of-bound access in SoC stats. Currently, the ath11k_soc_dp_stats::hal_reo_error array is defined with a maximum size of DP_REO_DST_RING_MAX. However, the ath11k_dp_process_rx() function access ath11k_soc_dp_stats::hal_reo_error using the REO destination SRNG ring ID, which is incorrect. SRNG ring ID differ from normal ring ID, and this usage leads to out-of-bounds array access.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-49930"
},
{
"cve": "CVE-2024-49933",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "blk_iocost: fix more out of bound shifts.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-49933"
},
{
"cve": "CVE-2024-49936",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "net/xen-netback: prevent UAF in xenvif_flush_hash(). During the list_for_each_entry_rcu iteration call of xenvif_flush_hash, kfree_rcu does not exist inside the rcu read critical section, so if kfree_rcu is called when the rcu grace period ends during the iteration, UAF occurs when accessing head-\u003enext after the entry becomes free.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-49936"
},
{
"cve": "CVE-2024-49938",
"cwe": {
"id": "CWE-824",
"name": "Access of Uninitialized Pointer"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nwifi: ath9k_htc: Use __skb_set_length() for resetting urb before resubmit\r\n\r\nSyzbot points out that skb_trim() has a sanity check on the existing length of the skb, which can be uninitialised in some error paths. The intent here is clearly just to reset the length to zero before resubmitting, so switch to calling __skb_set_length(skb, 0) directly. In addition, __skb_set_length() already contains a call to skb_reset_tail_pointer(), so remove the redundant call.\r\n\r\nThe syzbot report came from ath9k_hif_usb_reg_in_cb(), but there\u0027s a similar usage of skb_trim() in ath9k_hif_usb_rx_cb(), change both while we\u0027re at it.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-49938"
},
{
"cve": "CVE-2024-49944",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "sctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start. In sctp_listen_start() invoked by sctp_inet_listen(), it should set the sk_state back to CLOSED if sctp_autobind() fails due to whatever reason. Otherwise, next time when calling sctp_inet_listen(), if sctp_sk(sk)-\u003ereuse is already set via setsockopt(SCTP_REUSE_PORT), sctp_sk(sk)-\u003ebind_hash will be dereferenced as sk_state is LISTENING, which causes a crash as bind_hash is NULL",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-49944"
},
{
"cve": "CVE-2024-49948",
"cwe": {
"id": "CWE-124",
"name": "Buffer Underwrite (\u0027Buffer Underflow\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: net: add more sanity checks to qdisc_pkt_len_init().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-49948"
},
{
"cve": "CVE-2024-49949",
"cwe": {
"id": "CWE-124",
"name": "Buffer Underwrite (\u0027Buffer Underflow\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: net: avoid potential underflow in qdisc_pkt_len_init() with UFO.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-49949"
},
{
"cve": "CVE-2024-49952",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: prevent nf_skb_duplicated corruption.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-49952"
},
{
"cve": "CVE-2024-49955",
"cwe": {
"id": "CWE-672",
"name": "Operation on a Resource after Expiration or Release"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nACPI: battery: Fix possible crash when unregistering a battery hook\r\n\r\nWhen a battery hook returns an error when adding a new battery, then the battery hook is automatically unregistered.\r\nHowever the battery hook provider cannot know that, so it will later call battery_hook_unregister() on the already unregistered battery hook, resulting in a crash.\r\n\r\nFix this by using the list head to mark already unregistered battery hooks as already being unregistered so that they can be ignored by battery_hook_unregister().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-49955"
},
{
"cve": "CVE-2024-49957",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "ocfs2: null-ptr-deref when journal load failed.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-49957"
},
{
"cve": "CVE-2024-49958",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "ocfs2: reserve space for inline xattr before attaching reflink tree.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-49958"
},
{
"cve": "CVE-2024-49959",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "jbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns error In __jbd2_log_wait_for_space(), we might call jbd2_cleanup_journal_tail() to recover some journal space.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-49959"
},
{
"cve": "CVE-2024-49962",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "ACPICA: check null return of ACPI_ALLOCATE_ZEROED() in acpi_db_convert_to_package().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-49962"
},
{
"cve": "CVE-2024-49963",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "mailbox: bcm2835: timeout during suspend mode.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-49963"
},
{
"cve": "CVE-2024-49965",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "ocfs2: remove unreasonable unlock in ocfs2_read_blocks Patch series \"Misc fixes for ocfs2_read_blocks\", v5.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-49965"
},
{
"cve": "CVE-2024-49966",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "ocfs2: cancel dqi_sync_work before freeing oinfo ocfs2_global_read_info() will initialize and schedule dqi_sync_work at the end.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-49966"
},
{
"cve": "CVE-2024-49967",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "ext4: no need to continue when the number of entries is 1.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-49967"
},
{
"cve": "CVE-2024-49969",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "drm/amd/display: index out of bounds in DCN30 color transformation.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-49969"
},
{
"cve": "CVE-2024-49971",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "drm/amd/display: dml2_core_shared_mode_support and dml_core_mode_support access the third element of dummy_boolean, for example: hw_debug5 = \u0026s-\u003edummy_boolean. Any assignment to hw_debug5 would cause an OVERRUN.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-49971"
},
{
"cve": "CVE-2024-49973",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "r8169: RTL8125 added fields to the tally counter, this change could cause the chip to perform Direct Memory Access on these new fields, potentially writing to unallocated memory.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-49973"
},
{
"cve": "CVE-2024-49975",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "uprobes: vma xol_add_vma() maps the uninitialized page allocated by __create_xol_area() into userspace. On some architectures (x86) this memory is readable even without VM_READ permission. Additionally setting VM_EXEC produces the same page protection attributes (pgprot_t) as setting both VM_EXEC and VM_READ. Nevertheless, the debugger can read this memory.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-49975"
},
{
"cve": "CVE-2024-49977",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "net: stmmac: port_transmit_rate_kbps could be set to a value of 0, which is then passed to the \"div_s64\" function when tc-cbs is disabled. This leads to a zero-division error.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-49977"
},
{
"cve": "CVE-2024-49981",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "media: venus: A race condition may trigger a use after free vulnerability in venus_remove.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-49981"
},
{
"cve": "CVE-2024-49982",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: aoe: fix the potential use-after-free problem in more places For fixing CVE-2023-6270, f98364e92662 (\"aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts\") makes tx() calling dev_put() instead of doing in aoecmd_cfg_pkts(). It avoids that the tx() runs into use-after-free. Then Nicolai Stange found more places in aoe have potential use-after-free problem with tx(). e.g. revalidate(), aoecmd_ata_rw(), resend(), probe() and aoecmd_cfg_rsp(). Those functions also use aoenet_xmit() to push packet to tx queue. So they should also use dev_hold() to increase the refcnt of skb-\u003edev. On the other hand, moving dev_put() to tx() causes that the refcnt of skb-\u003edev be reduced to a negative value, because corresponding dev_hold() are not called in revalidate(), aoecmd_ata_rw(), resend(), probe(), and aoecmd_cfg_rsp(). This patch fixed this issue.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-49982"
},
{
"cve": "CVE-2024-49983",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "ext4: When calling ext4_force_split_extent_at() in ext4_ext_replay_update_ex(), the \u0027ppath\u0027 is updated but it is the \u0027path\u0027 that is freed, thus potentially triggering a double-free.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-49983"
},
{
"cve": "CVE-2024-49985",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "i2c: stm32f7: In case there is any sort of clock controller attached to the I2C bus controller, for example Versaclock or even an AIC32x4 I2C codec, then an I2C transfer triggered from the clock controller clk_ops .prepare callback may trigger a deadlock on drivers/clk/clk.c prepare_lock mutex.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-49985"
},
{
"cve": "CVE-2024-49993",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "iommu/vt-d: vulnerability may cause a soft lockup if qi_submit_sync() is called with zero invalidation descriptors, as the completion of invalidation_wait may not be detected, leading to an indefinite wait.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-49993"
},
{
"cve": "CVE-2024-49995",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "tipc: vulnerability due to a potential buffer overrun when copying media_name and if_name to name_parts, which may be prevented by using strscpy() to avoid overwriting the destination buffer.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-49995"
},
{
"cve": "CVE-2024-49997",
"cwe": {
"id": "CWE-226",
"name": "Sensitive Information in Resource Not Removed Before Reuse"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: net: ethernet: lantiq_etop: fix memory disclosure When applying padding, the buffer is not zeroed, which results in memory disclosure. The mentioned data is observed on the wire. This patch uses skb_put_padto() to pad Ethernet frames properly. The mentioned function zeroes the expanded buffer. In case the packet cannot be padded it is silently dropped. Statistics are also not incremented. This driver does not support statistics in the old 32-bit format or the new 64-bit format. These will be added in the future. In its current form, the patch should be easily backported to stable versions. Ethernet MACs on Amazon-SE and Danube cannot do padding of the packets in hardware, so software padding must be applied.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-49997"
},
{
"cve": "CVE-2024-50001",
"cwe": {
"id": "CWE-755",
"name": "Improper Handling of Exceptional Conditions"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnet/mlx5: Fix error path in multi-packet WQE transmit\r\n\r\nRemove the erroneous unmap in case no DMA mapping was established\r\n\r\nThe multi-packet WQE transmit code attempts to obtain a DMA mapping for the skb. This could fail, e.g. under memory pressure, when the IOMMU driver just can\u0027t allocate more memory for page tables. While the code tries to handle this in the path below the err_unmap label it erroneously unmaps one entry from the sq\u0027s FIFO list of active mappings. Since the current map attempt failed this unmap is removing some random DMA mapping that might still be required. If the PCI function now presents that IOVA, the IOMMU may assumes a rogue DMA access and e.g. on s390 puts the PCI function in error state.\r\n\r\nThe erroneous behavior was seen in a stress-test environment that created memory pressure.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-50001"
},
{
"cve": "CVE-2024-50006",
"cwe": {
"id": "CWE-833",
"name": "Deadlock"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: ext4: fix i_data_sem unlock order in ext4_ind_migrate().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-50006"
},
{
"cve": "CVE-2024-50007",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "ALSA: asihpi: potential OOB array access ASIHPI driver stores some values in the static array upon a response from the driver, and its index depends on the firmware.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-50007"
},
{
"cve": "CVE-2024-50008",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "wifi: mwifiex: memcpy() field-spanning write warning in mwifiex_cmd_802_11_scan_ext() Replace one-element array with a flexible-array member in `struct host_cmd_ds_802_11_scan_ext`.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-50008"
},
{
"cve": "CVE-2024-50013",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "exfat: memory leak in exfat_load_bitmap() If the first directory entry in the root directory is not a bitmap directory entry, \u0027bh\u0027 will not be released and reassigned, which will cause a memory leak.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-50013"
},
{
"cve": "CVE-2024-50015",
"cwe": {
"id": "CWE-665",
"name": "Improper Initialization"
},
"notes": [
{
"category": "summary",
"text": "ext4: dax: Overflowing extents beyond inode size when partially writing.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-50015"
},
{
"cve": "CVE-2024-50024",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "net: unsafe loop on the list.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-50024"
},
{
"cve": "CVE-2024-50033",
"cwe": {
"id": "CWE-908",
"name": "Use of Uninitialized Resource"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nslip: make slhc_remember() more robust against malicious packets\r\n\r\nsyzbot found that slhc_remember() was missing checks against\r\nmalicious packets [1].\r\n\r\nslhc_remember() only checked the size of the packet was at least 20,\r\nwhich is not good enough.\r\n\r\nWe need to make sure the packet includes the IPv4 and TCP header\r\nthat are supposed to be carried.\r\n\r\nAdd iph and th pointers to make the code more readable.\r\n\r\n[1]\r\n\r\nBUG: KMSAN: uninit-value in slhc_remember+0x2e8/0x7b0 drivers/net/slip/slhc.c:666\r\n slhc_remember+0x2e8/0x7b0 drivers/net/slip/slhc.c:666\r\n ppp_receive_nonmp_frame+0xe45/0x35e0 drivers/net/ppp/ppp_generic.c:2455\r\n ppp_receive_frame drivers/net/ppp/ppp_generic.c:2372 [inline]\r\n ppp_do_recv+0x65f/0x40d0 drivers/net/ppp/ppp_generic.c:2212\r\n ppp_input+0x7dc/0xe60 drivers/net/ppp/ppp_generic.c:2327\r\n pppoe_rcv_core+0x1d3/0x720 drivers/net/ppp/pppoe.c:379\r\n sk_backlog_rcv+0x13b/0x420 include/net/sock.h:1113\r\n __release_sock+0x1da/0x330 net/core/sock.c:3072\r\n release_sock+0x6b/0x250 net/core/sock.c:3626\r\n pppoe_sendmsg+0x2b8/0xb90 drivers/net/ppp/pppoe.c:903\r\n sock_sendmsg_nosec net/socket.c:729 [inline]\r\n __sock_sendmsg+0x30f/0x380 net/socket.c:744\r\n ____sys_sendmsg+0x903/0xb60 net/socket.c:2602\r\n ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2656\r\n __sys_sendmmsg+0x3c1/0x960 net/socket.c:2742\r\n __do_sys_sendmmsg net/socket.c:2771 [inline]\r\n __se_sys_sendmmsg net/socket.c:2768 [inline]\r\n __x64_sys_sendmmsg+0xbc/0x120 net/socket.c:2768\r\n x64_sys_call+0xb6e/0x3ba0 arch/x86/include/generated/asm/syscalls_64.h:308\r\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\r\n do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83\r\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\r\n\r\nUninit was created at:\r\n slab_post_alloc_hook mm/slub.c:4091 [inline]\r\n slab_alloc_node mm/slub.c:4134 [inline]\r\n kmem_cache_alloc_node_noprof+0x6bf/0xb80 mm/slub.c:4186\r\n kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:587\r\n __alloc_skb+0x363/0x7b0 net/core/skbuff.c:678\r\n alloc_skb include/linux/skbuff.h:1322 [inline]\r\n sock_wmalloc+0xfe/0x1a0 net/core/sock.c:2732\r\n pppoe_sendmsg+0x3a7/0xb90 drivers/net/ppp/pppoe.c:867\r\n sock_sendmsg_nosec net/socket.c:729 [inline]\r\n __sock_sendmsg+0x30f/0x380 net/socket.c:744\r\n ____sys_sendmsg+0x903/0xb60 net/socket.c:2602\r\n ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2656\r\n __sys_sendmmsg+0x3c1/0x960 net/socket.c:2742\r\n __do_sys_sendmmsg net/socket.c:2771 [inline]\r\n __se_sys_sendmmsg net/socket.c:2768 [inline]\r\n __x64_sys_sendmmsg+0xbc/0x120 net/socket.c:2768\r\n x64_sys_call+0xb6e/0x3ba0 arch/x86/include/generated/asm/syscalls_64.h:308\r\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\r\n do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83\r\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\r\n\r\nCPU: 0 UID: 0 PID: 5460 Comm: syz.2.33 Not tainted 6.12.0-rc2-syzkaller-00006-g87d6aab2389e #0\r\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-50033"
},
{
"cve": "CVE-2024-50035",
"cwe": {
"id": "CWE-908",
"name": "Use of Uninitialized Resource"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nppp: fix ppp_async_encode() illegal access\r\n\r\nsyzbot reported an issue in ppp_async_encode() [1]\r\n\r\nIn this case, pppoe_sendmsg() is called with a zero size.\r\nThen ppp_async_encode() is called with an empty skb.\r\n\r\nBUG: KMSAN: uninit-value in ppp_async_encode drivers/net/ppp/ppp_async.c:545 [inline]\r\n BUG: KMSAN: uninit-value in ppp_async_push+0xb4f/0x2660 drivers/net/ppp/ppp_async.c:675\r\n ppp_async_encode drivers/net/ppp/ppp_async.c:545 [inline]\r\n ppp_async_push+0xb4f/0x2660 drivers/net/ppp/ppp_async.c:675\r\n ppp_async_send+0x130/0x1b0 drivers/net/ppp/ppp_async.c:634\r\n ppp_channel_bridge_input drivers/net/ppp/ppp_generic.c:2280 [inline]\r\n ppp_input+0x1f1/0xe60 drivers/net/ppp/ppp_generic.c:2304\r\n pppoe_rcv_core+0x1d3/0x720 drivers/net/ppp/pppoe.c:379\r\n sk_backlog_rcv+0x13b/0x420 include/net/sock.h:1113\r\n __release_sock+0x1da/0x330 net/core/sock.c:3072\r\n release_sock+0x6b/0x250 net/core/sock.c:3626\r\n pppoe_sendmsg+0x2b8/0xb90 drivers/net/ppp/pppoe.c:903\r\n sock_sendmsg_nosec net/socket.c:729 [inline]\r\n __sock_sendmsg+0x30f/0x380 net/socket.c:744\r\n ____sys_sendmsg+0x903/0xb60 net/socket.c:2602\r\n ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2656\r\n __sys_sendmmsg+0x3c1/0x960 net/socket.c:2742\r\n __do_sys_sendmmsg net/socket.c:2771 [inline]\r\n __se_sys_sendmmsg net/socket.c:2768 [inline]\r\n __x64_sys_sendmmsg+0xbc/0x120 net/socket.c:2768\r\n x64_sys_call+0xb6e/0x3ba0 arch/x86/include/generated/asm/syscalls_64.h:308\r\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\r\n do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83\r\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\r\n\r\nUninit was created at:\r\n slab_post_alloc_hook mm/slub.c:4092 [inline]\r\n slab_alloc_node mm/slub.c:4135 [inline]\r\n kmem_cache_alloc_node_noprof+0x6bf/0xb80 mm/slub.c:4187\r\n kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:587\r\n __alloc_skb+0x363/0x7b0 net/core/skbuff.c:678\r\n alloc_skb include/linux/skbuff.h:1322 [inline]\r\n sock_wmalloc+0xfe/0x1a0 net/core/sock.c:2732\r\n pppoe_sendmsg+0x3a7/0xb90 drivers/net/ppp/pppoe.c:867\r\n sock_sendmsg_nosec net/socket.c:729 [inline]\r\n __sock_sendmsg+0x30f/0x380 net/socket.c:744\r\n ____sys_sendmsg+0x903/0xb60 net/socket.c:2602\r\n ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2656\r\n __sys_sendmmsg+0x3c1/0x960 net/socket.c:2742\r\n __do_sys_sendmmsg net/socket.c:2771 [inline]\r\n __se_sys_sendmmsg net/socket.c:2768 [inline]\r\n __x64_sys_sendmmsg+0xbc/0x120 net/socket.c:2768\r\n x64_sys_call+0xb6e/0x3ba0 arch/x86/include/generated/asm/syscalls_64.h:308\r\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\r\n do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83\r\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\r\n\r\nCPU: 1 UID: 0 PID: 5411 Comm: syz.1.14 Not tainted 6.12.0-rc1-syzkaller-00165-g360c1f1f24c6 #0\r\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-50035"
},
{
"cve": "CVE-2024-50039",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnet/sched: accept TCA_STAB only for root qdisc\r\n\r\nMost qdiscs maintain their backlog using qdisc_pkt_len(skb) on the assumption it is invariant between the enqueue() and dequeue() handlers.\r\n\r\nUnfortunately syzbot can crash a host rather easily using a TBF + SFQ combination, with an STAB on SFQ [1]\r\n\r\nWe can\u0027t support TCA_STAB on arbitrary level, this would require to maintain per-qdisc storage.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-50039"
},
{
"cve": "CVE-2024-50040",
"cwe": {
"id": "CWE-390",
"name": "Detection of Error Condition Without Action"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: igb: Do not bring the device up after non-fatal error.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-50040"
},
{
"cve": "CVE-2024-50044",
"cwe": {
"id": "CWE-667",
"name": "Improper Locking"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nBluetooth: RFCOMM: FIX possible deadlock in rfcomm_sk_state_change\r\n\r\nrfcomm_sk_state_change attempts to use sock_lock so it must never be called with it locked but rfcomm_sock_ioctl always attempt to lock it.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-50044"
},
{
"cve": "CVE-2024-50045",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: netfilter: br_netfilter: fix panic with metadata_dst skb.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-50045"
},
{
"cve": "CVE-2024-50046",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nNFSv4: Prevent NULL-pointer dereference in nfs42_complete_copies()\r\n\r\nOn the node of an NFS client, some files saved in the mountpoint of the NFS server were copied to another location of the same NFS server.\r\nAccidentally, the nfs42_complete_copies() got a NULL-pointer dereference crash.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-50046"
},
{
"cve": "CVE-2024-50049",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "drm/amd/display: null pointer before dereferencing se.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-50049"
},
{
"cve": "CVE-2024-50051",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "spi: mpc52xx: Add cancel_work_sync before module remove. If the module which will call mpc52xx_spi_remove is removed, it will free \u0027ms\u0027 through spi_unregister_controller. while the work ms-\u003ework will be used. The sequence of operations that may lead to a UAF bug.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-50051"
},
{
"cve": "CVE-2024-50059",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "ntb: ntb_hw_switchtec: use after free vulnerability in switchtec_ntb_remove due to race condition.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-50059"
},
{
"cve": "CVE-2024-50074",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "parport: The recent fix for array out-of-bounds accesses replaced sprintf() calls blindly with snprintf(). However, since snprintf() returns the would-be-printed size, not the actually output size, the length calculation can still go over the given limit.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-50074"
},
{
"cve": "CVE-2024-50082",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "blk-rq-qos: vulnerability in blk-rq-qos can cause a crash due to a race condition between rq_qos_wait and rq_qos_wake_function, which is fixed by ensuring the waitqueue entry is accessed in the correct order.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-50082"
},
{
"cve": "CVE-2024-50083",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "tcp: vulnerability in may cause DSS corruption due to large PMTU transmissions, which is fixed by addressing the issue in the __mptcp_move_skbs_from_subflow function.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-50083"
},
{
"cve": "CVE-2024-50089",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "unicode: problematic ignorable code points.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-50089"
},
{
"cve": "CVE-2024-50095",
"cwe": {
"id": "CWE-667",
"name": "Improper Locking"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nRDMA/mad: Improve handling of timed out WRs of mad agent\r\n\r\nCurrent timeout handler of mad agent acquires/releases mad_agent_priv lock for every timed out WRs. This causes heavy locking contention when higher no. of WRs are to be handled inside timeout handler.\r\n\r\nThis leads to softlockup with below trace in some use cases where rdma-cm path is used to establish connection between peer nodes\r\n\r\n\r\nSimplified timeout handler by creating local list of timed out WRs and invoke send handler post creating the list. The new method acquires/releases lock once to fetch the list and hence helps to reduce locking contetiong when processing higher no. of WRs",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-50095"
},
{
"cve": "CVE-2024-50096",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "nouveau/dmem: vulnerability in migrate_to_ram upon copy error.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-50096"
},
{
"cve": "CVE-2024-50099",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "arm64: probes: Broken LDR (literal) uprobe support.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-50099"
},
{
"cve": "CVE-2024-50179",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "ceph: incorrect Fw reference check when dirtying pages.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-50179"
},
{
"cve": "CVE-2024-50180",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "fbdev: sisfb: Fix strbuf array overflow. The values of the variables xres and yres are placed in strbuf. These variables are obtained from strbuf1. The strbuf1 array contains digit characters and a space if the array contains non-digit characters. Then, when executing sprintf(strbuf, \"%ux%ux8\", xres, yres); more than 16 bytes will be written to strbuf.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-50180"
},
{
"cve": "CVE-2024-50181",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "clk: imx: Remove CLK_SET_PARENT_GATE for DRAM mux for i.MX7D. For i.MX7D DRAM related mux clock, the clock source change should ONLY be done done in low level asm code without accessing DRAM, and then calling clk API to sync the HW clock status with clk tree, it should never touch real clock source switch via clk API, so CLK_SET_PARENT_GATE flag should NOT be added, otherwise, DRAM\u0027s clock parent will be disabled when DRAM is active, and system will hang.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-50181"
},
{
"cve": "CVE-2024-50184",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "virtio_pmem: Check device status before requesting flush. If a pmem device is in a bad status, the driver side could wait for host ack forever in virtio_pmem_flush(), causing the system to hang.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-50184"
},
{
"cve": "CVE-2024-50185",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "linux: mptcp: handle consistently DSS corruption. Bugged peer implementation can send corrupted DSS options, consistently hitting a few warning in the data path.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-50185"
},
{
"cve": "CVE-2024-50188",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "net: phy: dp83869: fix memory corruption when enabling fiber. When configuring the fiber port, the DP83869 PHY driver incorrectly calls linkmode_set_bit() with a bit mask (1 \u0026lt;\u0026lt; 10) rather than a bit number (10). This corrupts some other memory location -- in case of arm64 the priv pointer in the same structure.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-50188"
},
{
"cve": "CVE-2024-50193",
"cwe": {
"id": "CWE-665",
"name": "Improper Initialization"
},
"notes": [
{
"category": "summary",
"text": "x86/entry_32: Clear CPU buffers after register restore in NMI return CPU buffers are currently cleared after call to exc_nmi, but before register state is restored. This may be okay for MDS mitigation but not for RDFS. Because RDFS mitigation requires CPU buffers to be cleared when registers don\u0027t have any sensitive data. Move CLEAR_CPU_BUFFERS after RESTORE_ALL_NMI.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-50193"
},
{
"cve": "CVE-2024-50194",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "arm64: probes: Fix uprobes for big-endian kernels The arm64 uprobes code is broken for big-endian kernels as it doesn\u0027t convert the in-memory instruction encoding (which is always little-endian) into the kernel\u0027s native endianness before analyzing and simulating instructions.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-50194"
},
{
"cve": "CVE-2024-50195",
"cwe": {
"id": "CWE-754",
"name": "Improper Check for Unusual or Exceptional Conditions"
},
"notes": [
{
"category": "summary",
"text": "posix-clock: Fix missing timespec64 check in pc_clock_settime().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-50195"
},
{
"cve": "CVE-2024-50198",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "iio: light: veml6030: fix IIO device retrieval from embedded device. The dev pointer that is received as an argument in the in_illuminance_period_available_show function references the device embedded in the IIO device, not in the i2c client. dev_to_iio_dev() must be used to accessthe right data. The current implementation leads to a segmentation fault on every attempt to read the attribute because indio_dev gets a NULL assignment.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-50198"
},
{
"cve": "CVE-2024-50199",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "mm/swapfile: skip HugeTLB pages for unuse_vma I got a bad pud error and lost a 1GB HugeTLB when calling swapoff.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-50199"
},
{
"cve": "CVE-2024-50201",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "linux: drm/radeon: encoder-\u003epossible_clones. In the past nothing validated that drivers were populating possible_clones correctly, which resulted in some warnings during driver initialization.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-50201"
},
{
"cve": "CVE-2024-50202",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "nilfs2: propagate directory read errors from nilfs_find_entry(). A task hang occurs in vcs_open() during a fuzzing test for nilfs2. The root cause of this problem is that in nilfs_find_entry(), which searches for directory entries, ignores errors when loading a directory page/folio via nilfs_get_folio() fails. If the filesystem images is corrupted, and the i_size of the directory inode is large, and the directory page/folio is successfully read but fails the sanity check.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-50202"
},
{
"cve": "CVE-2024-50218",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "ocfs2: pass u64 to ocfs2_truncate_inline maybe overflow.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-50218"
},
{
"cve": "CVE-2024-50234",
"cwe": {
"id": "CWE-367",
"name": "Time-of-check Time-of-use (TOCTOU) Race Condition"
},
"notes": [
{
"category": "summary",
"text": "wifi: iwlegacy: vulnerability due to stale interrupts not being cleared before resuming the iwl4965 device from hibernation, causing a race condition between the resume process and restart work.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-50234"
},
{
"cve": "CVE-2024-50236",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "wifi: ath10k: Fix memory leak in management tx In the current logic, memory is allocated for storing the MSDU context during management packet TX but this memory is not being freed during management TX completion. Similar leaks are seen in the management TX cleanup logic.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-50236"
},
{
"cve": "CVE-2024-50237",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "wifi: mac80211: do not pass a stopped vif to the driver in .get_txpower Avoid potentially crashing in the driver because of uninitialized private data.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-50237"
},
{
"cve": "CVE-2024-50251",
"cwe": {
"id": "CWE-131",
"name": "Incorrect Calculation of Buffer Size"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_payload: sanitize offset and length before calling skb_checksum() If access to offset + length is larger than the skbuff length, then skb_checksum() triggers BUG_ON(). skb_checksum() internally subtracts the length parameter while iterating over skbuff, BUG_ON(len) at the end of it checks that the expected length to be included in the checksum calculation is fully consumed.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-50251"
},
{
"cve": "CVE-2024-50262",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: bpf: Fix out-of-bounds write in trie_get_next_key().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-50262"
},
{
"cve": "CVE-2024-50264",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "vsock/virtio: Initialization of the dangling pointer occurring in vsk-\u003etrans. During loopback communication, a dangling pointer can be created in vsk-\u003etrans, potentially leading to a Use-After-Free condition.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-50264"
},
{
"cve": "CVE-2024-50265",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "ocfs2: remove entry once instead of null-ptr-dereference in ocfs2_xa_remove() Syzkaller is able to provoke null-ptr-dereference in ocfs2_xa_remove().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-50265"
},
{
"cve": "CVE-2024-50267",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "USB: serial: io_edgeport: fix use after free in debug printk The \"dev_dbg(\u0026urb-\u003edev-\u003edev, ...\" which happens after usb_free_urb(urb) is a use after free of the \"urb\" pointer.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-50267"
},
{
"cve": "CVE-2024-50268",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "usb: typec: fix potential out of bounds in ucsi_ccg_update_set_new_cam_cmd(). The \"*cmd\" variable can be controlled by the user via debugfs. That means \"new_cam\" can be as high as 255 while the size of the uc-\u003eupdated[] array is UCSI_MAX_ALTMODES (30). The call tree is: ucsi_cmd() // val comes from simple_attr_write_xsigned() -\u003e ucsi_send_command() -\u003e ucsi_send_command_common() -\u003e ucsi_run_command() // calls ucsi-\u003eops-\u003esync_control() -\u003e ucsi_ccg_sync_control().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-50268"
},
{
"cve": "CVE-2024-50269",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "usb: musb: sunxi: accessing an released usb phy will cause that usb phy @glue-\u003exceiv is accessed after released.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-50269"
},
{
"cve": "CVE-2024-50273",
"cwe": {
"id": "CWE-908",
"name": "Use of Uninitialized Resource"
},
"notes": [
{
"category": "summary",
"text": "btrfs: reinitialize delayed ref list after deleting it from the list. At insert_delayed_ref() if there is a need to update the action of an existing ref to BTRFS_DROP_DELAYED_REF, the ref from its ref head\u0027s ref_add_list is deleted using list_del(), which leaves the ref\u0027s add_list member not reinitialized, as list_del() sets the next and prev members of the list to LIST_POISON1 and LIST_POISON2, respectively.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-50273"
},
{
"cve": "CVE-2024-50278",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "dm cache: potential out-of-bounds access on the first resume Out-of-bounds access occurs if the fast device is expanded unexpectedly before the first-time resume of the cache table.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-50278"
},
{
"cve": "CVE-2024-50279",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "dm cache: out-of-bounds access to the dirty bitset when resizing dm-cache checks the dirty bits of the cache blocks to be dropped when shrinking the fast device, but an index bug in bitset iteration causes out-of-bounds access.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-50279"
},
{
"cve": "CVE-2024-50282",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "drm/amdgpu: add missing size check in amdgpu_debugfs_gprwave_read() Avoid a possible buffer overflow if size is larger than 4K.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-50282"
},
{
"cve": "CVE-2024-50287",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "media: v4l2-tpg: prevent the risk of a division by zero As reported by Coverity, the logic at tpg_precalculate_line() blindly rescales the buffer even when scaled_witdh is equal to zero.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-50287"
},
{
"cve": "CVE-2024-50290",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "media: cx24116: prevent overflows on SNR calculus as reported by Coverity, if reading SNR registers fail, a negative number will be returned, causing an underflow when reading SNR registers. Prevent that.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-50290"
},
{
"cve": "CVE-2024-50292",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "ASoC: stm32: spdifrx: dma channel release in stm32_spdifrx_remove In case of error when requesting ctrl_chan DMA channel, ctrl_chan is not null.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-50292"
},
{
"cve": "CVE-2024-50295",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "net: arc: A warning is shown because ndev-\u003edev and pdev-\u003edev are not the same device.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-50295"
},
{
"cve": "CVE-2024-50296",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "hns3: A kernel crash may occur when the driver is uninstalled and the VF is disabled concurrently.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-50296"
},
{
"cve": "CVE-2024-50299",
"cwe": {
"id": "CWE-131",
"name": "Incorrect Calculation of Buffer Size"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: sctp: properly validate chunk size in sctp_sf_ootb()",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-50299"
},
{
"cve": "CVE-2024-50301",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: security/keys: fix slab-out-of-bounds in key_task_permission.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-50301"
},
{
"cve": "CVE-2024-50302",
"cwe": {
"id": "CWE-908",
"name": "Use of Uninitialized Resource"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: HID: core: zero-initialize the report buffer Since the report buffer is used by all kinds of drivers in various ways, let\u0027s zero-initialize it during allocation to make sure that it can\u0027t be ever used to leak kernel memory via specially-crafted report.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-50302"
},
{
"cve": "CVE-2024-50304",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "ipv4: ip_tunnel: Suspicious RCU usage warning in ip_tunnel_find().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-50304"
},
{
"cve": "CVE-2024-50602",
"cwe": {
"id": "CWE-754",
"name": "Improper Check for Unusual or Exceptional Conditions"
},
"notes": [
{
"category": "summary",
"text": "An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-50602"
},
{
"cve": "CVE-2024-52332",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "summary",
"text": "igb: Fix potential invalid memory access in igb_init_module() The pci_register_driver() can fail and when this happened, the dca_notifier needs to be unregistered, otherwise the dca_notifier can be called when igb fails to install, resulting to invalid memory access.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-52332"
},
{
"cve": "CVE-2024-53052",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "io_uring/rw: vulnerability due to io_uring not checking for IOCB_NOWAIT when starting an O_DIRECT write, leading to potential deadlocks if the mount point is being frozen.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-53052"
},
{
"cve": "CVE-2024-53057",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-53057"
},
{
"cve": "CVE-2024-53059",
"cwe": {
"id": "CWE-460",
"name": "Improper Cleanup on Thrown Exception"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nwifi: iwlwifi: mvm: Fix response handling in iwl_mvm_send_recovery_cmd()\r\n\r\n1. The size of the response packet is not validated.\r\n2. The response buffer is not freed.\r\n\r\nResolve these issues by switching to iwl_mvm_send_cmd_status(), which handles both size validation and frees the buffer.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-53059"
},
{
"cve": "CVE-2024-53060",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "drm/amdgpu: vulnerability due to a potential NULL pointer dereference in drm/amdgpu if acpi_evaluate_object() returns AE_NOT_FOUND, which is mitigated by bailing out when this status is encountered.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-53060"
},
{
"cve": "CVE-2024-53061",
"cwe": {
"id": "CWE-191",
"name": "Integer Underflow (Wrap or Wraparound)"
},
"notes": [
{
"category": "summary",
"text": "media: s5p-jpeg: vulnerability due to the possibility of buffer overflows when the variable word is less than 2, which is prevented by adding extra checks.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-53061"
},
{
"cve": "CVE-2024-53063",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "media: dvbdev: risk of out of memory access.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-53063"
},
{
"cve": "CVE-2024-53066",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "nfs: KMSAN warning in decode_getfattr_attrs().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-53066"
},
{
"cve": "CVE-2024-53097",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "mm: krealloc: MTE false alarm in __do_krealloc.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-53097"
},
{
"cve": "CVE-2024-53101",
"cwe": {
"id": "CWE-456",
"name": "Missing Initialization of a Variable"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: fs: Fix uninitialized value issue in from_kuid and from_kgid ocfs2_setattr() uses attr-\u003eia_mode, attr-\u003eia_uid and attr-\u003eia_gid in a trace point even though ATTR_MODE, ATTR_UID and ATTR_GID aren\u0027t set. Initialize all fields of newattrs to avoid uninitialized variables, by checking if ATTR_MODE, ATTR_UID, ATTR_GID are initialized, otherwise 0.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-53101"
},
{
"cve": "CVE-2024-53103",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "hv_sock: Initializing vsk-\u003etrans to NULL to prevent a dangling pointer When hvs is released, there is a possibility that vsk-\u003etrans may not be initialized to NULL, which could lead to a dangling pointer.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-53103"
},
{
"cve": "CVE-2024-53104",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format This can lead to out of bounds writes since frames of this type were not taken into account when calculating the size of the frames buffer in uvc_parse_streaming.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:H/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-53104"
},
{
"cve": "CVE-2024-53145",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "um: potential integer overflow during physmem setup. This vulnerability happens when the real map size is greater than LONG_MAX, which can be easily triggered on UML/i386.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-53145"
},
{
"cve": "CVE-2024-53146",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "NFSD: Prevent a potential integer overflow If the tag length is \u003e= U32_MAX - 3 then the \"length + 4\" addition can result in an integer overflow. Address this by splitting the decoding into several steps so that decode_cb_compound4res() does not have to perform arithmetic on the unsafe length value.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-53146"
},
{
"cve": "CVE-2024-53148",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "comedi: Flush partial mappings in error case If some remap_pfn_range() calls succeeded before one failed, we still have buffer pages mapped into the userspace page tables when we drop the buffer reference with comedi_buf_map_put(bm). The userspace mappings are only cleaned up later in the mmap error path.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-53148"
},
{
"cve": "CVE-2024-53150",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "ALSA: usb-audio: out of bounds reads when finding clock sources The current USB-audio driver code doesn\u0027t check bLength of each descriptor at traversing for clock descriptors. That is, when a device provides a bogus descriptor with a shorter bLength, the driver might hit out-of-bounds reads. For addressing it, this patch adds sanity checks to the validator functions for the clock descriptor traversal. When the descriptor length is shorter than expected, it\u0027s skipped in the loop. For the clock source and clock multiplier descriptors, we can just check bLength against the sizeof() of each descriptor type.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H/E:H/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-53150"
},
{
"cve": "CVE-2024-53155",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "ocfs2: uninitialized value in ocfs2_file_read_iter().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-53155"
},
{
"cve": "CVE-2024-53156",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-53156"
},
{
"cve": "CVE-2024-53157",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "firmware: arm_scpi: Check the DVFS OPP count returned by the firmware Fix a kernel crash with the below call trace when the SCPI firmware returns OPP count of zero.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-53157"
},
{
"cve": "CVE-2024-53158",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "soc: qcom: geni-se: array underflow in geni_se_clk_tbl_get() This loop is supposed to break if the frequency returned from clk_round_rate() is the same as on the previous iteration. However, that check doesn\u0027t make sense on the first iteration through the loop. It leads to reading before the start of these-\u003eclk_perf_tbl[] array.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-53158"
},
{
"cve": "CVE-2024-53161",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "EDAC/bluefield: potential integer overflow The 64-bit argument for the \"get DIMM info\" SMC call consists of mem_ctrl_idx left-shifted 16 bits and OR-ed with DIMM index. With mem_ctrl_idx defined as 32-bits wide the left-shift operation truncates the upper 16 bits of information during the calculation of the SMC argument. The mem_ctrl_idx stack variable must be defined as 64-bits wide to prevent any potential integer overflow, i.e. loss of data from upper 16 bits.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-53161"
},
{
"cve": "CVE-2024-53165",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: sh: intc: Fix use-after-free bug in register_intc_controller() In the error handling for this function, d is freed without ever removing it from intc_list which would lead to a use after free. To fix this, let\u0027s only add it to the list after everything has succeeded.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-53165"
},
{
"cve": "CVE-2024-53171",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "ubifs: authentication: After an insertion in TNC, the tree might split and cause a node to change its `znode-\u003eparent`. A further deletion of other nodes in the tree (which also could free the nodes), the aforementioned node\u0027s `znode-\u003ecparent` could still point to a freed node. This `znode-\u003ecparent` may not be updated when getting nodes to commit in `ubifs_tnc_start_commit()`. This could then trigger a use-after-free when accessing the `znode-\u003ecparent` in `write_index()` in `ubifs_tnc_end_commit()`.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-53171"
},
{
"cve": "CVE-2024-53172",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "ubi: fastmap: The duplicate slab cache names can be detected and a kernel WARNING is thrown out.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-53172"
},
{
"cve": "CVE-2024-53173",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "NFSv4.0: When two threads are opening files at the same time, and are forced to abort before a reply is seen, then the call to nfs_release_seqid() in nfs4_opendata_free() can result in a use-after-free of the pointer to the defunct rpc task of the other thread.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-53173"
},
{
"cve": "CVE-2024-53174",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "SUNRPC: The function `c_show` was called with protection from RCU. This only ensures that `cp` will not be freed. Therefore, the reference count for `cp` can drop to zero, which will trigger a refcount use-after-free warning when `cache_get` is called.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-53174"
},
{
"cve": "CVE-2024-53181",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "um: vector: The drvdata is not available in release",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-53181"
},
{
"cve": "CVE-2024-53183",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "um: net: The drvdata is not available in release.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-53183"
},
{
"cve": "CVE-2024-53184",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "um: ubd: The drvdata is not available in release.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-53184"
},
{
"cve": "CVE-2024-53194",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "PCI: vulnerability causes a use-after-free error during hot removal of a USB4 dock due to improper handling of pci_slot and pci_bus references, which is fixed by ensuring pci_slot acquires a reference to pci_bus.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-53194"
},
{
"cve": "CVE-2024-53197",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "ALSA: usb-audio: vulnerability leading to out-of-bound accesses due to a bogus device providing an excessive bNumConfigurations value, which is fixed by ensuring proper allocation in usb_get_configuration.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:H/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-53197"
},
{
"cve": "CVE-2024-53198",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "xen: issue of resource not being properly released in xenbus_dev_probe().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-53198"
},
{
"cve": "CVE-2024-53214",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "vfio/pci: out-of-bounds access to ecap_perms array.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-53214"
},
{
"cve": "CVE-2024-53217",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: NFSD: Prevent NULL dereference in nfsd4_process_cb_update().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-53217"
},
{
"cve": "CVE-2024-53226",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "RDMA/hns: vulnerability due to a potential NULL pointer dereference in hns_roce_map_mr_sg() because ib_map_mr_sg() allows upper layer protocols (ULPs) to specify NULL as the sg_offset argument, requiring the driver to check for NULL before dereferencing.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-53226"
},
{
"cve": "CVE-2024-53227",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "scsi: bfa: use-after-free in bfad_im_module_exit().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-53227"
},
{
"cve": "CVE-2024-53237",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "Bluetooth: vulnerability due to an use-after-free error in the device_for_each_child function, where a device may be accessed after it has been freed, potentially leading to a dangling pointer and system instability.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-53237"
},
{
"cve": "CVE-2024-53239",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "ALSA: 6fire: The current 6fire code tries to release the resources right after the call of usb6fire_chip_abort(). But at this moment, the card object might be still in use (as we\u0027re calling snd_card_free_when_closed()) and cause potential UAFs.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-53239"
},
{
"cve": "CVE-2024-53240",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "xen/netfront: vulnerability causes a crash when removing a device after a suspend/resume cycle due to uninitialized queues, which is fixed by checking for the existence of queues before attempting to stop them.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-53240"
},
{
"cve": "CVE-2024-53241",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "summary",
"text": "x86/xen: vulnerability due to issues with the PV iret hypercall through the hypercall page, which is fixed by directly coding the sequence in xen-asm.S to avoid problems with speculation mitigations.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-53241"
},
{
"cve": "CVE-2024-53680",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "ipvs: vulnerability causes undefined behavior due to uninitialized stack access in ip_vs_protocol_init(), which is fixed by zeroing the on-stack buffer to prevent out-of-bound accesses.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-53680"
},
{
"cve": "CVE-2024-56531",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "ALSA: caiaq: OTOH, the current code uses snd_card_free() at disconnection, but this waits for the close of all used fds, hence it can take long. It eventually blocks the upper layer USB ioctls, which may trigger a soft lockup.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-56531"
},
{
"cve": "CVE-2024-56532",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "ALSA: us122l: OTOH, the current code uses snd_card_free() at disconnection, but this waits for the close of all used fds, hence it can take long. It eventually blocks the upper layer USB ioctls, which may trigger a soft lockup.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-56532"
},
{
"cve": "CVE-2024-56533",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "ALSA: usx2y: The USB disconnect callback takes longer than it should. The current code uses snd_card_free() at disconnection, but this waits for the close of all used fds, hence it can take long. It eventually blocks the upper layer USB ioctls, which may trigger a soft lockup.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-56533"
},
{
"cve": "CVE-2024-56539",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-56539"
},
{
"cve": "CVE-2024-56548",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "hfsplus: Devices block sizes may change. One of these cases is a loop device by using ioctl LOOP_SET_BLOCK_SIZE. While this may cause other issues like IO being rejected, in the case of hfsplus, it will allocate a block by using that size and potentially write out-of-bounds when hfsplus_read_wrapper calls hfsplus_submit_bio and the latter function reads a different io_size.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-56548"
},
{
"cve": "CVE-2024-56558",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "nfsd: make sure exp active before svc_export_show The function `e_show` was called with protection from RCU. This only ensures that `exp` will not be freed. Therefore, the reference count for `exp` can drop to zero, which will trigger a refcount use-after-free warning when `exp_get` is called.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-56558"
},
{
"cve": "CVE-2024-56562",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "i3c: master: miss free init_dyn_addr at i3c_master_put_i3c_addrs().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-56562"
},
{
"cve": "CVE-2024-56567",
"cwe": {
"id": "CWE-369",
"name": "Divide By Zero"
},
"notes": [
{
"category": "summary",
"text": "ad7780: division by zero in ad7780_write_raw() In the ad7780_write_raw() , val2 can be zero, which might lead to a division by zero error in DIV_ROUND_CLOSEST(). The ad7780_write_raw() is based on iio_info\u0027s write_raw. While val is explicitly declared that can be zero (in read mode), val2 is not specified to be non-zero.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-56567"
},
{
"cve": "CVE-2024-56568",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "iommu/arm-smmu: Defer probe of clients after smmu device bound Null pointer dereference occurs due to a race between smmu driver probe and client driver probe, when of_dma_configure() for client is called after the iommu_device_register() for smmu driver probe has executed but before the driver_bound() for smmu driver has been called.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-56568"
},
{
"cve": "CVE-2024-56569",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "ftrace: Fix regression with module command in stack_trace_filter When executing the following command: # echo \"write*:mod:ext3\" \u003e /sys/kernel/tracing/stack_trace_filter The current mod command causes a null pointer dereference. While commit 0f17976568b3f (\"ftrace: Fix regression with module command in stack_trace_filter\") has addressed part of the issue, it left a corner case unhandled, which still results in a kernel crash.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-56569"
},
{
"cve": "CVE-2024-56570",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: ovl: Filter invalid inodes with missing lookup function Add a check to the ovl_dentry_weird() function to prevent the processing of directory inodes that lack the lookup function.This is important because such inodes can cause errors in overlayfs when passed to the lowerstack.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-56570"
},
{
"cve": "CVE-2024-56571",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "media: uvcvideo: Require entities to have a non-zero unique ID.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-56571"
},
{
"cve": "CVE-2024-56572",
"cwe": {
"id": "CWE-401",
"name": "Missing Release of Memory after Effective Lifetime"
},
"notes": [
{
"category": "summary",
"text": "media: platform: allegro-dvt: possible memory leak in allocate_buffers_internal(). If The buffer in the loop is not released under the exception path, it may lead to a memory leak.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-56572"
},
{
"cve": "CVE-2024-56574",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "media: ts2020: null-ptr-deref in ts2020_probe().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-56574"
},
{
"cve": "CVE-2024-56576",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "media: i2c: tc358743: crash in the probe error path when using polling. If an error occurs in the probe() function, the polling timer that was alarmed earlier should be removed, otherwise the timer is called with arguments that are already freed, which results in a crash.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-56576"
},
{
"cve": "CVE-2024-56581",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "btrfs: ref-verify: use-after-free after invalid ref action.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-56581"
},
{
"cve": "CVE-2024-56586",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "f2fs: fix f2fs_bug_on when uninstalling filesystem call f2fs_evict_inode. creating a large files during checkpoint disable until it runs out of space and then delete it, then remount to enable checkpoint again, and then unmount the filesystem triggers the f2fs_bug_on.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-56586"
},
{
"cve": "CVE-2024-56587",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "leds: class: Protect brightness_show() with led_cdev-\u003eled_access mutex. There is NULL pointer vulnerability observed if from Process A where hid device being added which results in adding a led_cdev addition and later a another call to access of led_cdev attribute from Process B can result in NULL pointer vulnerability.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-56587"
},
{
"cve": "CVE-2024-56589",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "scsi: hisi_sas: Add cond_resched() for no forced preemption model. For no forced preemption model kernel, in the scenario where the expander is connected to 12 high performance SAS SSDs, a call trace may occur.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-56589"
},
{
"cve": "CVE-2024-56593",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "wifi: brcmfmac: Fix oops due to NULL pointer dereference in brcmf_sdiod_sglist_rw(). This patch fixes a NULL pointer dereference bug in brcmfmac that occurs when a high \u0027sd_sgentry_align\u0027 value applies (e.g. 512) and a lot of queued SKBs are sent from the pkt queue.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-56593"
},
{
"cve": "CVE-2024-56594",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "drm/amdgpu: set the right AMDGPU sg segment limitation. The driver needs to set the correct max_segment_size; otherwise debug_dma_map_sg() will complain about the over-mapping of the AMDGPU sg length.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-56594"
},
{
"cve": "CVE-2024-56595",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "jfs: add a check to prevent array-index-out-of-bounds in dbAdjTree. When the value of lp is 0 at the beginning of the for loop, it will become negative in the next assignment and we should bail out.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-56595"
},
{
"cve": "CVE-2024-56596",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "jfs: array-index-out-of-bounds in jfs_readdir. The stbl might contain some invalid values. Added a check to return error code in that case.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-56596"
},
{
"cve": "CVE-2024-56597",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "jfs: fix shift-out-of-bounds in dbSplit. When dmt_budmin is less than zero, it causes errors in the later stages. Added a check to return an error beforehand in dbAllocCtl itself.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-56597"
},
{
"cve": "CVE-2024-56598",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "jfs: array-index-out-of-bounds fix in dtReadFirst. The value of stbl can be sometimes out of bounds due to a bad filesystem. Added a check with appopriate return of error code in that case.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-56598"
},
{
"cve": "CVE-2024-56600",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "net: inet6: do not leave a dangling sk pointer in inet6_create() sock_init_data() attaches the allocated sk pointer to the provided sock object. If inet6_create() fails later, the sk object is released, but the sock object retains the dangling sk pointer, which may cause use-after-free later. Clear the sock sk pointer on error.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-56600"
},
{
"cve": "CVE-2024-56601",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: net: inet: do not leave a dangling sk pointer in inet_create() sock_init_data() attaches the allocated sk object to the provided sock object. If inet_create() fails later, the sk object is freed, but the sock object retains the dangling pointer, which may create use-after-free later. Clear the sk pointer in the sock object on error.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-56601"
},
{
"cve": "CVE-2024-56602",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "net: ieee802154: do not leave a dangling sk pointer in ieee802154_create(). sock_init_data() attaches the allocated sk object to the provided sock object. If ieee802154_create() fails later, the allocated sk object is freed, but the dangling pointer remains in the provided sock object, which may allow use-after-free.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-56602"
},
{
"cve": "CVE-2024-56603",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "net: af_can: do not leave a dangling sk pointer in can_create(). On error can_create() frees the allocated sk object, but sock_init_data() has already attached it to the provided sock object. This will leave a dangling sk pointer in the sock object and may cause use-after-free later.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-56603"
},
{
"cve": "CVE-2024-56605",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create() bt_sock_alloc() allocates the sk object and attaches it to the provided sock object. On error l2cap_sock_alloc() frees the sk object, but the dangling pointer is still attached to the sock object, which may create use-after-free in other code.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-56605"
},
{
"cve": "CVE-2024-56606",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "af_packet: avoid erroring out after sock_init_data() in packet_create() After sock_init_data() the allocated sk object is attached to the provided sock object. On error, packet_create() frees the sk object leaving the dangling pointer in the sock object on return. Some other code may try to use this pointer and cause use-after-free.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-56606"
},
{
"cve": "CVE-2024-56610",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "kcsan: Turn report_filterlist_lock into a raw_spinlock, with a KCSAN-enabled PREEMPT_RT kernel, we can see splats like sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-56610"
},
{
"cve": "CVE-2024-56615",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "bpf: OOB devmap writes when deleting elements against XSKMAP which also applies to DEVMAP - the index used for accessing map entry, due to being a signed integer, causes the OOB writes.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-56615"
},
{
"cve": "CVE-2024-56619",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "nilfs2: When searching for records in a directory where the inode\u0027s i_size is corrupted and has a large value, memory access outside the folio/page range may occur, or a use-after-free bug may be detected if KASAN is enabled.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-56619"
},
{
"cve": "CVE-2024-56623",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "scsi: qla2xxx: System crash is observed with stack trace warning of use after free.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-56623"
},
{
"cve": "CVE-2024-56629",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "HID: wacom: Due to incorrect dev-\u003eproduct reporting by certain devices, null pointer dereferences occur when dev-\u003eproduct is empty, leading to potential system crashes.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-56629"
},
{
"cve": "CVE-2024-56630",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "ocfs2: iput() is not called when new_inode() succeeded and dquot_initialize() failed.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-56630"
},
{
"cve": "CVE-2024-56633",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "tcp_bpf: The current sk memory accounting logic in __SK_REDIRECT is pre-uncharging tosend bytes, which is either msg-\u003esg.size or a smaller value apply_bytes.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-56633"
},
{
"cve": "CVE-2024-56634",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "gpio: grgpio: vulnerability due to a missing NULL check in grgpio_probe for the return value of devm_kasprintf(), leading to a kernel NULL pointer dereference error.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-56634"
},
{
"cve": "CVE-2024-56636",
"cwe": {
"id": "CWE-241",
"name": "Improper Handling of Unexpected Data Type"
},
"notes": [
{
"category": "summary",
"text": "geneve: vulnerability in geneve_xmit_skb() arises from incorrectly assuming the MAC header is set in the output path, which can lead to errors. The fix involves using skb_eth_hdr() instead of eth_hdr() to ensure the MAC header is correctly referenced, preventing potential issues.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-56636"
},
{
"cve": "CVE-2024-56637",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "netfilter: ipset: vulnerability involves a race condition where the ip_set.ko module can be unloaded by user space while it is requesting a set type backend module, potentially causing a kernel crash.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-56637"
},
{
"cve": "CVE-2024-56642",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "tipc: vulnerability in TIPC (Transparent Inter-Process Communication) involves a use-after-free issue with the UDP kernel socket in cleanup_bearer(), caused by premature reference count decrements, which is resolved by moving the decrement after releasing the socket.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-56642"
},
{
"cve": "CVE-2024-56643",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "dccp: vulnerability in DCCP (Datagram Congestion Control Protocol) involves a memory leak in dccp_feat_change_recv where memory allocated for a new SP feature value is not freed if dccp_feat_push_confirm() fails, leading to potential resource exhaustion.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-56643"
},
{
"cve": "CVE-2024-56644",
"cwe": {
"id": "CWE-401",
"name": "Missing Release of Memory after Effective Lifetime"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: net/ipv6: release expired exception dst cached in socket Dst objects get leaked in ip6_negative_advice() when this function is executed for an expired IPv6 route located in the exception table.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-56644"
},
{
"cve": "CVE-2024-56645",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "can: j1939: vulnerability involves a reference count underflow issue in j1939_session_new(), which is fixed by adding an extra skb_get() to match the behavior of j1939_session_skb_queue().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-56645"
},
{
"cve": "CVE-2024-56648",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "net: hsr: avoid potential out-of-bound access in fill_frame_info(). By extending the check to cover packets with only 14 bytes, it prevents uninitialized values from causing undefined behavior or security issues.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-56648"
},
{
"cve": "CVE-2024-56650",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: netfilter: x_tables: fix LED ID check in led_tg_check() Syzbot has reported the following BUG detected by KASAN",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-56650"
},
{
"cve": "CVE-2024-56659",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "net: lapb: It is unclear if net/lapb code is supposed to be ready for 8021q, this may lead to crashes.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-56659"
},
{
"cve": "CVE-2024-56661",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "tipc: NULL deref in cleanup_bearer().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-56661"
},
{
"cve": "CVE-2024-56662",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "acpi: nfit: vmalloc-out-of-bounds Read in acpi_nfit_ctl.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-56662"
},
{
"cve": "CVE-2024-56670",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "usb: gadget: u_serial: gs_start_io crashed due to accessing null pointer. Considering that in some extreme cases, when u_serial driver is accessed by multiple threads, Thread A is executing the open operation and calling the gs_open, Thread B is executing the disconnect operation and calling the gserial_disconnect function, the port-\u003eport_usb pointer will be set to NULL.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-56670"
},
{
"cve": "CVE-2024-56681",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "crypto: bcm - add error check in the ahash_hmac_init function The ahash_init functions may return fails. The ahash_hmac_init should not return ok when ahash_init returns error.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-56681"
},
{
"cve": "CVE-2024-56688",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "sunrpc: clear XPRT_SOCK_UPD_TIMEOUT when reset transport Since transport-\u003esock has been set to NULL during reset transport, XPRT_SOCK_UPD_TIMEOUT also needs to be cleared.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-56688"
},
{
"cve": "CVE-2024-56690",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "crypto: pcrypt - Call crypto layer directly when padata_do_parallel() return -EBUSY.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-56690"
},
{
"cve": "CVE-2024-56691",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "mfd: intel_soc_pmic_bxtwc: Use IRQ domain for USB Type-C device While design wise the idea of converting the driver to use the hierarchy of the IRQ chips is correct, the implementation has (inherited) flaws.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-56691"
},
{
"cve": "CVE-2024-56698",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "usb: dwc3: gadget: looping of queued SG entries The dwc3_request-\u003enum_queued_sgs is decremented on completion. If a partially completed request is handled, then the dwc3_request-\u003enum_queued_sgs no longer reflects the total number of num_queued_sgs (it would be cleared).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-56698"
},
{
"cve": "CVE-2024-56700",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "media: wl128x: Atomicity violation occurs when the fmc_send_cmd() function is executed.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-56700"
},
{
"cve": "CVE-2024-56701",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "powerpc/pseries: The dtl_access_lock needs to be a rw_sempahore, a sleeping lock, because the code calls kmalloc() while holding it, which can sleep.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-56701"
},
{
"cve": "CVE-2024-56704",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "9p/xen: A fix release of IRQ Kernel logs indicate an IRQ was double-freed.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-56704"
},
{
"cve": "CVE-2024-56705",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "media: atomisp: In ia_css_3a_statistics_allocate(), there is no check on the allocation result of the rgby_data memory. If rgby_data is not successfully allocated, it may trigger the assert(host_stats-\u003ergby_data) assertion in ia_css_s3a_hmem_decode().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-56705"
},
{
"cve": "CVE-2024-56720",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "bpf, sockmap: Several fixes to bpf_msg_pop_data, 1. In sk_msg_shift_left, it should put_page 2. if (len == 0), returning early is better 3. pop the entire sk_msg (last == msg-\u003esg.size) should be supported 4. Fix for the value of variable \"a\" 5. In sk_msg_shift_left, after shifting, it has already pointed to the next element. Addtional sk_msg_iter_var_next may result in BUG.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-56720"
},
{
"cve": "CVE-2024-56723",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "mfd: intel_soc_pmic_bxtwc: Use IRQ domain for PMIC devices. While design wise the idea of converting the driver to use the hierarchy of the IRQ chips is correct, the implementation has (inherited) vulnerabilities. This was unveiled when platform_get_irq() had started WARN() on IRQ 0 that is supposed to be a Linux IRQ number (also known as vIRQ).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-56723"
},
{
"cve": "CVE-2024-56724",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "mfd: intel_soc_pmic_bxtwc: Use IRQ domain for TMU device. While design wise the idea of converting the driver to use the hierarchy of the IRQ chips is correct, the implementation has (inherited) vulnerability. This was unveiled when platform_get_irq() had started WARN() on IRQ 0 that is supposed to be a Linux IRQ number (also known as vIRQ).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-56724"
},
{
"cve": "CVE-2024-56728",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_ethtool.c. Add error pointer check after calling otx2_mbox_get_rsp().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-56728"
},
{
"cve": "CVE-2024-56739",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "rtc: check if __rtc_read_time was successful in rtc_timer_do_work() If the __rtc_read_time call fails, the struct rtc_time tm; may contain uninitialized data, or an illegal date/time read from the RTC hardware. When calling rtc_tm_to_ktime later, the result may be a very large value (possibly KTIME_MAX). If there are periodic timers in rtc-\u003etimerqueue, they will continually expire, may causing kernel softlockup.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-56739"
},
{
"cve": "CVE-2024-56741",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "apparmor: test: Fix memory leak for aa_unpack_strdup() The string allocated by kmemdup() in aa_unpack_strdup() is not freed and cause following memory leaks.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-56741"
},
{
"cve": "CVE-2024-56746",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "fbdev: sh7760fb: vulnerability involves a potential memory leak in sh7760fb_alloc_mem() where sh7760fb_free_mem() does not release memory correctly if info-\u003escreen_base is not ready, which is fixed by calling dma_free_coherent() instead.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-56746"
},
{
"cve": "CVE-2024-56747",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "scsi: qedi: vulnerability involves a potential memory leak in qedi_alloc_and_init_sb() where the DMA memory sb_virt is not released upon failure, which is fixed by adding dma_free_coherent() to free the memory, similar to other functions like qedr_alloc_mem_sb() and qede_alloc_mem_sb().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-56747"
},
{
"cve": "CVE-2024-56748",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "scsi: qedf: vulnerability involves a potential memory leak in qedf_alloc_and_init_sb() where the DMA memory sb_virt is not released upon failure, which is fixed by adding dma_free_coherent() to free the memory, similar to other functions like qedr_alloc_mem_sb() and qede_alloc_mem_sb().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-56748"
},
{
"cve": "CVE-2024-56754",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "crypto: vulnerability due to passing an incorrect parameter type to devm_add_action_or_reset() in the CAAM driver, which is fixed by ensuring the correct parameter type is used to properly release resources.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-56754"
},
{
"cve": "CVE-2024-56756",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "nvme-pci: vulnerability involves an incorrect size being passed to dma_free_coherent in nvme-pci due to __nvme_alloc_host_mem potentially using fewer descriptors than planned, which is fixed by ensuring the correct size is used for freeing the HMB descriptor table.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-56756"
},
{
"cve": "CVE-2024-56770",
"cwe": {
"id": "CWE-670",
"name": "Always-Incorrect Control Flow Implementation"
},
"notes": [
{
"category": "summary",
"text": "net/sched: netem: The interface fully stops transferring packets and \"locks\". In this case, the child qdisc and tfifo are empty, but \u0027qlen\u0027 indicates the tfifo is at its limit and no more packets are accepted.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-56770"
},
{
"cve": "CVE-2024-56779",
"cwe": {
"id": "CWE-401",
"name": "Missing Release of Memory after Effective Lifetime"
},
"notes": [
{
"category": "summary",
"text": "nfsd: fix nfs4_openowner leak when concurrent nfsd4_open occur\r\n\r\nThe action force umount(umount -f) will attempt to kill all rpc_task even\r\numount operation may ultimately fail if some files remain open.\r\nConsequently, if an action attempts to open a file, it can potentially\r\nsend two rpc_task to nfs server.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-56779"
},
{
"cve": "CVE-2024-56780",
"cwe": {
"id": "CWE-833",
"name": "Deadlock"
},
"notes": [
{
"category": "summary",
"text": "quota: flush quota_release_work upon quota writeback One of the paths quota writeback is called from is: freeze_super() sync_filesystem() ext4_sync_fs() dquot_writeback_dquots().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-56780"
},
{
"cve": "CVE-2024-56781",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "powerpc/prom_init: missing powermac #size-cells.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-56781"
},
{
"cve": "CVE-2024-56785",
"cwe": {
"id": "CWE-129",
"name": "Improper Validation of Array Index"
},
"notes": [
{
"category": "summary",
"text": "MIPS: Loongson64: DTS: issues with PCIe port nodes for ls7a.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-56785"
},
{
"cve": "CVE-2024-57874",
"cwe": {
"id": "CWE-824",
"name": "Access of Uninitialized Pointer"
},
"notes": [
{
"category": "summary",
"text": "arm64: ptrace: vulnerability due to an uninitialized variable in the tagged_addr_ctrl_set() function, leading to potential memory leakage from the kernel stack when a zero-length SETREGSET call is made, exposing up to 64 bits of memory.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109988839/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-57874"
}
]
}
SSA-398330
Vulnerability from csaf_siemens - Published: 2023-12-12 00:00 - Updated: 2025-08-12 00:00Summary
SSA-398330: Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP >= V3.1.0 and < V3.1.5
Notes
Summary
Multiple vulnerabilities have been identified in the additional GNU/Linux subsystem of the firmware version >= V3.1.0 and < V3.1.5 for the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP (incl. SIPLUS variant).
These GNU/Linux vulnerabilities have been externally identified.
Siemens has released new versions for the affected products and recommends to update to the latest versions.
Note: This SSA advises vulnerabilities for firmware version V3.1 only; for versions < V3.1 refer to Siemens Security Bulletin SSB-439005 (
https://cert-portal.siemens.com/productcert/html/ssb-439005.html).
General Recommendations
As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download:
https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.
Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity
Additional Resources
For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Terms of Use
The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited. (TLPv2: TLP:CLEAR)",
"tlp": {
"label": "WHITE"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Multiple vulnerabilities have been identified in the additional GNU/Linux subsystem of the firmware version \u003e= V3.1.0 and \u003c V3.1.5 for the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP (incl. SIPLUS variant).\n\nThese GNU/Linux vulnerabilities have been externally identified. \nSiemens has released new versions for the affected products and recommends to update to the latest versions.\n\nNote: This SSA advises vulnerabilities for firmware version V3.1 only; for versions \u003c V3.1 refer to Siemens Security Bulletin SSB-439005 (\nhttps://cert-portal.siemens.com/productcert/html/ssb-439005.html).",
"title": "Summary"
},
{
"category": "general",
"text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: \nhttps://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
"title": "General Recommendations"
},
{
"category": "general",
"text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "productcert@siemens.com",
"name": "Siemens ProductCERT",
"namespace": "https://www.siemens.com"
},
"references": [
{
"category": "self",
"summary": "SSA-398330: Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP \u003e= V3.1.0 and \u003c V3.1.5 - HTML Version",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-398330.html"
},
{
"category": "self",
"summary": "SSA-398330: Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP \u003e= V3.1.0 and \u003c V3.1.5 - CSAF Version",
"url": "https://cert-portal.siemens.com/productcert/csaf/ssa-398330.json"
}
],
"title": "SSA-398330: Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP \u003e= V3.1.0 and \u003c V3.1.5",
"tracking": {
"current_release_date": "2025-08-12T00:00:00Z",
"generator": {
"engine": {
"name": "Siemens ProductCERT CSAF Generator",
"version": "1"
}
},
"id": "SSA-398330",
"initial_release_date": "2023-12-12T00:00:00Z",
"revision_history": [
{
"date": "2023-12-12T00:00:00Z",
"legacy_version": "1.0",
"number": "1",
"summary": "Publication Date"
},
{
"date": "2024-01-09T00:00:00Z",
"legacy_version": "1.1",
"number": "2",
"summary": "Added CVE-2021-44879, CVE-2023-46218, CVE-2023-46219, and CVE-2023-48795"
},
{
"date": "2024-02-13T00:00:00Z",
"legacy_version": "1.2",
"number": "3",
"summary": "Added CVE-2023-45898, CVE-2023-46862, CVE-2023-6121, CVE-2023-6817, CVE-2023-6931, CVE-2023-6932, CVE-2024-0584"
},
{
"date": "2024-03-12T00:00:00Z",
"legacy_version": "1.3",
"number": "4",
"summary": "Added CVE-2023-52425, CVE-2023-52426, CVE-2023-45918"
},
{
"date": "2024-04-09T00:00:00Z",
"legacy_version": "1.4",
"number": "5",
"summary": "Added CVE-2024-28757"
},
{
"date": "2024-05-14T00:00:00Z",
"legacy_version": "1.5",
"number": "6",
"summary": "Added CVE-2024-2004, CVE-2024-2379, CVE-2024-2398, CVE-2024-2466, CVE-2024-2511, CVE-2024-28085, CVE-2024-28182, CVE-2024-28834, CVE-2024-28835"
},
{
"date": "2024-06-11T00:00:00Z",
"legacy_version": "1.6",
"number": "7",
"summary": "Added CVE-2024-2961, CVE-2024-33599, CVE-2024-33600, CVE-2024-33601, CVE-2024-33602, CVE-2024-34459"
},
{
"date": "2024-07-09T00:00:00Z",
"legacy_version": "1.7",
"number": "8",
"summary": "Added CVE-2024-5535, CVE-2024-5742"
},
{
"date": "2024-08-13T00:00:00Z",
"legacy_version": "1.8",
"number": "9",
"summary": "Added CVE-2017-15422, CVE-2024-7264, CVE-2024-37370, CVE-2024-37371"
},
{
"date": "2024-10-08T00:00:00Z",
"legacy_version": "1.9",
"number": "10",
"summary": "Added CVE-2024-6409, CVE-2024-8096, CVE-2024-45490, CVE-2024-45491, CVE-2024-45492"
},
{
"date": "2024-11-12T00:00:00Z",
"legacy_version": "2.0",
"number": "11",
"summary": "Added CVE-2024-2236, CVE-2024-9143"
},
{
"date": "2024-12-10T00:00:00Z",
"legacy_version": "2.1",
"number": "12",
"summary": "Added CVE-2024-50602, CVE-2024-52533"
},
{
"date": "2025-01-14T00:00:00Z",
"legacy_version": "2.2",
"number": "13",
"summary": "Added CVE-2024-11053"
},
{
"date": "2025-02-11T00:00:00Z",
"legacy_version": "2.3",
"number": "14",
"summary": "Added multiple CVEs"
},
{
"date": "2025-03-11T00:00:00Z",
"legacy_version": "2.4",
"number": "15",
"summary": "Added CVE-2023-52622, CVE-2024-12133, -12243, -26645, -26671, -26679, -26772, -26773, -26777, -26805, -26923, -27020, -27032, -36017, -36484, -36904, -36905, -36934, -39487, -41046, -42106, -42131, -42154, -43871, -44944, -44965, -46743, -46745, -46750, -47684, -47701, -47737, -49881, -49884, -49948, -49949, -49952, -49997, -50006, -50040, -50045, -50251, -50262, -50299, -50301, -53057, -53140, -53165, -53217, CVE-2025-0167, -0395, -0665, -0725, -26465, -26466"
},
{
"date": "2025-04-08T00:00:00Z",
"legacy_version": "2.5",
"number": "16",
"summary": "Added CVE-2025-21694, CVE-2025-1390, CVE-2024-8176, CVE-2024-57901, CVE-2024-57884, CVE-2024-56780, CVE-2024-56779, CVE-2024-56770, CVE-2024-56650, CVE-2024-56644, CVE-2024-56606, CVE-2024-56601, CVE-2024-56600, CVE-2024-56570, CVE-2024-56569, CVE-2024-53164, CVE-2024-53124, CVE-2024-52332, CVE-2024-48881, CVE-2024-47707, CVE-2024-12243"
},
{
"date": "2025-06-10T00:00:00Z",
"legacy_version": "2.6",
"number": "17",
"summary": "Added fix for SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP incl. SIPLUS variants"
},
{
"date": "2025-08-12T00:00:00Z",
"legacy_version": "2.7",
"number": "18",
"summary": "Removed CVE-2021-41617, CVE-2023-28531, CVE-2023-38545, CVE-2023-38546, CVE-2023-44487, CVE-2023-4527, CVE-2023-46218, CVE-2023-46219, CVE-2023-4806, CVE-2023-48795, CVE-2023-4911, CVE-2024-12133, CVE-2024-12243, CVE-2024-28085, CVE-2024-2961, CVE-2024-33599, CVE-2024-33600, CVE-2024-33601, CVE-2024-33602, CVE-2024-37370, CVE-2024-37371, CVE-2024-45490, CVE-2024-45491, CVE-2024-45492, CVE-2025-26465, CVE-2025-46836 as they are not fixed in V3.1.5 and advised in SSA-082556"
}
],
"status": "interim",
"version": "18"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003e=3.1.0|\u003c3.1.5",
"product": {
"name": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)",
"product_id": "1",
"product_identification_helper": {
"model_numbers": [
"6ES7518-4AX00-1AB0"
]
}
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003e=3.1.0|\u003c3.1.5",
"product": {
"name": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)",
"product_id": "2",
"product_identification_helper": {
"model_numbers": [
"6ES7518-4AX00-1AC0"
]
}
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003e=3.1.0|\u003c3.1.5",
"product": {
"name": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)",
"product_id": "3",
"product_identification_helper": {
"model_numbers": [
"6ES7518-4FX00-1AB0"
]
}
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003e=3.1.0|\u003c3.1.5",
"product": {
"name": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)",
"product_id": "4",
"product_identification_helper": {
"model_numbers": [
"6ES7518-4FX00-1AC0"
]
}
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003e=3.1.0|\u003c3.1.5",
"product": {
"name": "SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)",
"product_id": "5",
"product_identification_helper": {
"model_numbers": [
"6AG1518-4AX00-4AC0"
]
}
}
}
],
"category": "product_name",
"name": "SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0)"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2013-0340",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"notes": [
{
"category": "summary",
"text": "expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2013-0340"
},
{
"cve": "CVE-2013-4235",
"cwe": {
"id": "CWE-367",
"name": "Time-of-check Time-of-use (TOCTOU) Race Condition"
},
"notes": [
{
"category": "summary",
"text": "shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2013-4235"
},
{
"cve": "CVE-2014-7209",
"cwe": {
"id": "CWE-77",
"name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
},
"notes": [
{
"category": "summary",
"text": "run-mailcap in the Debian mime-support package before 3.52-1+deb7u1 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.0,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2014-7209"
},
{
"cve": "CVE-2015-20107",
"cwe": {
"id": "CWE-77",
"name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In Python (aka CPython) up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input (if they lack validation of user-provided filenames or arguments). The fix is also back-ported to 3.7, 3.8, 3.9",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2015-20107"
},
{
"cve": "CVE-2016-3189",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "summary",
"text": "Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2016-3189"
},
{
"cve": "CVE-2016-3709",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "summary",
"text": "Possible cross-site scripting vulnerability in libxml after commit 960f0e2.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2016-3709"
},
{
"cve": "CVE-2016-4658",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "summary",
"text": "xpointer.c in libxml2 before 2.9.5 (as used in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3, and other products) does not forbid namespace nodes in XPointer ranges, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and memory corruption) via a crafted XML document.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2016-4658"
},
{
"cve": "CVE-2016-5131",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2016-5131"
},
{
"cve": "CVE-2016-9318",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"notes": [
{
"category": "summary",
"text": "libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2016-9318"
},
{
"cve": "CVE-2016-10228",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "The iconv program in the GNU C Library (aka glibc or libc6) 2.31 and earlier, when invoked with multiple suffixes in the destination encoding (TRANSLATE or IGNORE) along with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2016-10228"
},
{
"cve": "CVE-2016-10739",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2016-10739"
},
{
"cve": "CVE-2017-0663",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "A remote code execution vulnerability in libxml2 could enable an attacker using a specially crafted file to execute arbitrary code within the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses this library. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37104170.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2017-0663"
},
{
"cve": "CVE-2017-7375",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"notes": [
{
"category": "summary",
"text": "A flaw in libxml2 allows remote XML entity inclusion with default parser flags (i.e., when the caller did not request entity substitution, DTD validation, external DTD subset loading, or default DTD attributes). Depending on the context, this may expose a higher-risk attack surface in libxml2 not usually reachable with default parser flags, and expose content from local files, HTTP, or FTP servers (which might be otherwise unreachable).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2017-7375"
},
{
"cve": "CVE-2017-7376",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "summary",
"text": "Buffer overflow in libxml2 allows remote attackers to execute arbitrary code by leveraging an incorrect limit for port values when handling redirects.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2017-7376"
},
{
"cve": "CVE-2017-9047",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "summary",
"text": "A buffer overflow was discovered in libxml2 20904-GITv2.9.4-16-g0741801. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer \u0027buf\u0027 of size \u0027size\u0027. The variable len is assigned strlen(buf). If the content-\u003etype is XML_ELEMENT_CONTENT_ELEMENT, then (i) the content-\u003eprefix is appended to buf (if it actually fits) whereupon (ii) content-\u003ename is written to the buffer. However, the check for whether the content-\u003ename actually fits also uses \u0027len\u0027 rather than the updated buffer length strlen(buf). This allows us to write about \"size\" many bytes beyond the allocated memory. This vulnerability causes programs that use libxml2, such as PHP, to crash.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2017-9047"
},
{
"cve": "CVE-2017-9048",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "summary",
"text": "libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a stack-based buffer overflow. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer \u0027buf\u0027 of size \u0027size\u0027. At the end of the routine, the function may strcat two more characters without checking whether the current strlen(buf) + 2 \u003c size. This vulnerability causes programs that use libxml2, such as PHP, to crash.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2017-9048"
},
{
"cve": "CVE-2017-9049",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictComputeFastKey function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for libxml2 Bug 759398.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2017-9049"
},
{
"cve": "CVE-2017-9050",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictAddString function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for CVE-2016-1839.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2017-9050"
},
{
"cve": "CVE-2017-15422",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "Integer overflow in international date handling in International Components for Unicode (ICU) for C/C++ before 60.1, as used in V8 in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2017-15422"
},
{
"cve": "CVE-2017-16931",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "summary",
"text": "parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a \u0027%\u0027 character in a DTD name.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2017-16931"
},
{
"cve": "CVE-2017-16932",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"notes": [
{
"category": "summary",
"text": "parser.c in libxml2 before 2.9.5 does not prevent infinite recursion in parameter entities.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2017-16932"
},
{
"cve": "CVE-2017-17512",
"cwe": {
"id": "CWE-74",
"name": "Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)"
},
"notes": [
{
"category": "summary",
"text": "sensible-browser in sensible-utils before 0.0.11 does not validate strings before launching the program specified by the BROWSER environment variable, which allows remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by a --proxy-pac-file argument.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2017-17512"
},
{
"cve": "CVE-2017-18258",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "summary",
"text": "The xz_head function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2017-18258"
},
{
"cve": "CVE-2018-0495",
"cwe": {
"id": "CWE-203",
"name": "Observable Discrepancy"
},
"notes": [
{
"category": "summary",
"text": "Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2018-0495"
},
{
"cve": "CVE-2018-12886",
"cwe": {
"id": "CWE-209",
"name": "Generation of Error Message Containing Sensitive Information"
},
"notes": [
{
"category": "summary",
"text": "stack_protect_prologue in cfgexpand.c and stack_protect_epilogue in function.c in GNU Compiler Collection (GCC) 4.1 through 8 (under certain circumstances) generate instruction sequences when targeting ARM targets that spill the address of the stack protector guard, which allows an attacker to bypass the protection of -fstack-protector, -fstack-protector-all, -fstack-protector-strong, and -fstack-protector-explicit against stack overflow by controlling what the stack canary is compared against.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2018-12886"
},
{
"cve": "CVE-2018-14404",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash of the application.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2018-14404"
},
{
"cve": "CVE-2018-14567",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"notes": [
{
"category": "summary",
"text": "libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2018-14567"
},
{
"cve": "CVE-2018-18928",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "International Components for Unicode (ICU) for C/C++ 63.1 has an integer overflow in number::impl::DecimalQuantity::toScientificString() in i18n/number_decimalquantity.cpp.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2018-18928"
},
{
"cve": "CVE-2018-19591",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In the GNU C Library (aka glibc or libc6) through 2.28, attempting to resolve a crafted hostname via getaddrinfo() leads to the allocation of a socket descriptor that is not closed. This is related to the if_nametoindex() function.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2018-19591"
},
{
"cve": "CVE-2018-20482",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"notes": [
{
"category": "summary",
"text": "GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service (infinite read loop in sparse_dump_region in sparse.c) by modifying a file that is supposed to be archived by a different user\u0027s process (e.g., a system backup running as root).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2018-20482"
},
{
"cve": "CVE-2018-20843",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"notes": [
{
"category": "summary",
"text": "In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2018-20843"
},
{
"cve": "CVE-2018-25032",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2018-25032"
},
{
"cve": "CVE-2019-3855",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2019-3855"
},
{
"cve": "CVE-2019-3856",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 before 1.8.1 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2019-3856"
},
{
"cve": "CVE-2019-3857",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit signal are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2019-3857"
},
{
"cve": "CVE-2019-3858",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "An out of bounds read flaw was discovered in libssh2 before 1.8.1 when a specially crafted SFTP packet is received from the server. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2019-3858"
},
{
"cve": "CVE-2019-3859",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the _libssh2_packet_require and _libssh2_packet_requirev functions. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2019-3859"
},
{
"cve": "CVE-2019-3860",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SFTP packets with empty payloads are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2019-3860"
},
{
"cve": "CVE-2019-3861",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH packets with a padding length value greater than the packet length are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2019-3861"
},
{
"cve": "CVE-2019-3862",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit status message and no payload are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2019-3862"
},
{
"cve": "CVE-2019-3863",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "A flaw was found in libssh2 before 1.8.1. A server could send a multiple keyboard interactive response messages whose total length are greater than unsigned char max characters. This value is used as an index to copy memory causing in an out of bounds memory write error.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2019-3863"
},
{
"cve": "CVE-2019-5018",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "An exploitable use after free vulnerability exists in the window function functionality of Sqlite3 3.26.0. A specially crafted SQL command can cause a use after free vulnerability, potentially resulting in remote code execution. An attacker can send a malicious SQL command to trigger this vulnerability.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2019-5018"
},
{
"cve": "CVE-2019-5094",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2019-5094"
},
{
"cve": "CVE-2019-5188",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2019-5188"
},
{
"cve": "CVE-2019-5435",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "An integer overflow in curl\u0027s URL API results in a buffer overflow in libcurl 7.62.0 to and including 7.64.1.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2019-5435"
},
{
"cve": "CVE-2019-5436",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2019-5436"
},
{
"cve": "CVE-2019-5443",
"cwe": {
"id": "CWE-427",
"name": "Uncontrolled Search Path Element"
},
"notes": [
{
"category": "summary",
"text": "A non-privileged user or program can put code and a config file in a known non-privileged path (under C:/usr/local/) that will make curl \u003c= 7.65.1 automatically run the code (as an openssl \"engine\") on invocation. If that curl is invoked by a privileged user it can do anything it wants.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2019-5443"
},
{
"cve": "CVE-2019-5481",
"cwe": {
"id": "CWE-415",
"name": "Double Free"
},
"notes": [
{
"category": "summary",
"text": "Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2019-5481"
},
{
"cve": "CVE-2019-5482",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2019-5482"
},
{
"cve": "CVE-2019-6109",
"cwe": {
"id": "CWE-116",
"name": "Improper Encoding or Escaping of Output"
},
"notes": [
{
"category": "summary",
"text": "An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This affects refresh_progress_meter() in progressmeter.c.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2019-6109"
},
{
"cve": "CVE-2019-6110",
"cwe": {
"id": "CWE-838",
"name": "Inappropriate Encoding for Output Context"
},
"notes": [
{
"category": "summary",
"text": "In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2019-6110"
},
{
"cve": "CVE-2019-6111",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "summary",
"text": "An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious scp server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the scp client target directory. If recursive operation (-r) is performed, the server can manipulate subdirectories as well (for example, to overwrite the .ssh/authorized_keys file).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2019-6111"
},
{
"cve": "CVE-2019-6488",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"notes": [
{
"category": "summary",
"text": "The string component in the GNU C Library (aka glibc or libc6) through 2.28, when running on the x32 architecture, incorrectly attempts to use a 64-bit register for size_t in assembly codes, which can lead to a segmentation fault or possibly unspecified other impact, as demonstrated by a crash in __memmove_avx_unaligned_erms in sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S during a memcpy.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2019-6488"
},
{
"cve": "CVE-2019-7309",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "summary",
"text": "In the GNU C Library (aka glibc or libc6) through 2.29, the memcmp function for the x32 architecture can incorrectly return zero (indicating that the inputs are equal) because the RDX most significant bit is mishandled.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2019-7309"
},
{
"cve": "CVE-2019-8457",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2019-8457"
},
{
"cve": "CVE-2019-9169",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2019-9169"
},
{
"cve": "CVE-2019-9636",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "summary",
"text": "Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.7, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.3, v3.7.3rc1, v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2019-9636"
},
{
"cve": "CVE-2019-9674",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "summary",
"text": "Lib/zipfile.py in Python through 3.7.2 allows remote attackers to cause a denial of service (resource consumption) via a ZIP bomb.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2019-9674"
},
{
"cve": "CVE-2019-9740",
"cwe": {
"id": "CWE-93",
"name": "Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)"
},
"notes": [
{
"category": "summary",
"text": "An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\r\\n (specifically in the query string after a ? character) followed by an HTTP header or a Redis command. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2019-9740"
},
{
"cve": "CVE-2019-9923",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2019-9923"
},
{
"cve": "CVE-2019-9936",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "In SQLite 3.27.2, running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read in fts5HashEntrySort in sqlite3.c, which may lead to an information leak. This is related to ext/fts5/fts5_hash.c.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2019-9936"
},
{
"cve": "CVE-2019-9937",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "In SQLite 3.27.2, interleaving reads and writes in a single transaction with an fts5 virtual table will lead to a NULL Pointer Dereference in fts5ChunkIterate in sqlite3.c. This is related to ext/fts5/fts5_hash.c and ext/fts5/fts5_index.c.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2019-9937"
},
{
"cve": "CVE-2019-9947",
"cwe": {
"id": "CWE-93",
"name": "Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)"
},
"notes": [
{
"category": "summary",
"text": "An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\r\\n (specifically in the path component of a URL that lacks a ? character) followed by an HTTP header or a Redis command. This is similar to the CVE-2019-9740 query string issue. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2019-9947"
},
{
"cve": "CVE-2019-9948",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "summary",
"text": "urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen(\u0027local_file:///etc/passwd\u0027) call.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2019-9948"
},
{
"cve": "CVE-2019-10160",
"cwe": {
"id": "CWE-172",
"name": "Encoding Error"
},
"notes": [
{
"category": "summary",
"text": "A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.7, 3.5, 3.6, 3.7 and from v3.8.0a4 through v3.8.0b1, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of information, it is possible for an attacker to provide specially crafted URLs to make the application locate host-related information (e.g. cookies, authentication data) and send them to a different host than where it should, unlike if the URLs had been correctly parsed. The result of an attack may vary based on the application.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2019-10160"
},
{
"cve": "CVE-2019-11360",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "A buffer overflow in iptables-restore in netfilter iptables 1.8.2 allows an attacker to (at least) crash the program or potentially gain code execution via a specially crafted iptables-save file. This is related to add_param_to_argv in xshared.c.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2019-11360"
},
{
"cve": "CVE-2019-12290",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "GNU libidn2 before 2.2.0 fails to perform the roundtrip checks specified in RFC3490 Section 4.2 when converting A-labels to U-labels. This makes it possible in some circumstances for one domain to impersonate another. By creating a malicious domain that matches a target domain except for the inclusion of certain punycoded Unicode characters (that would be discarded when converted first to a Unicode label and then back to an ASCII label), arbitrary domains can be impersonated.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2019-12290"
},
{
"cve": "CVE-2019-12900",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2019-12900"
},
{
"cve": "CVE-2019-12904",
"cwe": {
"id": "CWE-668",
"name": "Exposure of Resource to Wrong Sphere"
},
"notes": [
{
"category": "summary",
"text": "In Libgcrypt 1.8.4, the C implementation of AES is vulnerable to a flush-and-reload side-channel attack because physical addresses are available to other processes. (The C implementation is used on platforms where an assembly-language implementation is unavailable.) NOTE: the vendor\u0027s position is that the issue report cannot be validated because there is no description of an attack",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2019-12904"
},
{
"cve": "CVE-2019-13057",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "summary",
"text": "An issue was discovered in the server in OpenLDAP before 2.4.48. When the server administrator delegates rootDN (database admin) privileges for certain databases but wants to maintain isolation (e.g., for multi-tenant deployments), slapd does not properly stop a rootDN from requesting authorization as an identity from another database during a SASL bind or with a proxyAuthz (RFC 4370) control. (It is not a common configuration to deploy a system where the server administrator and a DB administrator enjoy different levels of trust.)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2019-13057"
},
{
"cve": "CVE-2019-13565",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "summary",
"text": "An issue was discovered in OpenLDAP 2.x before 2.4.48. When using SASL authentication and session encryption, and relying on the SASL security layers in slapd access controls, it is possible to obtain access that would otherwise be denied via a simple bind for any identity covered in those ACLs. After the first SASL bind is completed, the sasl_ssf value is retained for all new non-SASL connections. Depending on the ACL configuration, this can affect different types of operations (searches, modifications, etc.). In other words, a successful authorization step completed by one user affects the authorization requirement for a different user.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2019-13565"
},
{
"cve": "CVE-2019-13627",
"cwe": {
"id": "CWE-203",
"name": "Observable Discrepancy"
},
"notes": [
{
"category": "summary",
"text": "It was discovered that there was a ECDSA timing attack in the libgcrypt20 cryptographic library. Version affected: 1.8.4-5, 1.7.6-2+deb9u3, and 1.6.3-2+deb8u4. Versions fixed: 1.8.5-2 and 1.6.3-2+deb8u7.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2019-13627"
},
{
"cve": "CVE-2019-15847",
"cwe": {
"id": "CWE-331",
"name": "Insufficient Entropy"
},
"notes": [
{
"category": "summary",
"text": "The POWER9 backend in GNU Compiler Collection (GCC) before version 10 could optimize multiple calls of the __builtin_darn intrinsic into a single call, thus reducing the entropy of the random number generator. This occurred because a volatile operation was not specified. For example, within a single execution of a program, the output of every __builtin_darn() call may be the same.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2019-15847"
},
{
"cve": "CVE-2019-15903",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2019-15903"
},
{
"cve": "CVE-2019-16056",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "summary",
"text": "An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340; however, this CVE applies to Python more generally.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2019-16056"
},
{
"cve": "CVE-2019-16168",
"cwe": {
"id": "CWE-369",
"name": "Divide By Zero"
},
"notes": [
{
"category": "summary",
"text": "In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a \"severe division by zero in the query planner.\"",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2019-16168"
},
{
"cve": "CVE-2019-16905",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "OpenSSH 7.7 through 7.9 and 8.x before 8.1, when compiled with an experimental key type, has a pre-authentication integer overflow if a client or server is configured to use a crafted XMSS key. This leads to memory corruption and local code execution because of an error in the XMSS key parsing algorithm. NOTE: the XMSS implementation is considered experimental in all released OpenSSH versions, and there is no supported way to enable it when building portable OpenSSH.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2019-16905"
},
{
"cve": "CVE-2019-17498",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2019-17498"
},
{
"cve": "CVE-2019-17543",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "LZ4 before 1.9.2 has a heap-based buffer overflow in LZ4_write32 (related to LZ4_compress_destSize), affecting applications that call LZ4_compress_fast with a large input. (This issue can also lead to data corruption.) NOTE: the vendor states \"only a few specific / uncommon usages of the API are at risk.\"",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2019-17543"
},
{
"cve": "CVE-2019-17594",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2019-17594"
},
{
"cve": "CVE-2019-17595",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2019-17595"
},
{
"cve": "CVE-2019-18224",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "idn2_to_ascii_4i in lib/lookup.c in GNU libidn2 before 2.1.1 has a heap-based buffer overflow via a long domain string.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2019-18224"
},
{
"cve": "CVE-2019-18276",
"cwe": {
"id": "CWE-273",
"name": "Improper Check for Dropped Privileges"
},
"notes": [
{
"category": "summary",
"text": "An issue was discovered in disable_priv_mode in shell.c in GNU Bash through 5.0 patch 11. By default, if Bash is run with its effective UID not equal to its real UID, it will drop privileges by setting its effective UID to its real UID. However, it does so incorrectly. On Linux and other systems that support \"saved UID\" functionality, the saved UID is not dropped. An attacker with command execution in the shell can use \"enable -f\" for runtime loading of a new builtin, which can be a shared object that calls setuid() and therefore regains privileges. However, binaries running with an effective UID of 0 are unaffected.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2019-18276"
},
{
"cve": "CVE-2019-18348",
"cwe": {
"id": "CWE-74",
"name": "Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)"
},
"notes": [
{
"category": "summary",
"text": "An issue was discovered in urllib2 in Python 2.x through 2.7.17 and urllib in Python 3.x through 3.8.0. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\r\\n (specifically in the host component of a URL) followed by an HTTP header. This is similar to the CVE-2019-9740 query string issue and the CVE-2019-9947 path string issue. (This is not exploitable when glibc has CVE-2016-10739 fixed.). This is fixed in: v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1; v3.6.11, v3.6.11rc1, v3.6.12; v3.7.8, v3.7.8rc1, v3.7.9; v3.8.3, v3.8.3rc1, v3.8.4, v3.8.4rc1, v3.8.5, v3.8.6, v3.8.6rc1.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2019-18348"
},
{
"cve": "CVE-2019-19126",
"cwe": {
"id": "CWE-665",
"name": "Improper Initialization"
},
"notes": [
{
"category": "summary",
"text": "On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR for a setuid program.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2019-19126"
},
{
"cve": "CVE-2019-19242",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "SQLite 3.30.1 mishandles pExpr-\u003ey.pTab, as demonstrated by the TK_COLUMN case in sqlite3ExprCodeTarget in expr.c.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2019-19242"
},
{
"cve": "CVE-2019-19244",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "Select in select.c in SQLite 3.30.1 allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2019-19244"
},
{
"cve": "CVE-2019-19317",
"cwe": {
"id": "CWE-681",
"name": "Incorrect Conversion between Numeric Types"
},
"notes": [
{
"category": "summary",
"text": "lookupName in resolve.c in SQLite 3.30.1 omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service or possibly have unspecified other impact.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2019-19317"
},
{
"cve": "CVE-2019-19603",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an application crash.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2019-19603"
},
{
"cve": "CVE-2019-19645",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"notes": [
{
"category": "summary",
"text": "alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2019-19645"
},
{
"cve": "CVE-2019-19646",
"cwe": {
"id": "CWE-754",
"name": "Improper Check for Unusual or Exceptional Conditions"
},
"notes": [
{
"category": "summary",
"text": "pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2019-19646"
},
{
"cve": "CVE-2019-19880",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2019-19880"
},
{
"cve": "CVE-2019-19906",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash is ultimately caused by an off-by-one error in _sasl_add_string in common.c in cyrus-sasl.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2019-19906"
},
{
"cve": "CVE-2019-19923",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. This can cause a NULL pointer dereference (or incorrect results).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2019-19923"
},
{
"cve": "CVE-2019-19924",
"cwe": {
"id": "CWE-755",
"name": "Improper Handling of Exceptional Conditions"
},
"notes": [
{
"category": "summary",
"text": "SQLite 3.30.1 mishandles certain parser-tree rewriting, related to expr.c, vdbeaux.c, and window.c. This is caused by incorrect sqlite3WindowRewrite() error handling.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2019-19924"
},
{
"cve": "CVE-2019-19925",
"cwe": {
"id": "CWE-434",
"name": "Unrestricted Upload of File with Dangerous Type"
},
"notes": [
{
"category": "summary",
"text": "zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2019-19925"
},
{
"cve": "CVE-2019-19926",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2019-19926"
},
{
"cve": "CVE-2019-19956",
"cwe": {
"id": "CWE-772",
"name": "Missing Release of Resource after Effective Lifetime"
},
"notes": [
{
"category": "summary",
"text": "xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc-\u003eoldNs.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2019-19956"
},
{
"cve": "CVE-2019-19959",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "summary",
"text": "ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain uses of INSERT INTO in situations involving embedded \u0027\\0\u0027 characters in filenames, leading to a memory-management error that can be detected by (for example) valgrind.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2019-19959"
},
{
"cve": "CVE-2019-20218",
"cwe": {
"id": "CWE-755",
"name": "Improper Handling of Exceptional Conditions"
},
"notes": [
{
"category": "summary",
"text": "selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack unwinding even after a parsing error.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2019-20218"
},
{
"cve": "CVE-2019-20367",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "nlist.c in libbsd before 0.10.0 has an out-of-bounds read during a comparison for a symbol name from the string table (strtab).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2019-20367"
},
{
"cve": "CVE-2019-20388",
"cwe": {
"id": "CWE-401",
"name": "Missing Release of Memory after Effective Lifetime"
},
"notes": [
{
"category": "summary",
"text": "xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2019-20388"
},
{
"cve": "CVE-2019-20795",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "iproute2 before 5.1.0 has a use-after-free in get_netnsid_from_name in ip/ipnetns.c. NOTE: security relevance may be limited to certain uses of setuid that, although not a default, are sometimes a configuration option offered to end users. Even when setuid is used, other factors (such as C library configuration) may block exploitability.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2019-20795"
},
{
"cve": "CVE-2019-20907",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2019-20907"
},
{
"cve": "CVE-2019-25013",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-byte input sequences in the EUC-KR encoding, may have a buffer over-read.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2019-25013"
},
{
"cve": "CVE-2019-1010022",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "summary",
"text": "** DISPUTED ** GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.\"",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2019-1010022"
},
{
"cve": "CVE-2019-1010023",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "summary",
"text": "** DISPUTED ** GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.\"",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2019-1010023"
},
{
"cve": "CVE-2019-1010024",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "summary",
"text": "** DISPUTED ** GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.\"",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2019-1010024"
},
{
"cve": "CVE-2019-1010025",
"cwe": {
"id": "CWE-330",
"name": "Use of Insufficiently Random Values"
},
"notes": [
{
"category": "summary",
"text": "** DISPUTED ** GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor\u0027s position is \"ASLR bypass itself is not a vulnerability.\"",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2019-1010025"
},
{
"cve": "CVE-2019-1010180",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "GNU gdb All versions is affected by: Buffer Overflow - Out of bound memory access. The impact is: Deny of Service, Memory Disclosure, and Possible Code Execution. The component is: The main gdb module. The attack vector is: Open an ELF for debugging. The fixed version is: Not fixed yet.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2019-1010180"
},
{
"cve": "CVE-2020-1712",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted dbus messages.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2020-1712"
},
{
"cve": "CVE-2020-1751",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "An out-of-bounds write vulnerability was found in glibc before 2.31 when handling signal trampolines on PowerPC. Specifically, the backtrace function did not properly check the array bounds when storing the frame address, resulting in a denial of service or potential code execution. The highest threat from this vulnerability is to system availability.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2020-1751"
},
{
"cve": "CVE-2020-1752",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "A use-after-free vulnerability introduced in glibc upstream version 2.14 was found in the way the tilde expansion was carried out. Directory paths containing an initial tilde followed by a valid username were affected by this issue. A local attacker could exploit this flaw by creating a specially crafted path that, when processed by the glob function, would potentially lead to arbitrary code execution. This was fixed in version 2.32.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2020-1752"
},
{
"cve": "CVE-2020-6096",
"cwe": {
"id": "CWE-195",
"name": "Signed to Unsigned Conversion Error"
},
"notes": [
{
"category": "summary",
"text": "An exploitable signed comparison vulnerability exists in the ARMv7 memcpy() implementation of GNU glibc 2.30.9000. Calling memcpy() (on ARMv7 targets that utilize the GNU glibc implementation) with a negative value for the \u0027num\u0027 parameter results in a signed comparison vulnerability. If an attacker underflows the \u0027num\u0027 parameter to memcpy(), this vulnerability could lead to undefined behavior such as writing to out-of-bounds memory and potentially remote code execution. Furthermore, this memcpy() implementation allows for program execution to continue in scenarios where a segmentation fault or crash should have occurred. The dangers occur in that subsequent execution and iterations of this code will be executed with this corrupted data.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2020-6096"
},
{
"cve": "CVE-2020-7595",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"notes": [
{
"category": "summary",
"text": "xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2020-7595"
},
{
"cve": "CVE-2020-8169",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "summary",
"text": "The libcurl library versions 7.62.0 to and including 7.70.0 are vulnerable to an information disclosure vulnerability that can lead to a partial password being leaked over the network and to the DNS server(s).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2020-8169"
},
{
"cve": "CVE-2020-8177",
"cwe": {
"id": "CWE-74",
"name": "Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)"
},
"notes": [
{
"category": "summary",
"text": "curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2020-8177"
},
{
"cve": "CVE-2020-8231",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "Due to use of a dangling pointer, libcurl 7.29.0 through 7.71.1 can use the wrong connection when sending data.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2020-8231"
},
{
"cve": "CVE-2020-8284",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "summary",
"text": "A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2020-8284"
},
{
"cve": "CVE-2020-8285",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"notes": [
{
"category": "summary",
"text": "curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2020-8285"
},
{
"cve": "CVE-2020-8286",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"notes": [
{
"category": "summary",
"text": "The libcurl library versions 7.41.0 to and including 7.73.0 are vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response. This vulnerability could allow an attacker to pass a revoked certificate as valid.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2020-8286"
},
{
"cve": "CVE-2020-8315",
"cwe": {
"id": "CWE-427",
"name": "Uncontrolled Search Path Element"
},
"notes": [
{
"category": "summary",
"text": "In Python (CPython) 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1, an insecure dependency load upon launch on Windows 7 may result in an attacker\u0027s copy of api-ms-win-core-path-l1-1-0.dll being loaded and used instead of the system\u0027s copy. Windows 8 and later are unaffected.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2020-8315"
},
{
"cve": "CVE-2020-8492",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "summary",
"text": "Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2020-8492"
},
{
"cve": "CVE-2020-9327",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2020-9327"
},
{
"cve": "CVE-2020-10029",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "The GNU C Library (aka glibc or libc6) before 2.32 could overflow an on-stack buffer during range reduction if an input to an 80-bit long double function contains a non-canonical bit pattern, a seen when passing a 0x5d414141414141410000 value to sinl on x86 targets. This is related to sysdeps/ieee754/ldbl-96/e_rem_pio2l.c.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2020-10029"
},
{
"cve": "CVE-2020-10531",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1. An integer overflow, leading to a heap-based buffer overflow, exists in the UnicodeString::doAppend() function in common/unistr.cpp.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2020-10531"
},
{
"cve": "CVE-2020-10543",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2020-10543"
},
{
"cve": "CVE-2020-10735",
"cwe": {
"id": "CWE-704",
"name": "Incorrect Type Conversion or Cast"
},
"notes": [
{
"category": "summary",
"text": "A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int(\"text\"), a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits (float, decimal, int.from_bytes(), and int() for binary bases 2, 4, 8, 16, and 32 are not affected). The highest threat from this vulnerability is to system availability.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2020-10735"
},
{
"cve": "CVE-2020-10878",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "Perl before 5.30.3 has an integer overflow related to mishandling of a \"PL_regkind[OP(n)] == NOTHING\" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2020-10878"
},
{
"cve": "CVE-2020-11501",
"cwe": {
"id": "CWE-330",
"name": "Use of Insufficiently Random Values"
},
"notes": [
{
"category": "summary",
"text": "GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. The earliest affected version is 3.6.3 (2018-07-16) because of an error in a 2017-10-06 commit. The DTLS client always uses 32 \u0027\\0\u0027 bytes instead of a random value, and thus contributes no randomness to a DTLS negotiation. This breaks the security guarantees of the DTLS protocol.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2020-11501"
},
{
"cve": "CVE-2020-11655",
"cwe": {
"id": "CWE-665",
"name": "Improper Initialization"
},
"notes": [
{
"category": "summary",
"text": "SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object\u0027s initialization is mishandled.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2020-11655"
},
{
"cve": "CVE-2020-11656",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2020-11656"
},
{
"cve": "CVE-2020-12062",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "The scp client in OpenSSH 8.2 incorrectly sends duplicate responses to the server upon a utimes system call failure, which allows a malicious unprivileged user on the remote server to overwrite arbitrary files in the client\u0027s download directory by creating a crafted subdirectory anywhere on the remote server. The victim must use the command scp -rp to download a file hierarchy containing, anywhere inside, this crafted subdirectory. NOTE: the vendor points out that \"this attack can achieve no more than a hostile peer is already able to achieve within the scp protocol\" and \"utimes does not fail under normal circumstances.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2020-12062"
},
{
"cve": "CVE-2020-12243",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"notes": [
{
"category": "summary",
"text": "In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service (daemon crash).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "mitigation",
"details": "Limit remote access to port 22350/tcp on systems where the Codemeter runtime network server is running (for details refer to the updated security manual of WinCC OA).",
"product_ids": [
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2020-12243"
},
{
"cve": "CVE-2020-12723",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"notes": [
{
"category": "summary",
"text": "regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2020-12723"
},
{
"cve": "CVE-2020-12762",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2020-12762"
},
{
"cve": "CVE-2020-13434",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2020-13434"
},
{
"cve": "CVE-2020-13435",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2020-13435"
},
{
"cve": "CVE-2020-13529",
"cwe": {
"id": "CWE-290",
"name": "Authentication Bypass by Spoofing"
},
"notes": [
{
"category": "summary",
"text": "An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2020-13529"
},
{
"cve": "CVE-2020-13630",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2020-13630"
},
{
"cve": "CVE-2020-13631",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2020-13631"
},
{
"cve": "CVE-2020-13632",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2020-13632"
},
{
"cve": "CVE-2020-13776",
"cwe": {
"id": "CWE-269",
"name": "Improper Privilege Management"
},
"notes": [
{
"category": "summary",
"text": "systemd through v245 mishandles numerical usernames such as ones composed of decimal digits or 0x followed by hex digits, as demonstrated by use of root privileges when privileges of the 0x0 user account were intended. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000082.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2020-13776"
},
{
"cve": "CVE-2020-13777",
"cwe": {
"id": "CWE-327",
"name": "Use of a Broken or Risky Cryptographic Algorithm"
},
"notes": [
{
"category": "summary",
"text": "GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket (a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3). The earliest affected version is 3.6.4 (2018-09-24) because of an error in a 2018-09-18 commit. Until the first key rotation, the TLS server always uses wrong data in place of an encryption key derived from an application.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2020-13777"
},
{
"cve": "CVE-2020-13871",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the parse tree rewrite for window functions is too late.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2020-13871"
},
{
"cve": "CVE-2020-14145",
"cwe": {
"id": "CWE-203",
"name": "Observable Discrepancy"
},
"notes": [
{
"category": "summary",
"text": "The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client). NOTE: some reports state that 8.5 and 8.6 are also affected.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2020-14145"
},
{
"cve": "CVE-2020-14422",
"cwe": {
"id": "CWE-682",
"name": "Incorrect Calculation"
},
"notes": [
{
"category": "summary",
"text": "Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes, which might allow a remote attacker to cause a denial of service if an application is affected by the performance of a dictionary containing IPv4Interface or IPv6Interface objects, and this attacker can cause many dictionary entries to be created. This is fixed in: v3.5.10, v3.5.10rc1; v3.6.12; v3.7.9; v3.8.4, v3.8.4rc1, v3.8.5, v3.8.6, v3.8.6rc1; v3.9.0, v3.9.0b4, v3.9.0b5, v3.9.0rc1, v3.9.0rc2.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2020-14422"
},
{
"cve": "CVE-2020-15358",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2020-15358"
},
{
"cve": "CVE-2020-15523",
"cwe": {
"id": "CWE-427",
"name": "Uncontrolled Search Path Element"
},
"notes": [
{
"category": "summary",
"text": "In Python 3.6 through 3.6.10, 3.7 through 3.7.8, 3.8 through 3.8.4rc1, and 3.9 through 3.9.0b4 on Windows, a Trojan horse python3.dll might be used in cases where CPython is embedded in a native application. This occurs because python3X.dll may use an invalid search path for python3.dll loading (after Py_SetPath has been used). NOTE: this issue CANNOT occur when using python.exe from a standard (non-embedded) Python installation on Windows.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2020-15523"
},
{
"cve": "CVE-2020-15778",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"notes": [
{
"category": "summary",
"text": "scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of \"anomalous argument transfers\" because that could \"stand a great chance of breaking existing workflows.\"",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2020-15778"
},
{
"cve": "CVE-2020-15801",
"cwe": {
"id": "CWE-426",
"name": "Untrusted Search Path"
},
"notes": [
{
"category": "summary",
"text": "In Python 3.8.4, sys.path restrictions specified in a python38._pth file are ignored, allowing code to be loaded from arbitrary locations. The \u003cexecutable-name\u003e._pth file (e.g., the python._pth file) is not affected.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2020-15801"
},
{
"cve": "CVE-2020-19185",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "Buffer Overflow vulnerability in one_one_mapping function in progs/dump_entry.c:1373 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2020-19185"
},
{
"cve": "CVE-2020-19186",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "Buffer Overflow vulnerability in _nc_find_entry function in tinfo/comp_hash.c:66 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2020-19186"
},
{
"cve": "CVE-2020-19187",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "Buffer Overflow vulnerability in fmt_entry function in progs/dump_entry.c:1100 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2020-19187"
},
{
"cve": "CVE-2020-19188",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "Buffer Overflow vulnerability in fmt_entry function in progs/dump_entry.c:1116 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2020-19188"
},
{
"cve": "CVE-2020-19189",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "Buffer Overflow vulnerability in postprocess_terminfo function in tinfo/parse_entry.c:997 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2020-19189"
},
{
"cve": "CVE-2020-19190",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "Buffer Overflow vulnerability in _nc_find_entry in tinfo/comp_hash.c:70 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2020-19190"
},
{
"cve": "CVE-2020-19909",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "Integer overflow vulnerability in tool_operate.c in curl 7.65.2 via a large value as the retry delay. NOTE: many parties report that this has no direct security impact on the curl user; however, it may (in theory) cause a denial of service to associated systems or networks if, for example, --retry-delay is misinterpreted as a value much smaller than what was intended. This is not especially plausible because the overflow only happens if the user was trying to specify that curl should wait weeks (or longer) before trying to recover from a transient error.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2020-19909"
},
{
"cve": "CVE-2020-21047",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "The libcpu component which is used by libasm of elfutils version 0.177 (git 47780c9e), suffers from denial-of-service vulnerability caused by application crashes due to out-of-bounds write (CWE-787), off-by-one error (CWE-193) and reachable assertion (CWE-617); to exploit the vulnerability, the attackers need to craft certain ELF files which bypass the missing bound checks.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2020-21047"
},
{
"cve": "CVE-2020-21913",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "International Components for Unicode (ICU-20850) v66.1 was discovered to contain a use after free bug in the pkg_createWithAssemblyCode function in the file tools/pkgdata/pkgdata.cpp.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2020-21913"
},
{
"cve": "CVE-2020-22218",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "An issue was discovered in function _libssh2_packet_add in libssh2 1.10.0 allows attackers to access out of bounds memory.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2020-22218"
},
{
"cve": "CVE-2020-24659",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "An issue was discovered in GnuTLS before 3.6.15. A server can trigger a NULL pointer dereference in a TLS 1.3 client if a no_renegotiation alert is sent with unexpected timing, and then an invalid second handshake occurs. The crash happens in the application\u0027s error handling path, where the gnutls_deinit function is called after detecting a handshake failure.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2020-24659"
},
{
"cve": "CVE-2020-24977",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 50f06b3e.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2020-24977"
},
{
"cve": "CVE-2020-25692",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "A NULL pointer dereference was found in OpenLDAP server and was fixed in openldap 2.4.55, during a request for renaming RDNs. An unauthenticated attacker could remotely crash the slapd process by sending a specially crafted request, causing a Denial of Service.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2020-25692"
},
{
"cve": "CVE-2020-25709",
"cwe": {
"id": "CWE-617",
"name": "Reachable Assertion"
},
"notes": [
{
"category": "summary",
"text": "A flaw was found in OpenLDAP. This flaw allows an attacker who can send a malicious packet to be processed by OpenLDAP\u2019s slapd server, to trigger an assertion failure. The highest threat from this vulnerability is to system availability.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2020-25709"
},
{
"cve": "CVE-2020-25710",
"cwe": {
"id": "CWE-617",
"name": "Reachable Assertion"
},
"notes": [
{
"category": "summary",
"text": "A flaw was found in OpenLDAP in versions before 2.4.56. This flaw allows an attacker who sends a malicious packet processed by OpenLDAP to force a failed assertion in csnNormalize23(). The highest threat from this vulnerability is to system availability.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2020-25710"
},
{
"cve": "CVE-2020-26116",
"cwe": {
"id": "CWE-74",
"name": "Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)"
},
"notes": [
{
"category": "summary",
"text": "http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2020-26116"
},
{
"cve": "CVE-2020-27618",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"notes": [
{
"category": "summary",
"text": "The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399 encodings, fails to advance the input state, which could lead to an infinite loop in applications, resulting in a denial of service, a different vulnerability from CVE-2016-10228.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2020-27618"
},
{
"cve": "CVE-2020-28196",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"notes": [
{
"category": "summary",
"text": "MIT Kerberos 5 (aka krb5) before 1.17.2 and 1.18.x before 1.18.3 allows unbounded recursion via an ASN.1-encoded Kerberos message because the lib/krb5/asn.1/asn1_encode.c support for BER indefinite lengths lacks a recursion limit.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2020-28196"
},
{
"cve": "CVE-2020-29361",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "An issue was discovered in p11-kit 0.21.1 through 0.23.21. Multiple integer overflows have been discovered in the array allocations in the p11-kit library and the p11-kit list command, where overflow checks are missing before calling realloc or calloc.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2020-29361"
},
{
"cve": "CVE-2020-29362",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "An issue was discovered in p11-kit 0.21.1 through 0.23.21. A heap-based buffer over-read has been discovered in the RPC protocol used by thep11-kit server/remote commands and the client library. When the remote entity supplies a byte array through a serialized PKCS#11 function call, the receiving entity may allow the reading of up to 4 bytes of memory past the heap allocation.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2020-29362"
},
{
"cve": "CVE-2020-29363",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "An issue was discovered in p11-kit 0.23.6 through 0.23.21. A heap-based buffer overflow has been discovered in the RPC protocol used by p11-kit server/remote commands and the client library. When the remote entity supplies a serialized byte array in a CK_ATTRIBUTE, the receiving entity may not allocate sufficient length for the buffer to store the deserialized value.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2020-29363"
},
{
"cve": "CVE-2020-29562",
"cwe": {
"id": "CWE-617",
"name": "Reachable Assertion"
},
"notes": [
{
"category": "summary",
"text": "The iconv function in the GNU C Library (aka glibc or libc6) 2.30 to 2.32, when converting UCS4 text containing an irreversible character, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2020-29562"
},
{
"cve": "CVE-2020-29573",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "sysdeps/i386/ldbl2mpn.c in the GNU C Library (aka glibc or libc6) before 2.23 on x86 targets has a stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern, as seen when passing a \\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x04 value to sprintf. NOTE: the issue does not affect glibc by default in 2016 or later (i.e., 2.23 or later) because of commits made in 2015 for inlining of C99 math functions through use of GCC built-ins. In other words, the reference to 2.23 is intentional despite the mention of \"Fixed for glibc 2.33\" in the 26649 reference.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2020-29573"
},
{
"cve": "CVE-2020-35525",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "In SQlite 3.31.1, a potential null pointer derreference was found in the INTERSEC query processing.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2020-35525"
},
{
"cve": "CVE-2020-35527",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "summary",
"text": "In SQLite 3.31.1, there is an out of bounds access problem through ALTER TABLE for views that have a nested FROM clause.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2020-35527"
},
{
"cve": "CVE-2020-36221",
"cwe": {
"id": "CWE-191",
"name": "Integer Underflow (Wrap or Wraparound)"
},
"notes": [
{
"category": "summary",
"text": "An integer underflow was discovered in OpenLDAP before 2.4.57 leading to slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2020-36221"
},
{
"cve": "CVE-2020-36222",
"cwe": {
"id": "CWE-617",
"name": "Reachable Assertion"
},
"notes": [
{
"category": "summary",
"text": "A flaw was discovered in OpenLDAP before 2.4.57 leading to an assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2020-36222"
},
{
"cve": "CVE-2020-36223",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "A flaw was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2020-36223"
},
{
"cve": "CVE-2020-36224",
"cwe": {
"id": "CWE-763",
"name": "Release of Invalid Pointer or Reference"
},
"notes": [
{
"category": "summary",
"text": "A flaw was discovered in OpenLDAP before 2.4.57 leading to an invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2020-36224"
},
{
"cve": "CVE-2020-36225",
"cwe": {
"id": "CWE-415",
"name": "Double Free"
},
"notes": [
{
"category": "summary",
"text": "A flaw was discovered in OpenLDAP before 2.4.57 leading to a double free and slapd crash in the saslAuthzTo processing, resulting in denial of service.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2020-36225"
},
{
"cve": "CVE-2020-36226",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "summary",
"text": "A flaw was discovered in OpenLDAP before 2.4.57 leading to a memch-\u003ebv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2020-36226"
},
{
"cve": "CVE-2020-36227",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"notes": [
{
"category": "summary",
"text": "A flaw was discovered in OpenLDAP before 2.4.57 leading to an infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2020-36227"
},
{
"cve": "CVE-2020-36228",
"cwe": {
"id": "CWE-191",
"name": "Integer Underflow (Wrap or Wraparound)"
},
"notes": [
{
"category": "summary",
"text": "An integer underflow was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Certificate List Exact Assertion processing, resulting in denial of service.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2020-36228"
},
{
"cve": "CVE-2020-36229",
"cwe": {
"id": "CWE-843",
"name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
},
"notes": [
{
"category": "summary",
"text": "A flaw was discovered in ldap_X509dn2bv in OpenLDAP before 2.4.57 leading to a slapd crash in the X.509 DN parsing in ad_keystring, resulting in denial of service.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2020-36229"
},
{
"cve": "CVE-2020-36230",
"cwe": {
"id": "CWE-617",
"name": "Reachable Assertion"
},
"notes": [
{
"category": "summary",
"text": "A flaw was discovered in OpenLDAP before 2.4.57 leading in an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2020-36230"
},
{
"cve": "CVE-2021-3177",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"notes": [
{
"category": "summary",
"text": "Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to c_double.from_param. This occurs because sprintf is used unsafely.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2021-3177"
},
{
"cve": "CVE-2021-3326",
"cwe": {
"id": "CWE-617",
"name": "Reachable Assertion"
},
"notes": [
{
"category": "summary",
"text": "The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid input sequences in the ISO-2022-JP-3 encoding, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2021-3326"
},
{
"cve": "CVE-2021-3426",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "summary",
"text": "There\u0027s a flaw in Python 3\u0027s pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to start a pydoc server could access the server and use it to disclose sensitive information belonging to the other user that they would not normally be able to access. The highest risk of this flaw is to data confidentiality. This flaw affects Python versions before 3.8.9, Python versions before 3.9.3 and Python versions before 3.10.0a7.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2021-3426"
},
{
"cve": "CVE-2021-3516",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "There\u0027s a flaw in libxml2\u0027s xmllint in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by xmllint could trigger a use-after-free. The greatest impact of this flaw is to confidentiality, integrity, and availability.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2021-3516"
},
{
"cve": "CVE-2021-3517",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to application availability, with some potential impact to confidentiality and integrity if an attacker is able to use memory information to further exploit the application.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2021-3517"
},
{
"cve": "CVE-2021-3518",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "There\u0027s a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2021-3518"
},
{
"cve": "CVE-2021-3520",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "There\u0027s a flaw in lz4. An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer overflow, leading to calling of memmove() on a negative size argument, causing an out-of-bounds write and/or a crash. The greatest impact of this flaw is to availability, with some potential impact to confidentiality and integrity as well.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2021-3520"
},
{
"cve": "CVE-2021-3537",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest threat from this vulnerability is to system availability.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2021-3537"
},
{
"cve": "CVE-2021-3541",
"cwe": {
"id": "CWE-776",
"name": "Improper Restriction of Recursive Entity References in DTDs (\u0027XML Entity Expansion\u0027)"
},
"notes": [
{
"category": "summary",
"text": "A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2021-3541"
},
{
"cve": "CVE-2021-3580",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "A flaw was found in the way nettle\u0027s RSA decryption functions handled specially crafted ciphertext. An attacker could use this flaw to provide a manipulated ciphertext leading to application crash and denial of service.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2021-3580"
},
{
"cve": "CVE-2021-3733",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "summary",
"text": "There\u0027s a flaw in urllib\u0027s AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during an authentication request with a specially crafted payload that is sent by the server to the client. The greatest threat that this flaw poses is to application availability.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2021-3733"
},
{
"cve": "CVE-2021-3737",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "summary",
"text": "A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2021-3737"
},
{
"cve": "CVE-2021-3826",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "summary",
"text": "Heap/stack buffer overflow in the dlang_lname function in d-demangle.c in libiberty allows attackers to potentially cause a denial of service (segmentation fault and crash) via a crafted mangled symbol.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2021-3826"
},
{
"cve": "CVE-2021-3997",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"notes": [
{
"category": "summary",
"text": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2021-3997"
},
{
"cve": "CVE-2021-3998",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "A flaw was found in glibc. The realpath() function can mistakenly return an unexpected value, potentially leading to information leakage and disclosure of sensitive data.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2021-3998"
},
{
"cve": "CVE-2021-3999",
"cwe": {
"id": "CWE-193",
"name": "Off-by-one Error"
},
"notes": [
{
"category": "summary",
"text": "A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd() in a setuid program could use this flaw to potentially execute arbitrary code and escalate their privileges on the system.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2021-3999"
},
{
"cve": "CVE-2021-4122",
"cwe": {
"id": "CWE-345",
"name": "Insufficient Verification of Data Authenticity"
},
"notes": [
{
"category": "summary",
"text": "It was found that a specially crafted LUKS header could trick cryptsetup into disabling encryption during the recovery of the device. An attacker with physical access to the medium, such as a flash disk, could use this flaw to force a user into permanently disabling the encryption layer of that medium.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2021-4122"
},
{
"cve": "CVE-2021-4189",
"cwe": {
"id": "CWE-252",
"name": "Unchecked Return Value"
},
"notes": [
{
"category": "summary",
"text": "A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode. The issue is how the FTP client trusts the host from the PASV response by default. This flaw allows an attacker to set up a malicious FTP server that can trick FTP clients into connecting back to a given IP address and port. This vulnerability could lead to FTP client scanning ports, which otherwise would not have been possible.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2021-4189"
},
{
"cve": "CVE-2021-4209",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "A NULL pointer dereference flaw was found in GnuTLS. As Nettle\u0027s hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2021-4209"
},
{
"cve": "CVE-2021-20193",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "A flaw was found in the src/list.c of tar 1.33 and earlier. This flaw allows an attacker who can submit a crafted input file to tar to cause uncontrolled consumption of memory. The highest threat from this vulnerability is to system availability.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2021-20193"
},
{
"cve": "CVE-2021-20227",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "A flaw was found in SQLite\u0027s SELECT query functionality (src/select.c). This flaw allows an attacker who is capable of running SQL queries locally on the SQLite database to cause a denial of service or possible code execution by triggering a use-after-free. The highest threat from this vulnerability is to system availability.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2021-20227"
},
{
"cve": "CVE-2021-20231",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "A flaw was found in gnutls. A use after free issue in client sending key_share extension may lead to memory corruption and other consequences.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2021-20231"
},
{
"cve": "CVE-2021-20232",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "A flaw was found in gnutls. A use after free issue in client_send_params in lib/ext/pre_shared_key.c may lead to memory corruption and other potential consequences.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2021-20232"
},
{
"cve": "CVE-2021-20305",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA \u0026 ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply function being called with out-of-range scalers, possibly resulting in incorrect results. This flaw allows an attacker to force an invalid signature, causing an assertion failure or possible validation. The highest threat to this vulnerability is to confidentiality, integrity, as well as system availability.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2021-20305"
},
{
"cve": "CVE-2021-22876",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "summary",
"text": "curl 7.1.1 to and including 7.75.0 is vulnerable to an \"Exposure of Private Personal Information to an Unauthorized Actor\" by leaking credentials in the HTTP Referer: header. libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP request header field in outgoing HTTP requests, and therefore risks leaking sensitive data to the server that is the target of the second HTTP request.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2021-22876"
},
{
"cve": "CVE-2021-22890",
"cwe": {
"id": "CWE-290",
"name": "Authentication Bypass by Spoofing"
},
"notes": [
{
"category": "summary",
"text": "curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS 1.3 session tickets. When using a HTTPS proxy and TLS 1.3, libcurl can confuse session tickets arriving from the HTTPS proxy but work as if they arrived from the remote server and then wrongly \"short-cut\" the host handshake. When confusing the tickets, a HTTPS proxy can trick libcurl to use the wrong session ticket resume for the host and thereby circumvent the server TLS certificate check and make a MITM attack to be possible to perform unnoticed. Note that such a malicious HTTPS proxy needs to provide a certificate that curl will accept for the MITMed server for an attack to work - unless curl has been told to ignore the server certificate check.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2021-22890"
},
{
"cve": "CVE-2021-22897",
"cwe": {
"id": "CWE-668",
"name": "Exposure of Resource to Wrong Sphere"
},
"notes": [
{
"category": "summary",
"text": "curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPT_SSL_CIPHER_LIST when libcurl is built to use the Schannel TLS library. The selected cipher set was stored in a single \"static\" variable in the library, which has the surprising side-effect that if an application sets up multiple concurrent transfers, the last one that sets the ciphers will accidentally control the set used by all transfers. In a worst-case scenario, this weakens transport security significantly.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2021-22897"
},
{
"cve": "CVE-2021-22898",
"cwe": {
"id": "CWE-909",
"name": "Missing Initialization of Resource"
},
"notes": [
{
"category": "summary",
"text": "**NOTE: CVE-2021-22898 is an incomplete fix (see https://hackerone.com/reports/1223882)! Check if affected products also have fixed CVE-22925 instead! Do not use CVE-2021-22898 in public advisories!**\r\n\r\ncurl 7.7 through 7.76.1 suffers from an information disclosure when the `-t` command line option, known as `CURLOPT_TELNETOPTIONS` in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEW_ENV variables, libcurl could be made to pass on uninitialized data from a stack based buffer to the server, resulting in potentially revealing sensitive internal information to the server using a clear-text network protocol.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2021-22898"
},
{
"cve": "CVE-2021-22901",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "curl 7.75.0 through 7.76.1 suffers from a use-after-free vulnerability resulting in already freed memory being used when a TLS 1.3 session ticket arrives over a connection. A malicious server can use this in rare unfortunate circumstances to potentially reach remote code execution in the client. When libcurl at run-time sets up support for TLS 1.3 session tickets on a connection using OpenSSL, it stores pointers to the transfer in-memory object for later retrieval when a session ticket arrives. If the connection is used by multiple transfers (like with a reused HTTP/1.1 connection or multiplexed HTTP/2 connection) that first transfer object might be freed before the new session is established on that connection and then the function will access a memory buffer that might be freed. When using that memory, libcurl might even call a function pointer in the object, making it possible for a remote code execution if the server could somehow manage to get crafted memory content into the correct place in memory.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2021-22901"
},
{
"cve": "CVE-2021-22922",
"cwe": {
"id": "CWE-354",
"name": "Improper Validation of Integrity Check Value"
},
"notes": [
{
"category": "summary",
"text": "When curl is instructed to download content using the metalink feature, thecontents is verified against a hash provided in the metalink XML file.The metalink XML file points out to the client how to get the same contentfrom a set of different URLs, potentially hosted by different servers and theclient can then download the file from one or several of them. In a serial orparallel manner.If one of the servers hosting the contents has been breached and the contentsof the specific file on that server is replaced with a modified payload, curlshould detect this when the hash of the file mismatches after a completeddownload. It should remove the contents and instead try getting the contentsfrom another URL. This is not done, and instead such a hash mismatch is onlymentioned in text and the potentially malicious content is kept in the file ondisk.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2021-22922"
},
{
"cve": "CVE-2021-22923",
"cwe": {
"id": "CWE-522",
"name": "Insufficiently Protected Credentials"
},
"notes": [
{
"category": "summary",
"text": "When curl is instructed to get content using the metalink feature, and a user name and password are used to download the metalink XML file, those same credentials are then subsequently passed on to each of the servers from which curl will download or try to download the contents from. Often contrary to the user\u0027s expectations and intentions and without telling the user it happened.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2021-22923"
},
{
"cve": "CVE-2021-22924",
"cwe": {
"id": "CWE-706",
"name": "Use of Incorrectly-Resolved Name or Reference"
},
"notes": [
{
"category": "summary",
"text": "libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse, if one of them matches the setup. Due to errors in the logic, the config matching function did not take \u0027issuercert\u0027 into account and it compared the involved paths *case insensitively*, which could lead to libcurl reusing wrong connections. File paths are, or can be, case sensitive on many systems but not all, and can even vary depending on used file systems. The comparison also didn\u0027t include the \u0027issuer cert\u0027 which a transfer can set to qualify how to verify the server certificate.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2021-22924"
},
{
"cve": "CVE-2021-22925",
"cwe": {
"id": "CWE-908",
"name": "Use of Uninitialized Resource"
},
"notes": [
{
"category": "summary",
"text": "curl supports the `-t` command line option, known as `CURLOPT_TELNETOPTIONS` in libcurl. This rarely used option is used to send variable=content pairs to TELNET servers. Due to flaw in the option parser for sending `NEW_ENV` variables, libcurl could be made to pass on uninitialized data from a stack based buffer to the server. Therefore potentially revealing sensitive internal information to the server using a clear-text network protocol. This could happen because curl did not call and use sscanf() correctly when parsing the string provided by the application.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2021-22925"
},
{
"cve": "CVE-2021-22926",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"notes": [
{
"category": "summary",
"text": "libcurl-using applications can ask for a specific client certificate to be used in a transfer. This is done with the `CURLOPT_SSLCERT` option (`--cert` with the command line tool).When libcurl is built to use the macOS native TLS library Secure Transport, an application can ask for the client certificate by name or with a file name - using the same option. If the name exists as a file, it will be used instead of by name.If the appliction runs with a current working directory that is writable by other users (like `/tmp`), a malicious user can create a file name with the same name as the app wants to use by name, and thereby trick the application to use the file based cert instead of the one referred to by name making libcurl send the wrong client certificate in the TLS connection handshake.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2021-22926"
},
{
"cve": "CVE-2021-22945",
"cwe": {
"id": "CWE-415",
"name": "Double Free"
},
"notes": [
{
"category": "summary",
"text": "When sending data to an MQTT server, libcurl \u003c= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call to send data and also free it *again*.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2021-22945"
},
{
"cve": "CVE-2021-22946",
"cwe": {
"id": "CWE-319",
"name": "Cleartext Transmission of Sensitive Information"
},
"notes": [
{
"category": "summary",
"text": "A user can tell curl \u003e= 7.20.0 and \u003c= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (`--ssl-reqd` on the command line or`CURLOPT_USE_SSL` set to `CURLUSESSL_CONTROL` or `CURLUSESSL_ALL` withlibcurl). This requirement could be bypassed if the server would return a properly crafted but perfectly legitimate response.This flaw would then make curl silently continue its operations **withoutTLS** contrary to the instructions and expectations, exposing possibly sensitive data in clear text over the network.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2021-22946"
},
{
"cve": "CVE-2021-22947",
"cwe": {
"id": "CWE-345",
"name": "Insufficient Verification of Data Authenticity"
},
"notes": [
{
"category": "summary",
"text": "When curl \u003e= 7.20.0 and \u003c= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server can respond and send back multiple responses at once that curl caches. curl would then upgrade to TLS but not flush the in-queue of cached responses but instead continue using and trustingthe responses it got *before* the TLS handshake as if they were authenticated.Using this flaw, it allows a Man-In-The-Middle attacker to first inject the fake responses, then pass-through the TLS traffic from the legitimate server and trick curl into sending data back to the user thinking the attacker\u0027s injected data comes from the TLS-protected server.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2021-22947"
},
{
"cve": "CVE-2021-23336",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H/E:P/RL:U/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2021-23336"
},
{
"cve": "CVE-2021-27212",
"cwe": {
"id": "CWE-617",
"name": "Reachable Assertion"
},
"notes": [
{
"category": "summary",
"text": "In OpenLDAP through 2.4.57 and 2.5.x through 2.5.1alpha, an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema_init.c and checkTime.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2021-27212"
},
{
"cve": "CVE-2021-27218",
"cwe": {
"id": "CWE-681",
"name": "Incorrect Conversion between Numeric Types"
},
"notes": [
{
"category": "summary",
"text": "An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. If g_byte_array_new_take() was called with a buffer of 4GB or more on a 64-bit platform, the length would be truncated modulo 2**32, causing unintended length truncation.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2021-27218"
},
{
"cve": "CVE-2021-27219",
"cwe": {
"id": "CWE-681",
"name": "Incorrect Conversion between Numeric Types"
},
"notes": [
{
"category": "summary",
"text": "An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function g_bytes_new has an integer overflow on 64-bit platforms due to an implicit cast from 64 bits to 32 bits. The overflow could potentially lead to memory corruption.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2021-27219"
},
{
"cve": "CVE-2021-27645",
"cwe": {
"id": "CWE-415",
"name": "Double Free"
},
"notes": [
{
"category": "summary",
"text": "The nameserver caching daemon (nscd) in the GNU C Library (aka glibc or libc6) 2.29 through 2.33, when processing a request for netgroup lookup, may crash due to a double-free, potentially resulting in degraded service or Denial of Service on the local system. This is related to netgroupcache.c.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2021-27645"
},
{
"cve": "CVE-2021-28041",
"cwe": {
"id": "CWE-415",
"name": "Double Free"
},
"notes": [
{
"category": "summary",
"text": "ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2021-28041"
},
{
"cve": "CVE-2021-28153",
"cwe": {
"id": "CWE-59",
"name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
},
"notes": [
{
"category": "summary",
"text": "An issue was discovered in GNOME GLib before 2.66.8. When g_file_replace() is used with G_FILE_CREATE_REPLACE_DESTINATION to replace a path that is a dangling symlink, it incorrectly also creates the target of the symlink as an empty file, which could conceivably have security relevance if the symlink is attacker-controlled. (If the path is a symlink to a file that already exists, then the contents of that file correctly remain unchanged.)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2021-28153"
},
{
"cve": "CVE-2021-28363",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"notes": [
{
"category": "summary",
"text": "The urllib3 library 1.26.x before 1.26.4 for Python omits SSL certificate validation in some cases involving HTTPS to HTTPS proxies. The initial connection to the HTTPS proxy (if an SSLContext isn\u0027t given via proxy_config) doesn\u0027t verify the hostname of the certificate. This means certificates for different servers that still validate properly with the default urllib3 SSLContext will be silently accepted.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2021-28363"
},
{
"cve": "CVE-2021-28861",
"cwe": {
"id": "CWE-601",
"name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
},
"notes": [
{
"category": "summary",
"text": "Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of URI path which may leads to information disclosure. NOTE: this is disputed by a third party because the http.server.html documentation page states \"Warning: http.server is not recommended for production. It only implements basic security checks.\"",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2021-28861"
},
{
"cve": "CVE-2021-31239",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "An issue found in SQLite SQLite3 v.3.35.4 that could allow a remote attacker to cause a denial of service via the appendvfs.c function.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2021-31239"
},
{
"cve": "CVE-2021-32292",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "An issue was discovered in json-c from 20200420 (post 0.14 unreleased code) through 0.15-20200726. A stack-buffer-overflow exists in the auxiliary sample program json_parse which is located in the function parseit.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2021-32292"
},
{
"cve": "CVE-2021-33294",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In elfutils 0.183, an infinite loop was found in the function handle_symtab in readelf.c .Which allows attackers to cause a denial of service (infinite loop) via crafted file.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2021-33294"
},
{
"cve": "CVE-2021-33560",
"cwe": {
"id": "CWE-203",
"name": "Observable Discrepancy"
},
"notes": [
{
"category": "summary",
"text": "Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm, and the window size is not chosen appropriately. This, for example, affects use of ElGamal in OpenPGP.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2021-33560"
},
{
"cve": "CVE-2021-33574",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller, leading to a denial of service (application crash) or possibly unspecified other impact.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2021-33574"
},
{
"cve": "CVE-2021-33910",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "summary",
"text": "The use of alloca function with an uncontrolled size in function unit_name_path_escape allows a local attacker, able to mount a filesystem on a very long path, to crash systemd and the whole system by allocating a very large space in the stack.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2021-33910"
},
{
"cve": "CVE-2021-35942",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in parse_param (in posix/wordexp.c) when called with an untrusted, crafted pattern, potentially resulting in a denial of service or disclosure of information. This occurs because atoi was used but strtoul should have been used to ensure correct calculations.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2021-35942"
},
{
"cve": "CVE-2021-36084",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from __cil_verify_classpermission and __cil_pre_verify_helper).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2021-36084"
},
{
"cve": "CVE-2021-36085",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from __verify_map_perm_classperms and hashtab_map).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2021-36085"
},
{
"cve": "CVE-2021-36086",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "The CIL compiler in SELinux 3.2 has a use-after-free in cil_reset_classpermission (called from cil_reset_classperms_set and cil_reset_classperms_list).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2021-36086"
},
{
"cve": "CVE-2021-36087",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "The CIL compiler in SELinux 3.2 has a heap-based buffer over-read in ebitmap_match_any (called indirectly from cil_check_neverallow). This occurs because there is sometimes a lack of checks for invalid statements in an optional block.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2021-36087"
},
{
"cve": "CVE-2021-36222",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon crash. This occurs because a return value is not properly managed in a certain situation.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2021-36222"
},
{
"cve": "CVE-2021-36690",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "summary",
"text": "A segmentation fault can occur in the sqlite3.exe command-line component of SQLite 3.36.0 via the idxGetTableInfo function when there is a crafted SQL query. NOTE: the vendor disputes the relevance of this report because a sqlite3.exe user already has full privileges (e.g., is intentionally allowed to execute commands). This report does NOT imply any problem in the SQLite library.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2021-36690"
},
{
"cve": "CVE-2021-37600",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "An integer overflow in util-linux through 2.37.1 can potentially cause a buffer overflow if an attacker were able to use system resources in a way that leads to a large number in the /proc/sysvipc/sem file. NOTE: this is unexploitable in GNU C Library environments, and possibly in all realistic environments",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "mitigation",
"details": "For earlier versions see the recommendations from section Workarounds and Mitigations",
"product_ids": [
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2021-37600"
},
{
"cve": "CVE-2021-37750",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference in kdc/do_tgs_req.c via a FAST inner body that lacks a server field.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "mitigation",
"details": "For earlier versions see the recommendations from section Workarounds and Mitigations",
"product_ids": [
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2021-37750"
},
{
"cve": "CVE-2021-38604",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "In librt in the GNU C Library (aka glibc) through 2.34, sysdeps/unix/sysv/linux/mq_notify.c mishandles certain NOTIFY_REMOVED data, leading to a NULL pointer dereference. NOTE: this vulnerability was introduced as a side effect of the CVE-2021-33574 fix.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2021-38604"
},
{
"cve": "CVE-2021-43396",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "summary",
"text": "** DISPUTED ** In iconvdata/iso-2022-jp-3.c in the GNU C Library (aka glibc) 2.34, remote attackers can force iconv() to emit a spurious \u0027\\0\u0027 character via crafted ISO-2022-JP-3 data that is accompanied by an internal state reset. This may affect data integrity in certain iconv() use cases. NOTE: the vendor states \"the bug cannot be invoked through user input and requires iconv to be invoked with a NULL inbuf, which ought to require a separate application bug to do so unintentionally. Hence there\u0027s no security impact to the bug.\"",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2021-43396"
},
{
"cve": "CVE-2021-43618",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2021-43618"
},
{
"cve": "CVE-2021-44879",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "In gc_data_segment in fs/f2fs/gc.c in the Linux kernel before 5.16.3, special files are not considered, leading to a move_data_page NULL pointer dereference.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2021-44879"
},
{
"cve": "CVE-2021-45960",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "summary",
"text": "In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2021-45960"
},
{
"cve": "CVE-2021-46143",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2021-46143"
},
{
"cve": "CVE-2021-46195",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"notes": [
{
"category": "summary",
"text": "GCC v12.0 was discovered to contain an uncontrolled recursion via the component libiberty/rust-demangle.c. This vulnerability allows attackers to cause a Denial of Service (DoS) by consuming excessive CPU and memory resources.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2021-46195"
},
{
"cve": "CVE-2021-46828",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "summary",
"text": "In libtirpc before 1.3.3rc1, remote attackers could exhaust the file descriptors of a process that uses libtirpc because idle TCP connections are mishandled. This can, in turn, lead to an svc_run infinite loop without accepting new connections.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2021-46828"
},
{
"cve": "CVE-2021-46848",
"cwe": {
"id": "CWE-193",
"name": "Off-by-one Error"
},
"notes": [
{
"category": "summary",
"text": "GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2021-46848"
},
{
"cve": "CVE-2022-0391",
"cwe": {
"id": "CWE-74",
"name": "Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)"
},
"notes": [
{
"category": "summary",
"text": "A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator (URL) strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like \u0027\\r\u0027 and \u0027\\n\u0027 in the URL path. This flaw allows an attacker to input a crafted URL, leading to injection attacks. This flaw affects Python versions prior to 3.10.0b1, 3.9.5, 3.8.11, 3.7.11 and 3.6.14.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2022-0391"
},
{
"cve": "CVE-2022-0563",
"cwe": {
"id": "CWE-209",
"name": "Generation of Error Message Containing Sensitive Information"
},
"notes": [
{
"category": "summary",
"text": "A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an \"INPUTRC\" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2022-0563"
},
{
"cve": "CVE-2022-0778",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"notes": [
{
"category": "summary",
"text": "The BN_mod_sqrt() function in openSSL, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2022-0778"
},
{
"cve": "CVE-2022-1271",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "An arbitrary file write vulnerability was found in GNU gzip\u0027s zgrep utility. When zgrep is applied on the attacker\u0027s chosen file name (for example, a crafted file name), this can overwrite an attacker\u0027s content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2022-1271"
},
{
"cve": "CVE-2022-1292",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"notes": [
{
"category": "summary",
"text": "The c_rehash script does not properly sanitise shell metacharacters to prevent command injection.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2022-1292"
},
{
"cve": "CVE-2022-1304",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2022-1304"
},
{
"cve": "CVE-2022-1343",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"notes": [
{
"category": "summary",
"text": "Under certain circumstances, the command line OCSP verify function reports successful verification when the verification in fact failed. In this case the incorrect successful response will also be accompanied by error messages showing the failure and contradicting the apparently successful result.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2022-1343"
},
{
"cve": "CVE-2022-1434",
"cwe": {
"id": "CWE-327",
"name": "Use of a Broken or Risky Cryptographic Algorithm"
},
"notes": [
{
"category": "summary",
"text": "When using the RC4-MD5 ciphersuite, which is disabled by default, an attacker is able to modify data in transit due to an incorrect use of the AAD data as the MAC key in OpenSSL 3.0. An attacker is not able to decrypt any communication.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2022-1434"
},
{
"cve": "CVE-2022-1473",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"notes": [
{
"category": "summary",
"text": "The used OpenSSL version improperly reuses memory when decoding certificates or keys. This can lead to a process termination and Denial of Service for long lived processes.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2022-1473"
},
{
"cve": "CVE-2022-2068",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2022-2068"
},
{
"cve": "CVE-2022-2097",
"cwe": {
"id": "CWE-326",
"name": "Inadequate Encryption Strength"
},
"notes": [
{
"category": "summary",
"text": "AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn\u0027t written. In the special case of \"in place\" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2022-2097"
},
{
"cve": "CVE-2022-2274",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X86_64 CPUs supporting the AVX512IFMA instructions. This issue makes the RSA implementation with 2048 bit private keys incorrect on such machines and memory corruption will happen during the computation. As a consequence of the memory corruption an attacker may be able to trigger a remote code execution on the machine performing the computation. SSL/TLS servers or other servers using 2048 bit RSA private keys running on machines supporting AVX512IFMA instructions of the X86_64 architecture are affected by this issue.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2022-2274"
},
{
"cve": "CVE-2022-2509",
"cwe": {
"id": "CWE-415",
"name": "Double Free"
},
"notes": [
{
"category": "summary",
"text": "A vulnerability found in gnutls. This security flaw happens because of a double free error occurs during verification of pkcs7 signatures in gnutls_pkcs7_verify function.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2022-2509"
},
{
"cve": "CVE-2022-3715",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "A flaw was found in the bash package, where a heap-buffer overflow can occur in valid parameter_transform. This issue may lead to memory problems.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2022-3715"
},
{
"cve": "CVE-2022-3821",
"cwe": {
"id": "CWE-193",
"name": "Off-by-one Error"
},
"notes": [
{
"category": "summary",
"text": "An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. An attacker could supply specific values for time and accuracy that leads to buffer overrun in format_timespan(), leading to a Denial of Service.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2022-3821"
},
{
"cve": "CVE-2022-4304",
"cwe": {
"id": "CWE-326",
"name": "Inadequate Encryption Strength"
},
"notes": [
{
"category": "summary",
"text": "A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages for decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE. For example, in a TLS connection, RSA is commonly used by a client to send an encrypted pre-master secret to the server. An attacker that had observed a genuine connection between a client and a server could use this flaw to send trial messages to the server and record the time taken to process them. After a sufficiently large number of messages the attacker could recover the pre-master secret used for the original connection and thus be able to decrypt the application data sent over that connection.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Disable the use of RSA ciphers in the web server configuration; note that RSA ciphers are disabled by default",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2022-4304"
},
{
"cve": "CVE-2022-4450",
"cwe": {
"id": "CWE-415",
"name": "Double Free"
},
"notes": [
{
"category": "summary",
"text": "The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the \"name\" (e.g. \"CERTIFICATE\"), any header data and the payload data. If the function succeeds then the \"name_out\", \"header\" and \"data\" arguments are populated with pointers to buffers containing the relevant decoded data. The caller is responsible for freeing those buffers. It is possible to construct a PEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex() will return a failure code but will populate the header argument with a pointer to a buffer that has already been freed. If the caller also frees this buffer then a double free will occur. This will most likely lead to a crash. This could be exploited by an attacker who has the ability to supply malicious PEM files for parsing to achieve a denial of service attack. The functions PEM_read_bio() and PEM_read() are simple wrappers around PEM_read_bio_ex() and therefore these functions are also directly affected. These functions are also called indirectly by a number of other OpenSSL functions including PEM_X509_INFO_read_bio_ex() and SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL internal uses of these functions are not vulnerable because the caller does not free the header argument if PEM_read_bio_ex() returns a failure code. These locations include the PEM_read_bio_TYPE() functions as well as the decoders introduced in OpenSSL 3.0. The OpenSSL asn1parse command line application is also impacted by this issue.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Do not import or configure certificate files in PEM format from untrusted sources",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2022-4450"
},
{
"cve": "CVE-2022-22576",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"notes": [
{
"category": "summary",
"text": "An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocols: SMPTP(S), IMAP(S), POP3(S) and LDAP(S) (openldap only).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2022-22576"
},
{
"cve": "CVE-2022-22822",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2022-22822"
},
{
"cve": "CVE-2022-22823",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2022-22823"
},
{
"cve": "CVE-2022-22824",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2022-22824"
},
{
"cve": "CVE-2022-22825",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2022-22825"
},
{
"cve": "CVE-2022-22826",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2022-22826"
},
{
"cve": "CVE-2022-22827",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2022-22827"
},
{
"cve": "CVE-2022-23218",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"notes": [
{
"category": "summary",
"text": "The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2022-23218"
},
{
"cve": "CVE-2022-23219",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"notes": [
{
"category": "summary",
"text": "The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2022-23219"
},
{
"cve": "CVE-2022-23308",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2022-23308"
},
{
"cve": "CVE-2022-23852",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2022-23852"
},
{
"cve": "CVE-2022-23990",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2022-23990"
},
{
"cve": "CVE-2022-24407",
"cwe": {
"id": "CWE-89",
"name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2022-24407"
},
{
"cve": "CVE-2022-25235",
"cwe": {
"id": "CWE-116",
"name": "Improper Encoding or Escaping of Output"
},
"notes": [
{
"category": "summary",
"text": "xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2022-25235"
},
{
"cve": "CVE-2022-25236",
"cwe": {
"id": "CWE-668",
"name": "Exposure of Resource to Wrong Sphere"
},
"notes": [
{
"category": "summary",
"text": "xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2022-25236"
},
{
"cve": "CVE-2022-25313",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "summary",
"text": "In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2022-25313"
},
{
"cve": "CVE-2022-25314",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2022-25314"
},
{
"cve": "CVE-2022-25315",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2022-25315"
},
{
"cve": "CVE-2022-26488",
"cwe": {
"id": "CWE-426",
"name": "Untrusted Search Path"
},
"notes": [
{
"category": "summary",
"text": "In Python before 3.10.3 on Windows, local users can gain privileges because the search path is inadequately secured. The installer may allow a local attacker to add user-writable directories to the system search path. To exploit, an administrator must have installed Python for all users and enabled PATH entries. A non-administrative user can trigger a repair that incorrectly adds user-writable paths into PATH, enabling search-path hijacking of other users and system services. This affects Python (CPython) through 3.7.12, 3.8.x through 3.8.12, 3.9.x through 3.9.10, and 3.10.x through 3.10.2.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2022-26488"
},
{
"cve": "CVE-2022-27774",
"cwe": {
"id": "CWE-522",
"name": "Insufficiently Protected Credentials"
},
"notes": [
{
"category": "summary",
"text": "An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on different protocols or port numbers.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2022-27774"
},
{
"cve": "CVE-2022-27775",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "summary",
"text": "An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a connection instead.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2022-27775"
},
{
"cve": "CVE-2022-27776",
"cwe": {
"id": "CWE-522",
"name": "Insufficiently Protected Credentials"
},
"notes": [
{
"category": "summary",
"text": "A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2022-27776"
},
{
"cve": "CVE-2022-27778",
"cwe": {
"id": "CWE-706",
"name": "Use of Incorrectly-Resolved Name or Reference"
},
"notes": [
{
"category": "summary",
"text": "A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when `--no-clobber` is used together with `--remove-on-error`.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2022-27778"
},
{
"cve": "CVE-2022-27779",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "summary",
"text": "libcurl wrongly allows cookies to be set for Top Level Domains (TLDs) if thehost name is provided with a trailing dot.curl can be told to receive and send cookies. curl\u0027s \"cookie engine\" can bebuilt with or without [Public Suffix List](https://publicsuffix.org/)awareness. If PSL support not provided, a more rudimentary check exists to atleast prevent cookies from being set on TLDs. This check was broken if thehost name in the URL uses a trailing dot.This can allow arbitrary sites to set cookies that then would get sent to adifferent and unrelated site or domain.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2022-27779"
},
{
"cve": "CVE-2022-27780",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"notes": [
{
"category": "summary",
"text": "The curl URL parser wrongly accepts percent-encoded URL separators like \u0027/\u0027when decoding the host name part of a URL, making it a *different* URL usingthe wrong host name when it is later retrieved.For example, a URL like `http://example.com%2F127.0.0.1/`, would be allowed bythe parser and get transposed into `http://example.com/127.0.0.1/`. This flawcan be used to circumvent filters, checks and more.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2022-27780"
},
{
"cve": "CVE-2022-27781",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "summary",
"text": "libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returned about a server\u0027s certificate chain.Due to an erroneous function, a malicious server could make libcurl built withNSS get stuck in a never-ending busy-loop when trying to retrieve thatinformation.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2022-27781"
},
{
"cve": "CVE-2022-27782",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"notes": [
{
"category": "summary",
"text": "libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However, several TLS andSSH settings were left out from the configuration match checks, making themmatch too easily.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2022-27782"
},
{
"cve": "CVE-2022-27943",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"notes": [
{
"category": "summary",
"text": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2022-27943"
},
{
"cve": "CVE-2022-28321",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"notes": [
{
"category": "summary",
"text": "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allows authentication bypass for SSH logins. The pam_access.so module doesn\u0027t correctly restrict login if a user tries to connect from an IP address that is not resolvable via DNS. In such conditions, a user with denied access to a machine can still get access. NOTE: the relevance of this issue is largely limited to openSUSE Tumbleweed and openSUSE Factory; it does not affect Linux-PAM upstream.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2022-28321"
},
{
"cve": "CVE-2022-29155",
"cwe": {
"id": "CWE-89",
"name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend to slapd, via a SQL statement within an LDAP query. This can occur during an LDAP search operation when the search filter is processed, due to a lack of proper escaping.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2022-29155"
},
{
"cve": "CVE-2022-29824",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don\u0027t check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2\u0027s buffer functions, for example libxslt through 1.1.35, is affected as well.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2022-29824"
},
{
"cve": "CVE-2022-30115",
"cwe": {
"id": "CWE-319",
"name": "Cleartext Transmission of Sensitive Information"
},
"notes": [
{
"category": "summary",
"text": "Using its HSTS support, curl can be instructed to use HTTPS directly insteadof using an insecure clear-text HTTP step even when HTTP is provided in theURL. This mechanism could be bypassed if the host name in the given URL used atrailing dot while not using one when it built the HSTS cache. Or the otherway around - by having the trailing dot in the HSTS cache and *not* using thetrailing dot in the URL.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2022-30115"
},
{
"cve": "CVE-2022-32205",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "summary",
"text": "A malicious server can serve excessive amounts of \"Set-Cookie:\" headers in a HTTP response to curl and curl \u003c 7.84.0 stores all of them. A sufficiently large amount of (big) cookies make subsequent HTTP requests to this, or other servers to which the cookies match, create requests that become larger than the threshold that curl uses internally to avoid sending crazy large requests (1048576 bytes) and instead returns an error.This denial state might remain for as long as the same cookies are kept, match and haven\u0027t expired. Due to cookie matching rules, a server on \"foo.example.com\" can set cookies that also would match for \"bar.example.com\", making it it possible for a \"sister server\" to effectively cause a denial of service for a sibling site on the same second level domain using this method.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2022-32205"
},
{
"cve": "CVE-2022-32206",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "summary",
"text": "curl \u003c 7.84.0 supports \"chained\" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable \"links\" in this \"decompression chain\" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a \"malloc bomb\", makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2022-32206"
},
{
"cve": "CVE-2022-32207",
"cwe": {
"id": "CWE-276",
"name": "Incorrect Default Permissions"
},
"notes": [
{
"category": "summary",
"text": "When curl \u003c 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2022-32207"
},
{
"cve": "CVE-2022-32208",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "When curl \u003c 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2022-32208"
},
{
"cve": "CVE-2022-32221",
"cwe": {
"id": "CWE-440",
"name": "Expected Behavior Violation"
},
"notes": [
{
"category": "summary",
"text": "When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously was used to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the subsequent `POST` request. The problem exists in the logic for a reused handle when it is changed from a PUT to a POST.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2022-32221"
},
{
"cve": "CVE-2022-35252",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"notes": [
{
"category": "summary",
"text": "When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a\"sister site\" to deny service to all siblings.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2022-35252"
},
{
"cve": "CVE-2022-35260",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"notes": [
{
"category": "summary",
"text": "curl can be told to parse a `.netrc` file for credentials. If that file endsin a line with 4095 consecutive non-white space letters and no newline, curlwould first read past the end of the stack-based buffer, and if the readworks, write a zero byte beyond its boundary.This will in most cases cause a segfault or similar, but circumstances might also cause different outcomes.If a malicious user can provide a custom netrc file to an application or otherwise affect its contents, this flaw could be used as denial-of-service.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2022-35260"
},
{
"cve": "CVE-2022-35737",
"cwe": {
"id": "CWE-129",
"name": "Improper Validation of Array Index"
},
"notes": [
{
"category": "summary",
"text": "SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2022-35737"
},
{
"cve": "CVE-2022-37434",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2022-37434"
},
{
"cve": "CVE-2022-37454",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2022-37454"
},
{
"cve": "CVE-2022-40303",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation fault.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2022-40303"
},
{
"cve": "CVE-2022-40304",
"cwe": {
"id": "CWE-415",
"name": "Double Free"
},
"notes": [
{
"category": "summary",
"text": "An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2022-40304"
},
{
"cve": "CVE-2022-40674",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2022-40674"
},
{
"cve": "CVE-2022-42898",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow), and cause a denial of service on other platforms. This occurs in krb5_pac_parse in lib/krb5/krb/pac.c. Heimdal before 7.7.1 has \"a similar bug.\"",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2022-42898"
},
{
"cve": "CVE-2022-42915",
"cwe": {
"id": "CWE-415",
"name": "Double Free"
},
"notes": [
{
"category": "summary",
"text": "curl before 7.86.0 has a double free. If curl is told to use an HTTP proxy for a transfer with a non-HTTP(S) URL, it sets up the connection to the remote server by issuing a CONNECT request to the proxy, and then tunnels the rest of the protocol through. An HTTP proxy might refuse this request (HTTP proxies often only allow outgoing connections to specific port numbers, like 443 for HTTPS) and instead return a non-200 status code to the client. Due to flaws in the error/cleanup handling, this could trigger a double free in curl if one of the following schemes were used in the URL for the transfer: dict, gopher, gophers, ldap, ldaps, rtmp, rtmps, or telnet. The earliest affected version is 7.77.0.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2022-42915"
},
{
"cve": "CVE-2022-42916",
"cwe": {
"id": "CWE-319",
"name": "Cleartext Transmission of Sensitive Information"
},
"notes": [
{
"category": "summary",
"text": "In curl before 7.86.0, the HSTS check could be bypassed to trick it into staying with HTTP. Using its HSTS support, curl can be instructed to use HTTPS directly (instead of using an insecure cleartext HTTP step) even when HTTP is provided in the URL. This mechanism could be bypassed if the host name in the given URL uses IDN characters that get replaced with ASCII counterparts as part of the IDN conversion, e.g., using the character UTF-8 U+3002 (IDEOGRAPHIC FULL STOP) instead of the common ASCII full stop of U+002E (.). The earliest affected version is 7.77.0 2021-05-26.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2022-42916"
},
{
"cve": "CVE-2022-43551",
"cwe": {
"id": "CWE-319",
"name": "Cleartext Transmission of Sensitive Information"
},
"notes": [
{
"category": "summary",
"text": "A vulnerability exists in curl \u003c7.87.0 HSTS check that could be bypassed to trick it to keep using HTTP. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP step even when HTTP is provided in the URL. However, the HSTS mechanism could be bypassed if the host name in the given URL first uses IDN characters that get replaced to ASCII counterparts as part of the IDN conversion. Like using the character UTF-8 U+3002 (IDEOGRAPHIC FULL STOP) instead of the common ASCII full stop U+002E (.). Then in a subsequent request, it does not detect the HSTS state and makes a clear text transfer. Because it would store the info IDN encoded but look for it IDN decoded.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2022-43551"
},
{
"cve": "CVE-2022-43552",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "curl can be asked to tunnel virtually all protocols it supports through an HTTP proxy. HTTP proxies can (and often do) deny such tunnel operations using an appropriate HTTP error response code. When getting denied to tunnel the specific protocols SMB or TELNET, curl would use a heap-allocated struct after it had been freed, in its transfer shutdown code path.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2022-43552"
},
{
"cve": "CVE-2022-43680",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2022-43680"
},
{
"cve": "CVE-2022-45061",
"cwe": {
"id": "CWE-407",
"name": "Inefficient Algorithmic Complexity"
},
"notes": [
{
"category": "summary",
"text": "An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor; in such a scenario, they could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied supposed hostname. For example, the attack payload could be placed in the Location header of an HTTP response with status code 302. A fix is planned in 3.11.1, 3.10.9, 3.9.16, 3.8.16, and 3.7.16.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2022-45061"
},
{
"cve": "CVE-2022-45873",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "summary",
"text": "systemd 250 and 251 allows local users to achieve a systemd-coredump deadlock by triggering a crash that has a long backtrace. This occurs in parse_elf_object in shared/elf-util.c. The exploitation methodology is to crash a binary calling the same function recursively, and put it in a deeply nested directory to make its backtrace large enough to cause the deadlock. This must be done 16 times when MaxConnections=16 is set for the systemd/units/systemd-coredump.socket file.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2022-45873"
},
{
"cve": "CVE-2022-46908",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "summary",
"text": "SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions protection mechanism, and instead allows UDF functions such as WRITEFILE.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2022-46908"
},
{
"cve": "CVE-2022-48303",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in from_header in list.c via a V7 archive in which mtime has approximately 11 whitespace characters.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2022-48303"
},
{
"cve": "CVE-2022-48522",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based crash that can lead to remote code execution or local privilege escalation.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2022-48522"
},
{
"cve": "CVE-2022-48560",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "A use-after-free exists in Python through 3.9 via heappushpop in heapq.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2022-48560"
},
{
"cve": "CVE-2023-0215",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications. The function receives a BIO from the caller, prepends a new BIO_f_asn1 filter BIO onto the front of it to form a BIO chain, and then returns the new head of the BIO chain to the caller. Under certain conditions, for example if a CMS recipient public key is invalid, the new filter BIO is freed and the function returns a NULL result indicating a failure. However, in this case, the BIO chain is not properly cleaned up and the BIO passed by the caller still retains internal pointers to the previously freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO then a use-after-free will occur. This will most likely result in a crash. This scenario occurs directly in the internal function B64_write_ASN1() which may cause BIO_new_NDEF() to be called and will subsequently call BIO_pop() on the BIO. This internal function is in turn called by the public API functions PEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream, PEM_write_bio_PKCS7_stream, SMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7. Other public API functions that may be impacted by this include i2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream and i2d_PKCS7_bio_stream. The OpenSSL cms and smime command line applications are similarly affected.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2023-0215"
},
{
"cve": "CVE-2023-0286",
"cwe": {
"id": "CWE-843",
"name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
},
"notes": [
{
"category": "summary",
"text": "There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Disable CRL (certification revocation list) checking, if possible",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2023-0286"
},
{
"cve": "CVE-2023-0361",
"cwe": {
"id": "CWE-203",
"name": "Observable Discrepancy"
},
"notes": [
{
"category": "summary",
"text": "A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to send a large amount of specially crafted messages to the vulnerable server. By recovering the secret from the ClientKeyExchange message, the attacker would be able to decrypt the application data exchanged over that connection.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2023-0361"
},
{
"cve": "CVE-2023-0464",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"notes": [
{
"category": "summary",
"text": "A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems.\r\n\r\nPolicy processing is disabled by default but can be enabled by passing the `-policy` argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()` function.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2023-0464"
},
{
"cve": "CVE-2023-0465",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"notes": [
{
"category": "summary",
"text": "Applications that use a non-default option when verifying certificates may be\r\nvulnerable to an attack from a malicious CA to circumvent certain checks.\r\n\r\nInvalid certificate policies in leaf certificates are silently ignored by\r\nOpenSSL and other certificate policy checks are skipped for that certificate.\r\nA malicious CA could use this to deliberately assert invalid certificate policies\r\nin order to circumvent policy checking on the certificate altogether.\r\n\r\nPolicy processing is disabled by default but can be enabled by passing\r\nthe `-policy` argument to the command line utilities or by calling the\r\n`X509_VERIFY_PARAM_set1_policies()` function.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2023-0465"
},
{
"cve": "CVE-2023-0466",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"notes": [
{
"category": "summary",
"text": "The function X509_VERIFY_PARAM_add0_policy() is documented to\r\nimplicitly enable the certificate policy check when doing certificate\r\nverification. However the implementation of the function does not\r\nenable the check which allows certificates with invalid or incorrect\r\npolicies to pass the certificate verification.\r\n\r\nAs suddenly enabling the policy check could break existing deployments it was\r\ndecided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy()\r\nfunction.\r\n\r\nInstead the applications that require OpenSSL to perform certificate\r\npolicy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly\r\nenable the policy check by calling X509_VERIFY_PARAM_set_flags() with\r\nthe X509_V_FLAG_POLICY_CHECK flag argument.\r\n\r\nCertificate policy checks are disabled by default in OpenSSL and are not\r\ncommonly used by applications.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2023-0466"
},
{
"cve": "CVE-2023-0687",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"notes": [
{
"category": "summary",
"text": "A vulnerability was found in GNU C Library 2.38. It has been declared as critical. This vulnerability affects the function __monstartup of the file gmon.c of the component Call Graph Monitor. The manipulation leads to buffer overflow. It is recommended to apply a patch to fix this issue. VDB-220246 is the identifier assigned to this vulnerability. NOTE: The real existence of this vulnerability is still doubted at the moment. The inputs that induce this vulnerability are basically addresses of the running application that is built with gmon enabled. It\u0027s basically trusted input or input that needs an actual security flaw to be compromised or controlled.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2023-0687"
},
{
"cve": "CVE-2023-1077",
"cwe": {
"id": "CWE-843",
"name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, pick_next_rt_entity() may return a type confused entry, not detected by the BUG_ON condition, as the confused entry will not be NULL, but list_head.The buggy error condition would lead to a type confused entry with the list head,which would then be used as a type confused sched_rt_entity,causing memory corruption.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2023-1077"
},
{
"cve": "CVE-2023-1206",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "summary",
"text": "A hash collision flaw was found in the IPv6 connection lookup table in the Linux kernel\u2019s IPv6 functionality when a user makes a new kind of SYN flood attack. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95%.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2023-1206"
},
{
"cve": "CVE-2023-2650",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "summary",
"text": "Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary: Applications that use OBJ_obj2txt() directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience notable to very long delays when processing those messages, which may lead to a Denial of Service. An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers - most of which have no size limit. OBJ_obj2txt() may be used to translate an ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSL type ASN1_OBJECT) to its canonical numeric text form, which are the sub-identifiers of the OBJECT IDENTIFIER in decimal form, separated by periods. When one of the sub-identifiers in the OBJECT IDENTIFIER is very large (these are sizes that are seen as absurdly large, taking up tens or hundreds of KiBs), the translation to a decimal number in text may take a very long time. The time complexity is O(square(n)) with \u0027n\u0027 being the size of the sub-identifiers in bytes (*). With OpenSSL 3.0, support to fetch cryptographic algorithms using names / identifiers in string form was introduced. This includes using OBJECT IDENTIFIERs in canonical numeric text form as identifiers for fetching algorithms. Such OBJECT IDENTIFIERs may be received through the ASN.1 structure AlgorithmIdentifier, which is commonly used in multiple protocols to specify what cryptographic algorithm should be used to sign or verify, encrypt or decrypt, or digest passed data. Applications that call OBJ_obj2txt() directly with untrusted data are affected, with any version of OpenSSL. If the use is for the mere purpose of display, the severity is considered low. In OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS. It also impacts anything that processes X.509 certificates, including simple things like verifying its signature. The impact on TLS is relatively low, because all versions of OpenSSL have a 100KiB limit on the peer\u0027s certificate chain. Additionally, this only impacts clients, or servers that have explicitly enabled client authentication. In OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects, such as X.509 certificates. This is assumed to not happen in such a way that it would cause a Denial of Service, so these versions are considered not affected by this issue in such a way that it would be cause for concern, and the severity is therefore considered low.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2023-2650"
},
{
"cve": "CVE-2023-2953",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2023-2953"
},
{
"cve": "CVE-2023-3212",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "A NULL pointer dereference issue was found in the gfs2 file system in the Linux kernel. It occurs on corrupt gfs2 file systems when the evict code tries to reference the journal descriptor structure after it has been freed and set to NULL. A privileged local user could use this flaw to cause a kernel panic.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2023-3212"
},
{
"cve": "CVE-2023-3446",
"cwe": {
"id": "CWE-606",
"name": "Unchecked Input for Loop Condition"
},
"notes": [
{
"category": "summary",
"text": "Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. The function DH_check() performs various checks on DH parameters. One of those checks confirms that the modulus (\u0027p\u0027 parameter) is not too large. Trying to use a very large modulus is slow and OpenSSL will not normally use a modulus which is over 10,000 bits in length. However the DH_check() function checks numerous aspects of the key or parameters that have been supplied. Some of those checks use the supplied modulus value even if it has already been found to be too large. An application that calls DH_check() and supplies a key or parameters obtained from an untrusted source could be vulernable to a Denial of Service attack. The function DH_check() is itself called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_ex() and EVP_PKEY_param_check(). Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications when using the \u0027-check\u0027 option. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2023-3446"
},
{
"cve": "CVE-2023-3609",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "A use-after-free vulnerability in the Linux kernel\u0027s net/sched: cls_u32 component can be exploited to achieve local privilege escalation.\r\n\r\nIf tcf_change_indev() fails, u32_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2023-3609"
},
{
"cve": "CVE-2023-3611",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "An out-of-bounds write vulnerability in the Linux kernel\u0027s net/sched: sch_qfq component can be exploited to achieve local privilege escalation.\r\n\r\nThe qfq_change_agg() function in net/sched/sch_qfq.c allows an out-of-bounds write because lmax is updated according to packet sizes without bounds checks.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2023-3611"
},
{
"cve": "CVE-2023-3772",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "A flaw was found in the Linux kernel\u0027s IP framework for transforming packets (XFRM subsystem). This issue may allow a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer in xfrm_update_ae_params(), leading to a possible kernel crash and denial of service.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2023-3772"
},
{
"cve": "CVE-2023-3817",
"cwe": {
"id": "CWE-834",
"name": "Excessive Iteration"
},
"notes": [
{
"category": "summary",
"text": "Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. The function DH_check() performs various checks on DH parameters. After fixing CVE-2023-3446 it was discovered that a large q parameter value can also trigger an overly long computation during some of these checks. A correct q value, if present, cannot be larger than the modulus p parameter, thus it is unnecessary to perform these checks if q is larger than p. An application that calls DH_check() and supplies a key or parameters obtained from an untrusted source could be vulnerable to a Denial of Service attack. The function DH_check() is itself called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_ex() and EVP_PKEY_param_check(). Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications when using the \"-check\" option. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2023-3817"
},
{
"cve": "CVE-2023-4016",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "summary",
"text": "Under some circumstances, this weakness allows a user who has access to run the \u201cps\u201d utility on a machine, the ability to write almost unlimited amounts of unfiltered data into the process heap.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2023-4016"
},
{
"cve": "CVE-2023-4039",
"cwe": {
"id": "CWE-693",
"name": "Protection Mechanism Failure"
},
"notes": [
{
"category": "summary",
"text": "A failure in the -fstack-protector feature in GCC-based toolchains \nthat target AArch64 allows an attacker to exploit an existing buffer \noverflow in dynamically-sized local variables in your application \nwithout this being detected. This stack-protector failure only applies \nto C99-style dynamically-sized local variables or those created using \nalloca(). The stack-protector operates as intended for statically-sized \nlocal variables.\n\nThe default behavior when the stack-protector \ndetects an overflow is to terminate your application, resulting in \ncontrolled loss of availability. An attacker who can exploit a buffer \noverflow without triggering the stack-protector might be able to change \nprogram flow control to cause an uncontrolled loss of availability or to\n go further and affect confidentiality or integrity.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2023-4039"
},
{
"cve": "CVE-2023-4623",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "A use-after-free vulnerability in the Linux kernel\u0027s net/sched: sch_hfsc (HFSC qdisc traffic control) component can be exploited to achieve local privilege escalation.\n\nIf a class with a link-sharing curve (i.e. with the HFSC_FSC flag set) has a parent without a link-sharing curve, then init_vf() will call vttree_insert() on the parent, but vttree_remove() will be skipped in update_vf(). This leaves a dangling pointer that can cause a use-after-free.\n\nWe recommend upgrading past commit b3d26c5702c7d6c45456326e56d2ccf3f103e60f.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2023-4623"
},
{
"cve": "CVE-2023-4807",
"cwe": {
"id": "CWE-440",
"name": "Expected Behavior Violation"
},
"notes": [
{
"category": "summary",
"text": "Issue summary: The POLY1305 MAC (message authentication code) implementation contains a bug that might corrupt the internal state of applications on the Windows 64 platform when running on newer X86_64 processors supporting the AVX512-IFMA instructions. Impact summary: If in an application that uses the OpenSSL library an attacker can influence whether the POLY1305 MAC algorithm is used, the application state might be corrupted with various application dependent consequences. The POLY1305 MAC (message authentication code) implementation in OpenSSL does not save the contents of non-volatile XMM registers on Windows 64 platform when calculating the MAC of data larger than 64 bytes. Before returning to the caller all the XMM registers are set to zero rather than restoring their previous content. The vulnerable code is used only on newer x86_64 processors supporting the AVX512-IFMA instructions. The consequences of this kind of internal application state corruption can be various - from no consequences, if the calling application does not depend on the contents of non-volatile XMM registers at all, to the worst consequences, where the attacker could get complete control of the application process. However given the contents of the registers are just zeroized so the attacker cannot put arbitrary values inside, the most likely consequence, if any, would be an incorrect result of some application dependent calculations or a crash leading to a denial of service. The POLY1305 MAC algorithm is most frequently used as part of the CHACHA20-POLY1305 AEAD (authenticated encryption with associated data) algorithm. The most common usage of this AEAD cipher is with TLS protocol versions 1.2 and 1.3 and a malicious client can influence whether this AEAD cipher is used by the server. This implies that server applications using OpenSSL can be potentially impacted. However we are currently not aware of any concrete application that would be affected by this issue therefore we consider this a Low severity security issue. As a workaround the AVX512-IFMA instructions support can be disabled at runtime by setting the environment variable OPENSSL_ia32cap: OPENSSL_ia32cap=:~0x200000 The FIPS provider is not affected by this issue.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2023-4807"
},
{
"cve": "CVE-2023-4813",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "A flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2023-4813"
},
{
"cve": "CVE-2023-4921",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "A use-after-free vulnerability in the Linux kernel\u0027s net/sched: sch_qfq component can be exploited to achieve local privilege escalation.\n\nWhen the plug qdisc is used as a class of the qfq qdisc, sending network packets triggers use-after-free in qfq_dequeue() due to the incorrect .peek handler of sch_plug and lack of error checking in agg_dequeue().\n\nWe recommend upgrading past commit 8fc134fee27f2263988ae38920bc03da416b03d8.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2023-4921"
},
{
"cve": "CVE-2023-5156",
"cwe": {
"id": "CWE-401",
"name": "Missing Release of Memory after Effective Lifetime"
},
"notes": [
{
"category": "summary",
"text": "A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806 introduced the potential for a memory leak, which may result in an application crash.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2023-5156"
},
{
"cve": "CVE-2023-5678",
"cwe": {
"id": "CWE-606",
"name": "Unchecked Input for Loop Condition"
},
"notes": [
{
"category": "summary",
"text": "Issue summary: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_generate_key() to generate an X9.42 DH key may experience long delays. Likewise, applications that use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check() to check an X9.42 DH key or X9.42 DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. While DH_check() performs all the necessary checks (as of CVE-2023-3817), DH_check_pub_key() doesn\u0027t make any of these checks, and is therefore vulnerable for excessively large P and Q parameters. Likewise, while DH_generate_key() performs a check for an excessively large P, it doesn\u0027t check for an excessively large Q. An application that calls DH_generate_key() or DH_check_pub_key() and supplies a key or parameters obtained from an untrusted source could be vulnerable to a Denial of Service attack. DH_generate_key() and DH_check_pub_key() are also called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate(). Also vulnerable are the OpenSSL pkey command line application when using the \"-pubcheck\" option, as well as the OpenSSL genpkey command line application. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2023-5678"
},
{
"cve": "CVE-2023-5717",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "A heap out-of-bounds write vulnerability in the Linux kernel\u0027s Linux Kernel Performance Events (perf) component can be exploited to achieve local privilege escalation.\r\n\r\nIf perf_read_group() is called while an event\u0027s sibling_list is smaller than its child\u0027s sibling_list, it can increment or write to memory locations outside of the allocated buffer.\r\n\r\nWe recommend upgrading past commit 32671e3799ca2e4590773fd0e63aaa4229e50c06.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2023-5717"
},
{
"cve": "CVE-2023-5981",
"cwe": {
"id": "CWE-203",
"name": "Observable Discrepancy"
},
"notes": [
{
"category": "summary",
"text": "A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2023-5981"
},
{
"cve": "CVE-2023-6121",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "An out-of-bounds read vulnerability was found in the NVMe-oF/TCP subsystem in the Linux kernel. This issue may allow a remote attacker to send a crafted TCP packet, triggering a heap-based buffer overflow that results in kmalloc data being printed and potentially leaked to the kernel ring buffer (dmesg).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2023-6121"
},
{
"cve": "CVE-2023-6817",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "A use-after-free vulnerability in the Linux kernel\u0027s netfilter: nf_tables component can be exploited to achieve local privilege escalation.\n\nThe function nft_pipapo_walk did not skip inactive elements during set walk which could lead double deactivations of PIPAPO (Pile Packet Policies) elements, leading to use-after-free.\n\nWe recommend upgrading past commit 317eb9685095678f2c9f5a8189de698c5354316a.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2023-6817"
},
{
"cve": "CVE-2023-6931",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "A heap out-of-bounds write vulnerability in the Linux kernel\u0027s Performance Events system component can be exploited to achieve local privilege escalation.\n\nA perf_event\u0027s read_size can overflow, leading to an heap out-of-bounds increment or write in perf_read_group().\n\nWe recommend upgrading past commit 382c27f4ed28f803b1f1473ac2d8db0afc795a1b.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2023-6931"
},
{
"cve": "CVE-2023-6932",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "A use-after-free vulnerability in the Linux kernel\u0027s ipv4: igmp component can be exploited to achieve local privilege escalation.\n\nA race condition can be exploited to cause a timer be mistakenly registered on a RCU read locked object which is freed by another thread.\n\nWe recommend upgrading past commit e2b706c691905fe78468c361aaabc719d0a496f1.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2023-6932"
},
{
"cve": "CVE-2023-23914",
"cwe": {
"id": "CWE-319",
"name": "Cleartext Transmission of Sensitive Information"
},
"notes": [
{
"category": "summary",
"text": "A cleartext transmission of sensitive information vulnerability exists in curl \u003cv7.88.0 that could cause HSTS functionality fail when multiple URLs are requested serially. Using its HSTS support, curl can be instructed to use HTTPS instead of usingan insecure clear-text HTTP step even when HTTP is provided in the URL. ThisHSTS mechanism would however surprisingly be ignored by subsequent transferswhen done on the same command line because the state would not be properlycarried on.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2023-23914"
},
{
"cve": "CVE-2023-23915",
"cwe": {
"id": "CWE-319",
"name": "Cleartext Transmission of Sensitive Information"
},
"notes": [
{
"category": "summary",
"text": "A cleartext transmission of sensitive information vulnerability exists in curl \u003cv7.88.0 that could cause HSTS functionality to behave incorrectly when multiple URLs are requested in parallel. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP step even when HTTP is provided in the URL. This HSTS mechanism would however surprisingly fail when multiple transfers are done in parallel as the HSTS cache file gets overwritten by the most recentlycompleted transfer. A later HTTP-only transfer to the earlier host name would then *not* get upgraded properly to HSTS.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "mitigation",
"details": "For earlier versions see the recommendations from section Workarounds and Mitigations",
"product_ids": [
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2023-23915"
},
{
"cve": "CVE-2023-23916",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "summary",
"text": "An allocation of resources without limits or throttling vulnerability exists in curl \u003cv7.88.0 based on the \"chained\" HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with differentalgorithms. The number of acceptable \"links\" in this \"decompression chain\" wascapped, but the cap was implemented on a per-header basis allowing a maliciousserver to insert a virtually unlimited number of compression steps simply byusing many headers. The use of such a decompression chain could result in a \"malloc bomb\", making curl end up spending enormous amounts of allocated heap memory, or trying to and returning out of memory errors.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2023-23916"
},
{
"cve": "CVE-2023-24329",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2023-24329"
},
{
"cve": "CVE-2023-25136",
"cwe": {
"id": "CWE-415",
"name": "Double Free"
},
"notes": [
{
"category": "summary",
"text": "OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be leveraged, by an unauthenticated remote attacker in the default configuration, to jump to any location in the sshd address space. One third-party report states \"remote code execution is theoretically possible.\"",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2023-25136"
},
{
"cve": "CVE-2023-25139",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "sprintf in the GNU C Library (glibc) 2.37 has a buffer overflow (out-of-bounds write) in some situations with a correct buffer size. This is unrelated to CWE-676. It may write beyond the bounds of the destination buffer when attempting to write a padded, thousands-separated string representation of a number, if the buffer is allocated the exact size required to represent that number as a string. For example, 1,234,567 (with padding to 13) overflows by two bytes.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2023-25139"
},
{
"cve": "CVE-2023-26604",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "summary",
"text": "systemd before 247 does not adequately block local privilege escalation for some Sudo configurations, e.g., plausible sudoers files in which the \"systemctl status\" command may be executed. Specifically, systemd does not set LESSSECURE to 1, and thus other programs may be launched from the less program. This presents a substantial security risk when running systemctl from Sudo, because less executes as root when the terminal size is too small to show the complete systemctl output.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2023-26604"
},
{
"cve": "CVE-2023-27371",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "GNU libmicrohttpd before 0.9.76 allows remote DoS (Denial of Service) due to improper parsing of a multipart/form-data boundary in the postprocessor.c MHD_create_post_processor() method. This allows an attacker to remotely send a malicious HTTP POST packet that includes one or more \u0027\\0\u0027 bytes in a multipart/form-data boundary field, which - assuming a specific heap layout - will result in an out-of-bounds read and a crash in the find_boundary() function.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AC:H/AV:N/A:H/C:N/I:N/PR:N/S:U/UI:N",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2023-27371"
},
{
"cve": "CVE-2023-27533",
"cwe": {
"id": "CWE-74",
"name": "Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)"
},
"notes": [
{
"category": "summary",
"text": "A vulnerability in input validation exists in curl \u003c8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and \"telnet options\" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application\u0027s intent. This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2023-27533"
},
{
"cve": "CVE-2023-27534",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "summary",
"text": "A path traversal vulnerability exists in curl \u003c8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user\u0027s home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2023-27534"
},
{
"cve": "CVE-2023-27535",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"notes": [
{
"category": "summary",
"text": "An authentication bypass vulnerability exists in libcurl \u003c8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. Previously created connections are kept in a connection pool for reuse if they match the current setup. However, certain FTP settings such as CURLOPT_FTP_ACCOUNT, CURLOPT_FTP_ALTERNATIVE_TO_USER, CURLOPT_FTP_SSL_CCC, and CURLOPT_USE_SSL were not included in the configuration match checks, causing them to match too easily. This could lead to libcurl using the wrong credentials when performing a transfer, potentially allowing unauthorized access to sensitive information.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2023-27535"
},
{
"cve": "CVE-2023-27536",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"notes": [
{
"category": "summary",
"text": "An authentication bypass vulnerability exists libcurl \u003c8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPT_GSSAPI_DELEGATION option. This vulnerability affects krb5/kerberos/negotiate/GSSAPI transfers and could potentially result in unauthorized access to sensitive information. The safest option is to not reuse connections if the CURLOPT_GSSAPI_DELEGATION option has been changed.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2023-27536"
},
{
"cve": "CVE-2023-27537",
"cwe": {
"id": "CWE-415",
"name": "Double Free"
},
"notes": [
{
"category": "summary",
"text": "A double free vulnerability exists in libcurl \u003c8.0.0 when sharing HSTS data between separate \"handles\". This sharing was introduced without considerations for do this sharing across separate threads but there was no indication of this fact in the documentation. Due to missing mutexes or thread locks, two threads sharing the same HSTS data could end up doing a double-free or use-after-free.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2023-27537"
},
{
"cve": "CVE-2023-27538",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "libcurl would reuse a previously created connection even when an SSH related option had been changed that should have prohibited reuse. libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, two SSH settings were left out from the configuration match checks, making them match too easily.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2023-27538"
},
{
"cve": "CVE-2023-28484",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2023-28484"
},
{
"cve": "CVE-2023-29383",
"cwe": {
"id": "CWE-74",
"name": "Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn (change finger). Although it is not possible to exploit this directly (e.g., adding a new user fails because \\n is in the block list), it is possible to misrepresent the /etc/passwd file when viewed. Use of \\r manipulations and Unicode characters to work around blocking of the : character make it possible to give the impression that a new user has been added. In other words, an adversary may be able to convince a system administrator to take the system offline (an indirect, social-engineered denial of service) by demonstrating that \"cat /etc/passwd\" shows a rogue user account.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2023-29383"
},
{
"cve": "CVE-2023-29469",
"cwe": {
"id": "CWE-415",
"name": "Double Free"
},
"notes": [
{
"category": "summary",
"text": "An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to use the first byte of an empty string, and any value is possible (not solely the \u0027\\0\u0027 value).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2023-29469"
},
{
"cve": "CVE-2023-29491",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2023-29491"
},
{
"cve": "CVE-2023-29499",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "summary",
"text": "A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2023-29499"
},
{
"cve": "CVE-2023-31085",
"cwe": {
"id": "CWE-369",
"name": "Divide By Zero"
},
"notes": [
{
"category": "summary",
"text": "An issue was discovered in drivers/mtd/ubi/cdev.c in the Linux kernel 6.2. There is a divide-by-zero error in do_div(sz,mtd-\u003eerasesize), used indirectly by ctrl_cdev_ioctl, when mtd-\u003eerasesize is 0.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2023-31085"
},
{
"cve": "CVE-2023-32611",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "summary",
"text": "A flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2023-32611"
},
{
"cve": "CVE-2023-32636",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "summary",
"text": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2023-32636"
},
{
"cve": "CVE-2023-32643",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "summary",
"text": "A flaw was found in GLib. The GVariant deserialization code is vulnerable to a heap buffer overflow introduced by the fix for CVE-2023-32665. This bug does not affect any released version of GLib, but does affect GLib distributors who followed the guidance of GLib developers to backport the initial fix for CVE-2023-32665.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2023-32643"
},
{
"cve": "CVE-2023-32665",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"notes": [
{
"category": "summary",
"text": "A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "mitigation",
"details": "Limit remote access to port 22350/tcp on systems where the Codemeter runtime network server is running. Note that this is the default configuration, which therefore limits the exploitability to local attacks only.",
"product_ids": [
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2023-32665"
},
{
"cve": "CVE-2023-34319",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "The fix for XSA-423 added logic to Linux\u0027es netback driver to deal with\na frontend splitting a packet in a way such that not all of the headers\nwould come in one piece. Unfortunately the logic introduced there\ndidn\u0027t account for the extreme case of the entire packet being split\ninto as many pieces as permitted by the protocol, yet still being\nsmaller than the area that\u0027s specially dealt with to keep all (possible)\nheaders together. Such an unusual packet would therefore trigger a\nbuffer overrun in the driver.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2023-34319"
},
{
"cve": "CVE-2023-34969",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "summary",
"text": "D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15.6.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2023-34969"
},
{
"cve": "CVE-2023-35001",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2023-35001"
},
{
"cve": "CVE-2023-35945",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "summary",
"text": "Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy\u2019s HTTP/2 codec may leak a header map and bookkeeping structures upon receiving `RST_STREAM` immediately followed by the `GOAWAY` frames from an upstream server. In nghttp2, cleanup of pending requests due to receipt of the `GOAWAY` frame skips de-allocation of the bookkeeping structure and pending compressed header. The error return [code path] is taken if connection is already marked for not sending more requests due to `GOAWAY` frame. The clean-up code is right after the return statement, causing memory leak. Denial of service through memory exhaustion. This vulnerability was patched in versions(s) 1.26.3, 1.25.8, 1.24.9, 1.23.11.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2023-35945"
},
{
"cve": "CVE-2023-38408",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2023-38408"
},
{
"cve": "CVE-2023-39128",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a stack overflow via the function ada_decode at /gdb/ada-lang.c.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2023-39128"
},
{
"cve": "CVE-2023-39189",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "A flaw was found in the Netfilter subsystem in the Linux kernel. The nfnl_osf_add_callback function did not validate the user mode controlled opt_num field. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2023-39189"
},
{
"cve": "CVE-2023-39192",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "A flaw was found in the Netfilter subsystem in the Linux kernel. The xt_u32 module did not validate the fields in the xt_u32 structure. This flaw allows a local privileged attacker to trigger an out-of-bounds read by setting the size fields with a value beyond the array boundaries, leading to a crash or information disclosure.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2023-39192"
},
{
"cve": "CVE-2023-39193",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "A flaw was found in the Netfilter subsystem in the Linux kernel. The sctp_mt_check did not validate the flag_count field. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2023-39193"
},
{
"cve": "CVE-2023-39194",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "A flaw was found in the XFRM subsystem in the Linux kernel. The specific flaw exists within the processing of state filters, which can result in a read past the end of an allocated buffer. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, potentially leading to an information disclosure.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.2,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2023-39194"
},
{
"cve": "CVE-2023-39615",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "summary",
"text": "Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted XML file. NOTE: the vendor\u0027s position is that the product does not support the legacy SAX1 interface with custom callbacks; there is a crash even without crafted input.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2023-39615"
},
{
"cve": "CVE-2023-40283",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "An issue was discovered in l2cap_sock_release in net/bluetooth/l2cap_sock.c in the Linux kernel before 6.4.10. There is a use-after-free because the children of an sk are mishandled.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2023-40283"
},
{
"cve": "CVE-2023-42754",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "A NULL pointer dereference flaw was found in the Linux kernel ipv4 stack. The socket buffer (skb) was assumed to be associated with a device before calling __ip_options_compile, which is not always the case if the skb is re-routed by ipvs. This issue may allow a local user with CAP_NET_ADMIN privileges to crash the system.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2023-42754"
},
{
"cve": "CVE-2023-42755",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "A flaw was found in the IPv4 Resource Reservation Protocol (RSVP) classifier in the Linux kernel. The xprt pointer may go beyond the linear part of the skb, leading to an out-of-bounds read in the `rsvp_classify` function. This issue may allow a local user to crash the system and cause a denial of service.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2023-42755"
},
{
"cve": "CVE-2023-45322",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor\u0027s position is \"I don\u0027t think these issues are critical enough to warrant a CVE ID ... because an attacker typically can\u0027t control when memory allocations fail.\"",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2023-45322"
},
{
"cve": "CVE-2023-45853",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2023-45853"
},
{
"cve": "CVE-2023-45871",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"notes": [
{
"category": "summary",
"text": "An issue was discovered in drivers/net/ethernet/intel/igb/igb_main.c in the IGB driver in the Linux kernel before 6.5.3. A buffer size may not be adequate for frames larger than the MTU.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2023-45871"
},
{
"cve": "CVE-2023-45898",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "The Linux kernel before 6.5.4 has an es1 use-after-free in fs/ext4/extents_status.c, related to ext4_es_insert_extent.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2023-45898"
},
{
"cve": "CVE-2023-45918",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "ncurses 6.4-20230610 has a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2023-45918"
},
{
"cve": "CVE-2023-46862",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "An issue was discovered in the Linux kernel through 6.5.9. During a race with SQ thread exit, an io_uring/fdinfo.c io_uring_show_fdinfo NULL pointer dereference can occur.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2023-46862"
},
{
"cve": "CVE-2023-52425",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "summary",
"text": "libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2023-52425"
},
{
"cve": "CVE-2023-52426",
"cwe": {
"id": "CWE-776",
"name": "Improper Restriction of Recursive Entity References in DTDs (\u0027XML Entity Expansion\u0027)"
},
"notes": [
{
"category": "summary",
"text": "libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile time.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2023-52426"
},
{
"cve": "CVE-2023-52444",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid dirent corruption As Al reported in link[1]: f2fs_rename() ... if (old_dir != new_dir \u0026\u0026 !whiteout) f2fs_set_link(old_inode, old_dir_entry, old_dir_page, new_dir); else f2fs_put_page(old_dir_page, 0); You want correct inumber in the \"..\" link. And cross-directory rename does move the source to new parent, even if you\u0027d been asked to leave a whiteout in the old place. [1] https://lore.kernel.org/all/20231017055040.GN800259@ZenIV/ With below testcase, it may cause dirent corruption, due to it missed to call f2fs_set_link() to update \"..\" link to new directory. - mkdir -p dir/foo - renameat2 -w dir/foo bar [ASSERT] (__chk_dots_dentries:1421) --\u003e Bad inode number[0x4] for \u0027..\u0027, parent parent ino is [0x3] [FSCK] other corrupted bugs [Fail]",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2023-52444"
},
{
"cve": "CVE-2023-52464",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: EDAC/thunderx: Fix possible out-of-bounds string access Enabling -Wstringop-overflow globally exposes a warning for a common bug in the usage of strncat(): drivers/edac/thunderx_edac.c: In function \u0027thunderx_ocx_com_threaded_isr\u0027: drivers/edac/thunderx_edac.c:1136:17: error: \u0027strncat\u0027 specified bound 1024 equals destination size [-Werror=stringop-overflow=] 1136 | strncat(msg, other, OCX_MESSAGE_SIZE); | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ... 1145 | strncat(msg, other, OCX_MESSAGE_SIZE); ... 1150 | strncat(msg, other, OCX_MESSAGE_SIZE); ... Apparently the author of this driver expected strncat() to behave the way that strlcat() does, which uses the size of the destination buffer as its third argument rather than the length of the source buffer. The result is that there is no check on the size of the allocated buffer. Change it to strlcat(). [ bp: Trim compiler output, fixup commit message. ]",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2023-52464"
},
{
"cve": "CVE-2023-52612",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: crypto: scomp - fix req-\u003edst buffer overflow The req-\u003edst buffer size should be checked before copying from the scomp_scratch-\u003edst to avoid req-\u003edst buffer overflow problem.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.0,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2023-52612"
},
{
"cve": "CVE-2023-52622",
"cwe": {
"id": "CWE-131",
"name": "Incorrect Calculation of Buffer Size"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: ext4: avoid online resizing failures due to oversized flex bg.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2023-52622"
},
{
"cve": "CVE-2023-52675",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: powerpc/imc-pmu: Add a null pointer check in update_events_in_group() kasprintf() returns a pointer to dynamically allocated memory which can be NULL upon failure.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2023-52675"
},
{
"cve": "CVE-2023-52699",
"cwe": {
"id": "CWE-833",
"name": "Deadlock"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: sysv: don\u0027t call sb_bread() with pointers_lock held syzbot is reporting sleep in atomic context in SysV filesystem [1], for sb_bread() is called with rw_spinlock held. A \"write_lock(\u0026pointers_lock) =\u003e read_lock(\u0026pointers_lock) deadlock\" bug and a \"sb_bread() with write_lock(\u0026pointers_lock)\" bug were introduced by \"Replace BKL for chain locking with sysvfs-private rwlock\" in Linux 2.5.12. Then, \"[PATCH] err1-40: sysvfs locking fix\" in Linux 2.6.8 fixed the former bug by moving pointers_lock lock to the callers, but instead introduced a \"sb_bread() with read_lock(\u0026pointers_lock)\" bug (which made this problem easier to hit). Al Viro suggested that why not to do like get_branch()/get_block()/ find_shared() in Minix filesystem does. And doing like that is almost a revert of \"[PATCH] err1-40: sysvfs locking fix\" except that get_branch() from with find_shared() is called without write_lock(\u0026pointers_lock).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2023-52699"
},
{
"cve": "CVE-2024-0584",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "A use-after-free issue was found in igmp_start_timer in net/ipv4/igmp.c in the network sub-component in the Linux Kernel. This flaw allows a local user to observe a refcnt use-after-free issue when receiving an igmp query packet, leading to a kernel information leak.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-0584"
},
{
"cve": "CVE-2024-2004",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "When a protocol selection parameter option disables all protocols without adding any then the default set of protocols would remain in the allowed set due to an error in the logic for removing protocols. The below command would perform a request to curl.se with a plaintext protocol which has been explicitly disabled. curl --proto -all,-http http://curl.se The flaw is only present if the set of selected protocols disables the entire set of available protocols, in itself a command with no practical use and therefore unlikely to be encountered in real situations. The curl security team has thus assessed this to be low severity bug.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-2004"
},
{
"cve": "CVE-2024-2236",
"cwe": {
"id": "CWE-208",
"name": "Observable Timing Discrepancy"
},
"notes": [
{
"category": "summary",
"text": "A timing-based side-channel flaw was found in libgcrypt\u0027s RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-2236"
},
{
"cve": "CVE-2024-2379",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"notes": [
{
"category": "summary",
"text": "libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-2379"
},
{
"cve": "CVE-2024-2398",
"cwe": {
"id": "CWE-772",
"name": "Missing Release of Resource after Effective Lifetime"
},
"notes": [
{
"category": "summary",
"text": "When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowed limit (1000), libcurl aborts the server push. When aborting, libcurl inadvertently does not free all the previously allocated headers and instead leaks the memory. Further, this error condition fails silently and is therefore not easily detected by an application.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-2398"
},
{
"cve": "CVE-2024-2466",
"cwe": {
"id": "CWE-297",
"name": "Improper Validation of Certificate with Host Mismatch"
},
"notes": [
{
"category": "summary",
"text": "libcurl did not check the server certificate of TLS connections done to a host specified as an IP address, when built to use mbedTLS. libcurl would wrongly avoid using the set hostname function when the specified hostname was given as an IP address, therefore completely skipping the certificate check. This affects all uses of TLS protocols (HTTPS, FTPS, IMAPS, POPS3, SMTPS, etc).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-2466"
},
{
"cve": "CVE-2024-2511",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "summary",
"text": "Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions. An attacker may exploit certain server configurations to trigger unbounded memory growth that would lead to a Denial of Service This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is being used (but not if early_data support is also configured and the default anti-replay protection is in use). In this case, under certain conditions, the session cache can get into an incorrect state and it will fail to flush properly as it fills. The session cache will continue to grow in an unbounded manner. A malicious client could deliberately create the scenario for this failure to force a Denial of Service. It may also happen by accident in normal operation. This issue only affects TLS servers supporting TLSv1.3. It does not affect TLS clients. The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL 1.0.2 is also not affected by this issue.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-2511"
},
{
"cve": "CVE-2024-5535",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "summary",
"text": "Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an empty supported client protocols buffer may cause a crash or memory contents to be sent to the peer. Impact summary: A buffer overread can have a range of potential consequences such as unexpected application beahviour or a crash. In particular this issue could result in up to 255 bytes of arbitrary private data from memory being sent to the peer leading to a loss of confidentiality. However, only applications that directly call the SSL_select_next_proto function with a 0 length list of supported client protocols are affected by this issue. This would normally never be a valid scenario and is typically not under attacker control but may occur by accident in the case of a configuration or programming error in the calling application. The OpenSSL API function SSL_select_next_proto is typically used by TLS applications that support ALPN (Application Layer Protocol Negotiation) or NPN (Next Protocol Negotiation). NPN is older, was never standardised and is deprecated in favour of ALPN. We believe that ALPN is significantly more widely deployed than NPN. The SSL_select_next_proto function accepts a list of protocols from the server and a list of protocols from the client and returns the first protocol that appears in the server list that also appears in the client list. In the case of no overlap between the two lists it returns the first item in the client list. In either case it will signal whether an overlap between the two lists was found. In the case where SSL_select_next_proto is called with a zero length client list it fails to notice this condition and returns the memory immediately following the client list pointer (and reports that there was no overlap in the lists). This function is typically called from a server side application callback for ALPN or a client side application callback for NPN. In the case of ALPN the list of protocols supplied by the client is guaranteed by libssl to never be zero in length. The list of server protocols comes from the application and should never normally be expected to be of zero length. In this case if the SSL_select_next_proto function has been called as expected (with the list supplied by the client passed in the client/client_len parameters), then the application will not be vulnerable to this issue. If the application has accidentally been configured with a zero length server list, and has accidentally passed that zero length server list in the client/client_len parameters, and has additionally failed to correctly handle a \"no overlap\" response (which would normally result in a handshake failure in ALPN) then it will be vulnerable to this problem. In the case of NPN, the protocol permits the client to opportunistically select a protocol when there is no overlap. OpenSSL returns the first client protocol in the no overlap case in support of this. The list of client protocols comes from the application and should never normally be expected to be of zero length. However if the SSL_select_next_proto function is accidentally called with a client_len of 0 then an invalid memory pointer will be returned instead. If the application uses this output as the opportunistic protocol then the loss of confidentiality will occur. This issue has been assessed as Low severity because applications are most likely to be vulnerable if they are using NPN instead of ALPN - but NPN is not widely used. It also requires an application configuration or programming error. Finally, this issue would not typically be under attacker control making active exploitation unlikely. The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue. Due to the low severity of this issue we are not issuing new releases of OpenSSL at this time. The fix will be included in the next releases when they become available.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-5535"
},
{
"cve": "CVE-2024-5742",
"cwe": {
"id": "CWE-377",
"name": "Insecure Temporary File"
},
"notes": [
{
"category": "summary",
"text": "A vulnerability was found in GNU Nano that allows a possible privilege escalation through an insecure temporary file. If Nano is killed while editing, a file it saves to an emergency file with the permissions of the running user provides a window of opportunity for attackers to escalate privileges through a malicious symlink.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-5742"
},
{
"cve": "CVE-2024-6409",
"cwe": {
"id": "CWE-364",
"name": "Signal Handler Race Condition"
},
"notes": [
{
"category": "summary",
"text": "A race condition vulnerability was discovered in how signals are handled by OpenSSH\u0027s server (sshd). If a remote attacker does not authenticate within a set time period, then sshd\u0027s SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog(). As a consequence of a successful attack, in the worst case scenario, an attacker may be able to perform a remote code execution (RCE) as an unprivileged user running the sshd server.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-6409"
},
{
"cve": "CVE-2024-7264",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "libcurl\u0027s ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If given an syntactically incorrect field, the parser might end up using -1 for the length of the *time fraction*, leading to a `strlen()` getting performed on a pointer to a heap buffer area that is not (purposely) null terminated. This flaw most likely leads to a crash, but can also lead to heap contents getting returned to the application when [CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-7264"
},
{
"cve": "CVE-2024-8096",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"notes": [
{
"category": "summary",
"text": "When curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP stapling, to verify that the server certificate is valid, it might fail to detect some OCSP problems and instead wrongly consider the response as fine. If the returned status reports another error than \u0027revoked\u0027 (like for example \u0027unauthorized\u0027) it is not treated as a bad certficate.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-8096"
},
{
"cve": "CVE-2024-8176",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"notes": [
{
"category": "summary",
"text": "A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash. This issue could lead to denial of service (DoS) or, in some cases, exploitable memory corruption, depending on the environment and library usage.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-8176"
},
{
"cve": "CVE-2024-9143",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "Issue summary: Use of the low-level GF(2m) elliptic curve APIs with untrusted explicit values for the field polynomial can lead to out-of-bounds memory reads or writes. Impact summary: Out of bound memory writes can lead to an application crash or even a possibility of a remote code execution, however, in all the protocols involving Elliptic Curve Cryptography that we\u0027re aware of, either only \"named curves\" are supported, or, if explicit curve parameters are supported, they specify an X9.62 encoding of binary (GF(2m)) curves that can\u0027t represent problematic input values. Thus the likelihood of existence of a vulnerable application is low. In particular, the X9.62 encoding is used for ECC keys in X.509 certificates, so problematic inputs cannot occur in the context of processing X.509 certificates. Any problematic use-cases would have to be using an \"exotic\" curve encoding. The affected APIs include: EC_GROUP_new_curve_GF2m(), EC_GROUP_new_from_params(), and various supporting BN_GF2m_*() functions. Applications working with \"exotic\" explicit binary (GF(2m)) curve parameters, that make it possible to represent invalid field polynomials with a zero constant term, via the above or similar APIs, may terminate abruptly as a result of reading or writing outside of array bounds. Remote code execution cannot easily be ruled out. The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-9143"
},
{
"cve": "CVE-2024-11053",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "summary",
"text": "When asked to both use a `.netrc` file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has an entry that matches the redirect target hostname but the entry either omits just the password or omits both login and password.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-11053"
},
{
"cve": "CVE-2024-26645",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: tracing: Ensure visibility when inserting an element into tracing_map.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-26645"
},
{
"cve": "CVE-2024-26671",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: blk-mq: fix IO hang from sbitmap wakeup race.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-26671"
},
{
"cve": "CVE-2024-26679",
"cwe": {
"id": "CWE-413",
"name": "Improper Resource Locking"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\ninet: read sk-\u003esk_family once in inet_recv_error()",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-26679"
},
{
"cve": "CVE-2024-26772",
"cwe": {
"id": "CWE-413",
"name": "Improper Resource Locking"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\next4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal()\r\n\r\nPlaces the logic for checking if the group\u0027s block bitmap is corrupt under\r\nthe protection of the group lock to avoid allocating blocks from the group\r\nwith a corrupted block bitmap.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-26772"
},
{
"cve": "CVE-2024-26773",
"cwe": {
"id": "CWE-413",
"name": "Improper Resource Locking"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-26773"
},
{
"cve": "CVE-2024-26777",
"cwe": {
"id": "CWE-369",
"name": "Divide By Zero"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nfbdev: sis: Error out if pixclock equals zero",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-26777"
},
{
"cve": "CVE-2024-26805",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: netlink: Fix kernel-infoleak-after-free in skb_datagram_iter.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-26805"
},
{
"cve": "CVE-2024-26835",
"cwe": {
"id": "CWE-459",
"name": "Incomplete Cleanup"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnetfilter: nf_tables: set dormant flag on hook register failure",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-26835"
},
{
"cve": "CVE-2024-26863",
"cwe": {
"id": "CWE-908",
"name": "Use of Uninitialized Resource"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: hsr: Fix uninit-value access in hsr_get_node().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-26863"
},
{
"cve": "CVE-2024-26878",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: quota: Fix potential NULL pointer dereference.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-26878"
},
{
"cve": "CVE-2024-26880",
"cwe": {
"id": "CWE-99",
"name": "Improper Control of Resource Identifiers (\u0027Resource Injection\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: dm: call the resume method on internal suspend.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-26880"
},
{
"cve": "CVE-2024-26898",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-26898"
},
{
"cve": "CVE-2024-26901",
"cwe": {
"id": "CWE-908",
"name": "Use of Uninitialized Resource"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: do_sys_name_to_handle(): use kzalloc() to fix kernel-infoleak.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-26901"
},
{
"cve": "CVE-2024-26923",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: af_unix: Fix garbage collector racing against connect().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-26923"
},
{
"cve": "CVE-2024-26957",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: s390/zcrypt: fix reference counting on zcrypt card objects.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-26957"
},
{
"cve": "CVE-2024-26973",
"cwe": {
"id": "CWE-457",
"name": "Use of Uninitialized Variable"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: fat: fix uninitialized field in nostale filehandles When fat_encode_fh_nostale() encodes file handle without a parent it stores only first 10 bytes of the file handle. However the length of the file handle must be a multiple of 4 so the file handle is actually 12 bytes long and the last two bytes remain uninitialized. This is not great at we potentially leak uninitialized information with the handle to userspace. Properly initialize the full handle length.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-26973"
},
{
"cve": "CVE-2024-27020",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: Fix potential data-race in nft_expr_type_get().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-27020"
},
{
"cve": "CVE-2024-27032",
"cwe": {
"id": "CWE-833",
"name": "Deadlock"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid potential panic during recovery During recovery, if FAULT_BLOCK is on, it is possible that f2fs_reserve_new_block() will return -ENOSPC during recovery, then it may trigger panic. Also, if fault injection rate is 1 and only FAULT_BLOCK fault type is on, it may encounter deadloop in loop of block reservation. Let\u0027s change as below to fix these issues: - remove bug_on() to avoid panic. - limit the loop count of block reservation to avoid potential deadloop.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-27032"
},
{
"cve": "CVE-2024-27065",
"cwe": {
"id": "CWE-1287",
"name": "Improper Validation of Specified Type of Input"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: do not compare internal table flags on updates Restore skipping transaction if table update does not modify flags.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-27065"
},
{
"cve": "CVE-2024-27074",
"cwe": {
"id": "CWE-772",
"name": "Missing Release of Resource after Effective Lifetime"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: media: go7007: fix a memleak in go7007_load_encoder.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-27074"
},
{
"cve": "CVE-2024-28182",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "summary",
"text": "nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbounded number of HTTP/2 CONTINUATION frames even after a stream is reset to keep HPACK context in sync. This causes excessive CPU usage to decode HPACK stream. nghttp2 v1.61.0 mitigates this vulnerability by limiting the number of CONTINUATION frames it accepts per stream. There is no workaround for this vulnerability.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-28182"
},
{
"cve": "CVE-2024-28757",
"cwe": {
"id": "CWE-776",
"name": "Improper Restriction of Recursive Entity References in DTDs (\u0027XML Entity Expansion\u0027)"
},
"notes": [
{
"category": "summary",
"text": "libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-28757"
},
{
"cve": "CVE-2024-28834",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "summary",
"text": "A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-28834"
},
{
"cve": "CVE-2024-28835",
"cwe": {
"id": "CWE-248",
"name": "Uncaught Exception"
},
"notes": [
{
"category": "summary",
"text": "A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the \"certtool --verify-chain\" command.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-28835"
},
{
"cve": "CVE-2024-33621",
"cwe": {
"id": "CWE-1287",
"name": "Improper Validation of Specified Type of Input"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: ipvlan: Dont Use skb-\u003esk in ipvlan_process_v4 / 6_outbound.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-33621"
},
{
"cve": "CVE-2024-34459",
"cwe": {
"id": "CWE-126",
"name": "Buffer Over-read"
},
"notes": [
{
"category": "summary",
"text": "An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-34459"
},
{
"cve": "CVE-2024-35807",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: ext4: fix corruption during on-line resize.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-35807"
},
{
"cve": "CVE-2024-35809",
"cwe": {
"id": "CWE-1287",
"name": "Improper Validation of Specified Type of Input"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: PCI/PM: Drain runtime-idle callbacks before driver removal.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-35809"
},
{
"cve": "CVE-2024-35830",
"cwe": {
"id": "CWE-665",
"name": "Improper Initialization"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: media: tc358743: register v4l2 async device only after successful setup Ensure the device has been setup correctly before registering the v4l2 async device, thus allowing userspace to access.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-35830"
},
{
"cve": "CVE-2024-35888",
"cwe": {
"id": "CWE-457",
"name": "Use of Uninitialized Variable"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: erspan: make sure erspan_base_hdr is present in skb-\u003ehead.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-35888"
},
{
"cve": "CVE-2024-35910",
"cwe": {
"id": "CWE-665",
"name": "Improper Initialization"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: tcp: properly terminate timers for kernel sockets We had various syzbot reports about tcp timers firing after the corresponding netns has been dismantled. Fortunately Josef Bacik could trigger the issue more often, and could test a patch I wrote two years ago. When TCP sockets are closed, we call inet_csk_clear_xmit_timers() to \u0027stop\u0027 the timers. inet_csk_clear_xmit_timers() can be called from any context, including when socket lock is held. This is the reason it uses sk_stop_timer(), aka del_timer(). This means that ongoing timers might finish much later. For user sockets, this is fine because each running timer holds a reference on the socket, and the user socket holds a reference on the netns. For kernel sockets, we risk that the netns is freed before timer can complete, because kernel sockets do not hold reference on the netns. This patch adds inet_csk_clear_xmit_timers_sync() function that using sk_stop_timer_sync() to make sure all timers are terminated before the kernel socket is released. Modules using kernel sockets close them in their netns exit() handler. Also add sock_not_owned_by_me() helper to get LOCKDEP support : inet_csk_clear_xmit_timers_sync() must not be called while socket lock is held. It is very possible we can revert in the future commit 3a58f13a881e (\"net: rds: acquire refcount on TCP sockets\") which attempted to solve the issue in rds only. (net/smc/af_smc.c and net/mptcp/subflow.c have similar code) We probably can remove the check_net() tests from tcp_out_of_resources() and __tcp_close() in the future.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-35910"
},
{
"cve": "CVE-2024-35925",
"cwe": {
"id": "CWE-369",
"name": "Divide By Zero"
},
"notes": [
{
"category": "summary",
"text": "block: prevent division by zero in blk_rq_stat_sum()",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-35925"
},
{
"cve": "CVE-2024-35944",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host()",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-35944"
},
{
"cve": "CVE-2024-36017",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation Each attribute inside a nested IFLA_VF_VLAN_LIST is assumed to be a struct ifla_vf_vlan_info so the size of such attribute needs to be at least of sizeof(struct ifla_vf_vlan_info) which is 14 bytes. The current size validation in do_setvfinfo is against NLA_HDRLEN (4 bytes) which is less than sizeof(struct ifla_vf_vlan_info) so this validation is not enough and a too small attribute might be cast to a struct ifla_vf_vlan_info, this might result in an out of bands read access when accessing the saved (casted) entry in ivvl.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-36017"
},
{
"cve": "CVE-2024-36286",
"cwe": {
"id": "CWE-1287",
"name": "Improper Validation of Specified Type of Input"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-36286"
},
{
"cve": "CVE-2024-36484",
"cwe": {
"id": "CWE-99",
"name": "Improper Control of Resource Identifiers (\u0027Resource Injection\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: net: relax socket state check at accept time.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-36484"
},
{
"cve": "CVE-2024-36904",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-36904"
},
{
"cve": "CVE-2024-36905",
"cwe": {
"id": "CWE-369",
"name": "Divide By Zero"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-36905"
},
{
"cve": "CVE-2024-36934",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: bna: ensure the copied buf is NUL terminated Currently, we allocate a nbytes-sized kernel buffer and copy nbytes from userspace to that buffer. Later, we use sscanf on this buffer but we don\u0027t ensure that the string is terminated inside the buffer, this can lead to OOB read when using sscanf. Fix this issue by using memdup_user_nul instead of memdup_user.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-36934"
},
{
"cve": "CVE-2024-37356",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: tcp: Fix shift-out-of-bounds in dctcp_update_alpha().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-37356"
},
{
"cve": "CVE-2024-38596",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-38596"
},
{
"cve": "CVE-2024-38598",
"cwe": {
"id": "CWE-667",
"name": "Improper Locking"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: md: fix resync softlockup when bitmap size is less than array size.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-38598"
},
{
"cve": "CVE-2024-38612",
"cwe": {
"id": "CWE-459",
"name": "Incomplete Cleanup"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: fix invalid unregister error path The error path of seg6_init() is wrong in case CONFIG_IPV6_SEG6_LWTUNNEL is not defined. In that case if seg6_hmac_init() fails, the genl_unregister_family() isn\u0027t called. This issue exist since commit 46738b1317e1 (\"ipv6: sr: add option to control lwtunnel support\"), and commit 5559cea2d5aa (\"ipv6: sr: fix possible use-after-free and null-ptr-deref\") replaced unregister_pernet_subsys() with genl_unregister_family() in this error path.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-38612"
},
{
"cve": "CVE-2024-38621",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: media: stk1160: fix bounds checking in stk1160_copy_video() The subtract in this condition is reversed. The -\u003elength is the length of the buffer. The -\u003ebytesused is how many bytes we have copied thus far. When the condition is reversed that means the result of the subtraction is always negative but since it\u0027s unsigned then the result is a very high positive value. That means the overflow check is never true. Additionally, the -\u003ebytesused doesn\u0027t actually work for this purpose because we\u0027re not writing to \"buf-\u003emem + buf-\u003ebytesused\". Instead, the math to calculate the destination where we are writing is a bit involved. You calculate the number of full lines already written, multiply by two, skip a line if necessary so that we start on an odd numbered line, and add the offset into the line. To fix this buffer overflow, just take the actual destination where we are writing, if the offset is already out of bounds print an error and return. Otherwise, write up to buf-\u003elength bytes.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-38621"
},
{
"cve": "CVE-2024-38780",
"cwe": {
"id": "CWE-667",
"name": "Improper Locking"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: dma-buf/sw-sync: don\u0027t enable IRQ from sync_print_obj().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-38780"
},
{
"cve": "CVE-2024-39292",
"cwe": {
"id": "CWE-415",
"name": "Double Free"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: um: Add winch to winch_handlers before registering winch IRQ Registering a winch IRQ is racy, an interrupt may occur before the winch is added to the winch_handlers list. If that happens, register_winch_irq() adds to that list a winch that is scheduled to be (or has already been) freed, causing a panic later in winch_cleanup(). Avoid the race by adding the winch to the winch_handlers list before registering the IRQ, and rolling back if um_request_irq() fails.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-39292"
},
{
"cve": "CVE-2024-39469",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix nilfs_empty_dir() misjudgment and long loop on I/O errors The error handling in nilfs_empty_dir() when a directory folio/page read fails is incorrect, as in the old ext2 implementation, and if the folio/page cannot be read or nilfs_check_folio() fails, it will falsely determine the directory as empty and corrupt the file system. In addition, since nilfs_empty_dir() does not immediately return on a failed folio/page read, but continues to loop, this can cause a long loop with I/O if i_size of the directory\u0027s inode is also corrupted, causing the log writer thread to wait and hang, as reported by syzbot. Fix these issues by making nilfs_empty_dir() immediately return a false value (0) if it fails to get a directory folio/page.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-39469"
},
{
"cve": "CVE-2024-39487",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-39487"
},
{
"cve": "CVE-2024-39489",
"cwe": {
"id": "CWE-401",
"name": "Missing Release of Memory after Effective Lifetime"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: fix memleak in seg6_hmac_init_algo seg6_hmac_init_algo returns without cleaning up the previous allocations if one fails, so it\u0027s going to leak all that memory and the crypto tfms. Update seg6_hmac_exit to only free the memory when allocated, so we can reuse the code directly.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-39489"
},
{
"cve": "CVE-2024-40901",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated memory.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-40901"
},
{
"cve": "CVE-2024-40959",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-40959"
},
{
"cve": "CVE-2024-41046",
"cwe": {
"id": "CWE-415",
"name": "Double Free"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: net: ethernet: lantiq_etop: fix double free in detach The number of the currently released descriptor is never incremented which results in the same skb being released multiple times.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-41046"
},
{
"cve": "CVE-2024-42070",
"cwe": {
"id": "CWE-401",
"name": "Missing Release of Memory after Effective Lifetime"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers register store validation for NFT_DATA_VALUE is conditional, however, the datatype is always either NFT_DATA_VALUE or NFT_DATA_VERDICT. This only requires a new helper function to infer the register type from the set datatype so this conditional check can be removed. Otherwise, pointer to chain object can be leaked through the registers.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-42070"
},
{
"cve": "CVE-2024-42096",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: x86: stop playing stack games in profile_pc().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-42096"
},
{
"cve": "CVE-2024-42106",
"cwe": {
"id": "CWE-908",
"name": "Use of Uninitialized Resource"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: inet_diag: Initialize pad field in struct inet_diag_req_v2.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-42106"
},
{
"cve": "CVE-2024-42131",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: mm: avoid overflows in dirty throttling logic The dirty throttling logic is interspersed with assumptions that dirty limits in PAGE_SIZE units fit into 32-bit (so that various multiplications fit into 64-bits). If limits end up being larger, we will hit overflows, possible divisions by 0 etc. Fix these problems by never allowing so large dirty limits as they have dubious practical value anyway. For dirty_bytes / dirty_background_bytes interfaces we can just refuse to set so large limits. For dirty_ratio / dirty_background_ratio it isn\u0027t so simple as the dirty limit is computed from the amount of available memory which can change due to memory hotplug etc. So when converting dirty limits from ratios to numbers of pages, we just don\u0027t allow the result to exceed UINT_MAX. This is root-only triggerable problem which occurs when the operator sets dirty limits to \u003e16 TB.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-42131"
},
{
"cve": "CVE-2024-42154",
"cwe": {
"id": "CWE-805",
"name": "Buffer Access with Incorrect Length Value"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: tcp_metrics: validate source addr length I don\u0027t see anything checking that TCP_METRICS_ATTR_SADDR_IPV4 is at least 4 bytes long, and the policy doesn\u0027t have an entry for this attribute at all (neither does it for IPv6 but v6 is manually validated).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-42154"
},
{
"cve": "CVE-2024-43871",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: devres: Fix memory leakage caused by driver API devm_free_percpu() It will cause memory leakage when use driver API devm_free_percpu() to free memory allocated by devm_alloc_percpu(), fixed by using devres_release() instead of devres_destroy() within devm_free_percpu().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-43871"
},
{
"cve": "CVE-2024-44944",
"cwe": {
"id": "CWE-401",
"name": "Missing Release of Memory after Effective Lifetime"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: netfilter: ctnetlink: use helper function to calculate expect ID Delete expectation path is missing a call to the nf_expect_get_id() helper function to calculate the expectation ID, otherwise LSB of the expectation object address is leaked to userspace.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-44944"
},
{
"cve": "CVE-2024-44965",
"cwe": {
"id": "CWE-229",
"name": "Improper Handling of Values"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: x86/mm: Fix pti_clone_pgtable() alignment assumption Guenter reported dodgy crashes on an i386-nosmp build using GCC-11 that had the form of endless traps until entry stack exhaust and then #DF from the stack guard. It turned out that pti_clone_pgtable() had alignment assumptions on the start address, notably it hard assumes start is PMD aligned. This is true on x86_64, but very much not true on i386. These assumptions can cause the end condition to malfunction, leading to a \u0027short\u0027 clone. Guess what happens when the user mapping has a short copy of the entry text? Use the correct increment form for addr to avoid alignment assumptions.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-44965"
},
{
"cve": "CVE-2024-46743",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: of/irq: Prevent device address out-of-bounds read in interrupt map walk.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-46743"
},
{
"cve": "CVE-2024-46745",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: Input: uinput - reject requests with unreasonable number of slots When exercising uinput interface syzkaller may try setting up device with a really large number of slots, which causes memory allocation failure in input_mt_init_slots(). While this allocation failure is handled properly and request is rejected, it results in syzkaller reports. Additionally, such request may put undue burden on the system which will try to free a lot of memory for a bogus request. Fix it by limiting allowed number of slots to 100. This can easily be extended if we see devices that can track more than 100 contacts.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-46745"
},
{
"cve": "CVE-2024-46750",
"cwe": {
"id": "CWE-413",
"name": "Improper Resource Locking"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: PCI: Add missing bridge lock to pci_bus_lock().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-46750"
},
{
"cve": "CVE-2024-47684",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\ntcp: check skb is non-NULL in tcp_rto_delta_us()\r\n\r\nWe have some machines running stock Ubuntu 20.04.6 which is their 5.4.0-174-generic\r\nkernel that are running ceph and recently hit a null ptr dereference in\r\ntcp_rearm_rto(). Initially hitting it from the TLP path, but then later we also\r\nsaw it getting hit from the RACK case as well. Here are examples of the oops\r\nmessages we saw in each of those cases:\r\n\r\nJul 26 15:05:02 rx [11061395.780353] BUG: kernel NULL pointer dereference, address: 0000000000000020\r\nJul 26 15:05:02 rx [11061395.787572] #PF: supervisor read access in kernel mode\r\nJul 26 15:05:02 rx [11061395.792971] #PF: error_code(0x0000) - not-present page\r\nJul 26 15:05:02 rx [11061395.798362] PGD 0 P4D 0\r\nJul 26 15:05:02 rx [11061395.801164] Oops: 0000 [#1] SMP NOPTI\r\nJul 26 15:05:02 rx [11061395.805091] CPU: 0 PID: 9180 Comm: msgr-worker-1 Tainted: G W 5.4.0-174-generic #193-Ubuntu\r\nJul 26 15:05:02 rx [11061395.814996] Hardware name: Supermicro SMC 2x26 os-gen8 64C NVME-Y 256G/H12SSW-NTR, BIOS 2.5.V1.2U.NVMe.UEFI 05/09/2023\r\nJul 26 15:05:02 rx [11061395.825952] RIP: 0010:tcp_rearm_rto+0xe4/0x160\r\nJul 26 15:05:02 rx [11061395.830656] Code: 87 ca 04 00 00 00 5b 41 5c 41 5d 5d c3 c3 49 8b bc 24 40 06 00 00 eb 8d 48 bb cf f7 53 e3 a5 9b c4 20 4c 89 ef e8 0c fe 0e 00 \u003c48\u003e 8b 78 20 48 c1 ef 03 48 89 f8 41 8b bc 24 80 04 00 00 48 f7 e3\r\nJul 26 15:05:02 rx [11061395.849665] RSP: 0018:ffffb75d40003e08 EFLAGS: 00010246\r\nJul 26 15:05:02 rx [11061395.855149] RAX: 0000000000000000 RBX: 20c49ba5e353f7cf RCX: 0000000000000000\r\nJul 26 15:05:02 rx [11061395.862542] RDX: 0000000062177c30 RSI: 000000000000231c RDI: ffff9874ad283a60\r\nJul 26 15:05:02 rx [11061395.869933] RBP: ffffb75d40003e20 R08: 0000000000000000 R09: ffff987605e20aa8\r\nJul 26 15:05:02 rx [11061395.877318] R10: ffffb75d40003f00 R11: ffffb75d4460f740 R12: ffff9874ad283900\r\nJul 26 15:05:02 rx [11061395.884710] R13: ffff9874ad283a60 R14: ffff9874ad283980 R15: ffff9874ad283d30\r\nJul 26 15:05:02 rx [11061395.892095] FS: 00007f1ef4a2e700(0000) GS:ffff987605e00000(0000) knlGS:0000000000000000\r\nJul 26 15:05:02 rx [11061395.900438] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\r\nJul 26 15:05:02 rx [11061395.906435] CR2: 0000000000000020 CR3: 0000003e450ba003 CR4: 0000000000760ef0\r\nJul 26 15:05:02 rx [11061395.913822] PKRU: 55555554\r\nJul 26 15:05:02 rx [11061395.916786] Call Trace:\r\nJul 26 15:05:02 rx [11061395.919488]\r\nJul 26 15:05:02 rx [11061395.921765] ? show_regs.cold+0x1a/0x1f\r\nJul 26 15:05:02 rx [11061395.925859] ? __die+0x90/0xd9\r\nJul 26 15:05:02 rx [11061395.929169] ? no_context+0x196/0x380\r\nJul 26 15:05:02 rx [11061395.933088] ? ip6_protocol_deliver_rcu+0x4e0/0x4e0\r\nJul 26 15:05:02 rx [11061395.938216] ? ip6_sublist_rcv_finish+0x3d/0x50\r\nJul 26 15:05:02 rx [11061395.943000] ? __bad_area_nosemaphore+0x50/0x1a0\r\nJul 26 15:05:02 rx [11061395.947873] ? bad_area_nosemaphore+0x16/0x20\r\nJul 26 15:05:02 rx [11061395.952486] ? do_user_addr_fault+0x267/0x450\r\nJul 26 15:05:02 rx [11061395.957104] ? ipv6_list_rcv+0x112/0x140\r\nJul 26 15:05:02 rx [11061395.961279] ? __do_page_fault+0x58/0x90\r\nJul 26 15:05:02 rx [11061395.965458] ? do_page_fault+0x2c/0xe0\r\nJul 26 15:05:02 rx [11061395.969465] ? page_fault+0x34/0x40\r\nJul 26 15:05:02 rx [11061395.973217] ? tcp_rearm_rto+0xe4/0x160\r\nJul 26 15:05:02 rx [11061395.977313] ? tcp_rearm_rto+0xe4/0x160\r\nJul 26 15:05:02 rx [11061395.981408] tcp_send_loss_probe+0x10b/0x220\r\nJul 26 15:05:02 rx [11061395.985937] tcp_write_timer_handler+0x1b4/0x240\r\nJul 26 15:05:02 rx [11061395.990809] tcp_write_timer+0x9e/0xe0\r\nJul 26 15:05:02 rx [11061395.994814] ? tcp_write_timer_handler+0x240/0x240\r\nJul 26 15:05:02 rx [11061395.999866] call_timer_fn+0x32/0x130\r\nJul 26 15:05:02 rx [11061396.003782] __run_timers.part.0+0x180/0x280\r\nJul 26 15:05:02 rx [11061396.008309] ? recalibrate_cpu_khz+0x10/0x10\r\nJul 26 15:05:02 rx [11061396.012841] ? native_x2apic_icr_write+0x30/0x30\r\nJul 26 15:05:02 rx [11061396.017718] ? lapic_next_even\r\n---truncated---",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-47684"
},
{
"cve": "CVE-2024-47701",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: ext4: avoid OOB when system.data xattr changes underneath the filesystem.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-47701"
},
{
"cve": "CVE-2024-47707",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "ipv6: A NULL dereference vulnerability may occur in rt6_uncached_list_flush_dev() due to the necessary check being removed by a previous commit.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-47707"
},
{
"cve": "CVE-2024-47737",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: nfsd: call cache_put if xdr_reserve_space returns NULL.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-47737"
},
{
"cve": "CVE-2024-48881",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "bcache: revert replacing IS_ERR_OR_NULL with IS_ERR again.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-48881"
},
{
"cve": "CVE-2024-49881",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: ext4: update orig_path in ext4_find_extent().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-49881"
},
{
"cve": "CVE-2024-49884",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: ext4: fix slab-use-after-free in ext4_split_extent_at().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-49884"
},
{
"cve": "CVE-2024-49948",
"cwe": {
"id": "CWE-124",
"name": "Buffer Underwrite (\u0027Buffer Underflow\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: net: add more sanity checks to qdisc_pkt_len_init().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-49948"
},
{
"cve": "CVE-2024-49949",
"cwe": {
"id": "CWE-124",
"name": "Buffer Underwrite (\u0027Buffer Underflow\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: net: avoid potential underflow in qdisc_pkt_len_init() with UFO.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-49949"
},
{
"cve": "CVE-2024-49952",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: prevent nf_skb_duplicated corruption.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-49952"
},
{
"cve": "CVE-2024-49982",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: aoe: fix the potential use-after-free problem in more places For fixing CVE-2023-6270, f98364e92662 (\"aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts\") makes tx() calling dev_put() instead of doing in aoecmd_cfg_pkts(). It avoids that the tx() runs into use-after-free. Then Nicolai Stange found more places in aoe have potential use-after-free problem with tx(). e.g. revalidate(), aoecmd_ata_rw(), resend(), probe() and aoecmd_cfg_rsp(). Those functions also use aoenet_xmit() to push packet to tx queue. So they should also use dev_hold() to increase the refcnt of skb-\u003edev. On the other hand, moving dev_put() to tx() causes that the refcnt of skb-\u003edev be reduced to a negative value, because corresponding dev_hold() are not called in revalidate(), aoecmd_ata_rw(), resend(), probe(), and aoecmd_cfg_rsp(). This patch fixed this issue.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-49982"
},
{
"cve": "CVE-2024-49997",
"cwe": {
"id": "CWE-226",
"name": "Sensitive Information in Resource Not Removed Before Reuse"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: net: ethernet: lantiq_etop: fix memory disclosure When applying padding, the buffer is not zeroed, which results in memory disclosure. The mentioned data is observed on the wire. This patch uses skb_put_padto() to pad Ethernet frames properly. The mentioned function zeroes the expanded buffer. In case the packet cannot be padded it is silently dropped. Statistics are also not incremented. This driver does not support statistics in the old 32-bit format or the new 64-bit format. These will be added in the future. In its current form, the patch should be easily backported to stable versions. Ethernet MACs on Amazon-SE and Danube cannot do padding of the packets in hardware, so software padding must be applied.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-49997"
},
{
"cve": "CVE-2024-50006",
"cwe": {
"id": "CWE-833",
"name": "Deadlock"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: ext4: fix i_data_sem unlock order in ext4_ind_migrate().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-50006"
},
{
"cve": "CVE-2024-50040",
"cwe": {
"id": "CWE-390",
"name": "Detection of Error Condition Without Action"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: igb: Do not bring the device up after non-fatal error.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-50040"
},
{
"cve": "CVE-2024-50045",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: netfilter: br_netfilter: fix panic with metadata_dst skb.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-50045"
},
{
"cve": "CVE-2024-50251",
"cwe": {
"id": "CWE-131",
"name": "Incorrect Calculation of Buffer Size"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_payload: sanitize offset and length before calling skb_checksum() If access to offset + length is larger than the skbuff length, then skb_checksum() triggers BUG_ON(). skb_checksum() internally subtracts the length parameter while iterating over skbuff, BUG_ON(len) at the end of it checks that the expected length to be included in the checksum calculation is fully consumed.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-50251"
},
{
"cve": "CVE-2024-50262",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: bpf: Fix out-of-bounds write in trie_get_next_key().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-50262"
},
{
"cve": "CVE-2024-50299",
"cwe": {
"id": "CWE-131",
"name": "Incorrect Calculation of Buffer Size"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: sctp: properly validate chunk size in sctp_sf_ootb()",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-50299"
},
{
"cve": "CVE-2024-50301",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: security/keys: fix slab-out-of-bounds in key_task_permission.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-50301"
},
{
"cve": "CVE-2024-50602",
"cwe": {
"id": "CWE-754",
"name": "Improper Check for Unusual or Exceptional Conditions"
},
"notes": [
{
"category": "summary",
"text": "An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-50602"
},
{
"cve": "CVE-2024-52332",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "summary",
"text": "igb: Fix potential invalid memory access in igb_init_module() The pci_register_driver() can fail and when this happened, the dca_notifier needs to be unregistered, otherwise the dca_notifier can be called when igb fails to install, resulting to invalid memory access.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-52332"
},
{
"cve": "CVE-2024-52533",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing \u0027\\\\0\u0027 character.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-52533"
},
{
"cve": "CVE-2024-53057",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-53057"
},
{
"cve": "CVE-2024-53124",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "summary",
"text": "net: fix data-races around sk sk_forward_alloc.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-53124"
},
{
"cve": "CVE-2024-53140",
"cwe": {
"id": "CWE-755",
"name": "Improper Handling of Exceptional Conditions"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: netlink: terminate outstanding dump on socket close Netlink supports iterative dumping of data. It provides the families the following ops: - start - (optional) kicks off the dumping process - dump - actual dump helper, keeps getting called until it returns 0 - done - (optional) pairs with .start, can be used for cleanup The whole process is asynchronous and the repeated calls to .dump don\u0027t actually happen in a tight loop, but rather are triggered in response to recvmsg() on the socket. This gives the user full control over the dump, but also means that the user can close the socket without getting to the end of the dump. To make sure .start is always paired with .done we check if there is an ongoing dump before freeing the socket, and if so call .done. The complication is that sockets can get freed from BH and .done is allowed to sleep. So we use a workqueue to defer the call, when needed. Unfortunately this does not work correctly. What we defer is not the cleanup but rather releasing a reference on the socket. We have no guarantee that we own the last reference, if someone else holds the socket they may release it in BH and we\u0027re back to square one. The whole dance, however, appears to be unnecessary. Only the user can interact with dumps, so we can clean up when socket is closed. And close always happens in process context. Some async code may still access the socket after close, queue notification skbs to it etc. but no dumps can start, end or otherwise make progress. Delete the workqueue and flush the dump state directly from the release handler. Note that further cleanup is possible in -next, for instance we now always call .done before releasing the main module reference, so dump doesn\u0027t have to take a reference of its own.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-53140"
},
{
"cve": "CVE-2024-53164",
"cwe": {
"id": "CWE-459",
"name": "Incomplete Cleanup"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: net: sched: fix ordering of qlen adjustment Changes to sch-\u003eq.qlen around qdisc_tree_reduce_backlog() need to happen _before_ a call to said function because otherwise it may fail to notify parent qdiscs when the child is about to become empty.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-53164"
},
{
"cve": "CVE-2024-53165",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: sh: intc: Fix use-after-free bug in register_intc_controller() In the error handling for this function, d is freed without ever removing it from intc_list which would lead to a use after free. To fix this, let\u0027s only add it to the list after everything has succeeded.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-53165"
},
{
"cve": "CVE-2024-53217",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: NFSD: Prevent NULL dereference in nfsd4_process_cb_update().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-53217"
},
{
"cve": "CVE-2024-56433",
"cwe": {
"id": "CWE-1188",
"name": "Initialization of a Resource with an Insecure Default"
},
"notes": [
{
"category": "summary",
"text": "shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.6,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-56433"
},
{
"cve": "CVE-2024-56569",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "ftrace: Fix regression with module command in stack_trace_filter When executing the following command: # echo \"write*:mod:ext3\" \u003e /sys/kernel/tracing/stack_trace_filter The current mod command causes a null pointer dereference. While commit 0f17976568b3f (\"ftrace: Fix regression with module command in stack_trace_filter\") has addressed part of the issue, it left a corner case unhandled, which still results in a kernel crash.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-56569"
},
{
"cve": "CVE-2024-56570",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: ovl: Filter invalid inodes with missing lookup function Add a check to the ovl_dentry_weird() function to prevent the processing of directory inodes that lack the lookup function.This is important because such inodes can cause errors in overlayfs when passed to the lowerstack.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-56570"
},
{
"cve": "CVE-2024-56600",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "net: inet6: do not leave a dangling sk pointer in inet6_create() sock_init_data() attaches the allocated sk pointer to the provided sock object. If inet6_create() fails later, the sk object is released, but the sock object retains the dangling sk pointer, which may cause use-after-free later. Clear the sock sk pointer on error.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-56600"
},
{
"cve": "CVE-2024-56601",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: net: inet: do not leave a dangling sk pointer in inet_create() sock_init_data() attaches the allocated sk object to the provided sock object. If inet_create() fails later, the sk object is freed, but the sock object retains the dangling pointer, which may create use-after-free later. Clear the sk pointer in the sock object on error.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-56601"
},
{
"cve": "CVE-2024-56606",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "af_packet: avoid erroring out after sock_init_data() in packet_create() After sock_init_data() the allocated sk object is attached to the provided sock object. On error, packet_create() frees the sk object leaving the dangling pointer in the sock object on return. Some other code may try to use this pointer and cause use-after-free.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-56606"
},
{
"cve": "CVE-2024-56644",
"cwe": {
"id": "CWE-401",
"name": "Missing Release of Memory after Effective Lifetime"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: net/ipv6: release expired exception dst cached in socket Dst objects get leaked in ip6_negative_advice() when this function is executed for an expired IPv6 route located in the exception table.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-56644"
},
{
"cve": "CVE-2024-56650",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: netfilter: x_tables: fix LED ID check in led_tg_check() Syzbot has reported the following BUG detected by KASAN",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-56650"
},
{
"cve": "CVE-2024-56770",
"cwe": {
"id": "CWE-670",
"name": "Always-Incorrect Control Flow Implementation"
},
"notes": [
{
"category": "summary",
"text": "net/sched: netem: The interface fully stops transferring packets and \"locks\". In this case, the child qdisc and tfifo are empty, but \u0027qlen\u0027 indicates the tfifo is at its limit and no more packets are accepted.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-56770"
},
{
"cve": "CVE-2024-56779",
"cwe": {
"id": "CWE-401",
"name": "Missing Release of Memory after Effective Lifetime"
},
"notes": [
{
"category": "summary",
"text": "nfsd: fix nfs4_openowner leak when concurrent nfsd4_open occur\r\n\r\nThe action force umount(umount -f) will attempt to kill all rpc_task even\r\numount operation may ultimately fail if some files remain open.\r\nConsequently, if an action attempts to open a file, it can potentially\r\nsend two rpc_task to nfs server.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-56779"
},
{
"cve": "CVE-2024-56780",
"cwe": {
"id": "CWE-833",
"name": "Deadlock"
},
"notes": [
{
"category": "summary",
"text": "quota: flush quota_release_work upon quota writeback One of the paths quota writeback is called from is: freeze_super() sync_filesystem() ext4_sync_fs() dquot_writeback_dquots().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-56780"
},
{
"cve": "CVE-2024-57884",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"notes": [
{
"category": "summary",
"text": "mm: vmscan: account for free pages to prevent infinite Loop in throttle_direct_reclaim()\r\n\r\nThe task sometimes continues looping in throttle_direct_reclaim() because\r\nallow_direct_reclaim(pgdat) keeps returning false.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-57884"
},
{
"cve": "CVE-2024-57901",
"cwe": {
"id": "CWE-664",
"name": "Improper Control of a Resource Through its Lifetime"
},
"notes": [
{
"category": "summary",
"text": "af_packet: vlan_get_protocol_dgram() vs MSG_PEEK Blamed allowing a crash.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2024-57901"
},
{
"cve": "CVE-2025-0167",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "summary",
"text": "When asked to use a .netrc file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has a default entry that omits both login and password. A rare circumstance.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2025-0167"
},
{
"cve": "CVE-2025-0395",
"cwe": {
"id": "CWE-131",
"name": "Incorrect Calculation of Buffer Size"
},
"notes": [
{
"category": "summary",
"text": "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2025-0395"
},
{
"cve": "CVE-2025-0665",
"cwe": {
"id": "CWE-1341",
"name": "Multiple Releases of Same Resource or Handle"
},
"notes": [
{
"category": "summary",
"text": "libcurl would wrongly close the same eventfd file descriptor twice when taking down a connection channel after having completed a threaded name resolve.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2025-0665"
},
{
"cve": "CVE-2025-0725",
"cwe": {
"id": "CWE-680",
"name": "Integer Overflow to Buffer Overflow"
},
"notes": [
{
"category": "summary",
"text": "When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the CURLOPT_ACCEPT_ENCODING option, using zlib 1.2.0.3 or older, an attacker-controlled integer overflow would make libcurl perform a buffer overflow.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2025-0725"
},
{
"cve": "CVE-2025-1390",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "summary",
"text": "The PAM module pam_cap.so of libcap configuration supports group names starting with \u201c@\u201d, during actual parsing, configurations not starting with \u201c@\u201d are incorrectly recognized as group names. This may result in nonintended users being granted an inherited capability set, potentially leading to security risks. Attackers can exploit this vulnerability to achieve local privilege escalation on systems where /etc/security/capability.conf is used to configure user inherited privileges by constructing specific usernames.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2025-1390"
},
{
"cve": "CVE-2025-3277",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "summary",
"text": "An integer overflow can be triggered in SQLite\u0027s \u0027concat_ws()\u0027 function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size 4GB can be triggered. This can result in arbitrary code execution.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2025-3277"
},
{
"cve": "CVE-2025-3360",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "1. Describe what is the vulnerability about, e.g.:\n Affected devices do not properly validate input in the hack-me endpoint of the web service.\n\n 2. Describe what an attacker could do with it - e.g.:\n This could allow an unauthenticated remote attacker to execute arbitrary code on the device.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 0.0,
"baseSeverity": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2025-3360"
},
{
"cve": "CVE-2025-21694",
"cwe": {
"id": "CWE-667",
"name": "Improper Locking"
},
"notes": [
{
"category": "summary",
"text": "fs/proc: softlockup in __read_vmcore",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2025-21694"
},
{
"cve": "CVE-2025-26466",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "summary",
"text": "A flaw was found in the OpenSSH package. For each ping packet the SSH server receives, a pong packet is allocated in a memory buffer and stored in a queue of packages. It is only freed when the server/client key exchange has finished. A malicious client may keep sending such packages, leading to an uncontrolled increase in memory consumption on the server side. Consequently, the server may become unavailable, resulting in a denial of service attack.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2025-26466"
},
{
"cve": "CVE-2025-29087",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "In SQLite, the concat_ws() SQL function can cause memory to be written beyond the end of a malloc-allocated buffer. If the separator argument is attacker-controlled and has a large string (e.g., 2MB or more), an integer overflow occurs in calculating the size of the result buffer, and thus malloc may not allocate enough memory.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2025-29087"
},
{
"cve": "CVE-2025-29088",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "A vulnerability in sqlite allows an attacker to cause a denial of service via the SQLITE_DBCONFIG_LOOKASIDE component.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2025-29088"
},
{
"cve": "CVE-2025-32728",
"cwe": {
"id": "CWE-440",
"name": "Expected Behavior Violation"
},
"notes": [
{
"category": "summary",
"text": "In sshd in OpenSSH before 10.0, the DisableForwarding directive does not adhere to the documentation stating that it disables X11 and agent forwarding.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.1.5 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109478459/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2025-32728"
}
]
}
CERTFR-2025-AVI-0349
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans le noyau Linux d'Ubuntu. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, une élévation de privilèges et une atteinte à la confidentialité des données
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Ubuntu 24.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 18.04 ESM",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 20.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 24.10",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 22.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-26718",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26718"
},
{
"name": "CVE-2021-47119",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47119"
},
{
"name": "CVE-2021-47219",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47219"
},
{
"name": "CVE-2024-23848",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23848"
},
{
"name": "CVE-2024-26915",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26915"
},
{
"name": "CVE-2024-26928",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26928"
},
{
"name": "CVE-2024-35864",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35864"
},
{
"name": "CVE-2024-35887",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35887"
},
{
"name": "CVE-2024-35958",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35958"
},
{
"name": "CVE-2024-36899",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36899"
},
{
"name": "CVE-2024-40953",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40953"
},
{
"name": "CVE-2024-38588",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38588"
},
{
"name": "CVE-2024-26837",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26837"
},
{
"name": "CVE-2024-41014",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41014"
},
{
"name": "CVE-2024-39497",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39497"
},
{
"name": "CVE-2024-41066",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41066"
},
{
"name": "CVE-2024-42122",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42122"
},
{
"name": "CVE-2024-40965",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40965"
},
{
"name": "CVE-2023-52913",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52913"
},
{
"name": "CVE-2024-41080",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41080"
},
{
"name": "CVE-2024-42069",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42069"
},
{
"name": "CVE-2024-42291",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42291"
},
{
"name": "CVE-2024-42315",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42315"
},
{
"name": "CVE-2024-43900",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43900"
},
{
"name": "CVE-2024-44938",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44938"
},
{
"name": "CVE-2024-46784",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46784"
},
{
"name": "CVE-2024-46826",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46826"
},
{
"name": "CVE-2024-42252",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42252"
},
{
"name": "CVE-2024-46809",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46809"
},
{
"name": "CVE-2024-46841",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46841"
},
{
"name": "CVE-2024-46871",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46871"
},
{
"name": "CVE-2024-47707",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47707"
},
{
"name": "CVE-2024-47730",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47730"
},
{
"name": "CVE-2024-49899",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49899"
},
{
"name": "CVE-2024-49906",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49906"
},
{
"name": "CVE-2024-49914",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49914"
},
{
"name": "CVE-2024-49920",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49920"
},
{
"name": "CVE-2024-49936",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49936"
},
{
"name": "CVE-2024-49950",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49950"
},
{
"name": "CVE-2024-49972",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49972"
},
{
"name": "CVE-2024-49974",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49974"
},
{
"name": "CVE-2024-49996",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49996"
},
{
"name": "CVE-2024-50019",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50019"
},
{
"name": "CVE-2024-50020",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50020"
},
{
"name": "CVE-2024-50021",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50021"
},
{
"name": "CVE-2024-50022",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50022"
},
{
"name": "CVE-2024-50023",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50023"
},
{
"name": "CVE-2024-50024",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50024"
},
{
"name": "CVE-2024-50025",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50025"
},
{
"name": "CVE-2024-50027",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50027"
},
{
"name": "CVE-2024-50028",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50028"
},
{
"name": "CVE-2024-50031",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50031"
},
{
"name": "CVE-2024-50033",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50033"
},
{
"name": "CVE-2024-50035",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50035"
},
{
"name": "CVE-2024-50040",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50040"
},
{
"name": "CVE-2024-50041",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50041"
},
{
"name": "CVE-2024-50042",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50042"
},
{
"name": "CVE-2024-50044",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50044"
},
{
"name": "CVE-2024-50045",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50045"
},
{
"name": "CVE-2024-50046",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50046"
},
{
"name": "CVE-2024-50047",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50047"
},
{
"name": "CVE-2024-50048",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50048"
},
{
"name": "CVE-2024-50049",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50049"
},
{
"name": "CVE-2024-50055",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50055"
},
{
"name": "CVE-2024-50058",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50058"
},
{
"name": "CVE-2024-50059",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50059"
},
{
"name": "CVE-2024-50060",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50060"
},
{
"name": "CVE-2024-50061",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50061"
},
{
"name": "CVE-2024-50062",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50062"
},
{
"name": "CVE-2024-50063",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50063"
},
{
"name": "CVE-2024-50064",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50064"
},
{
"name": "CVE-2024-50069",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50069"
},
{
"name": "CVE-2024-50073",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50073"
},
{
"name": "CVE-2024-50074",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50074"
},
{
"name": "CVE-2024-50075",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50075"
},
{
"name": "CVE-2024-50076",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50076"
},
{
"name": "CVE-2024-50077",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50077"
},
{
"name": "CVE-2024-50078",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50078"
},
{
"name": "CVE-2024-50080",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50080"
},
{
"name": "CVE-2024-50036",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50036"
},
{
"name": "CVE-2024-50067",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50067"
},
{
"name": "CVE-2024-50072",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50072"
},
{
"name": "CVE-2024-50126",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50126"
},
{
"name": "CVE-2024-50215",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50215"
},
{
"name": "CVE-2024-50218",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50218"
},
{
"name": "CVE-2024-50229",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50229"
},
{
"name": "CVE-2024-50230",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50230"
},
{
"name": "CVE-2024-50232",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50232"
},
{
"name": "CVE-2024-50233",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50233"
},
{
"name": "CVE-2024-50234",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50234"
},
{
"name": "CVE-2024-50235",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50235"
},
{
"name": "CVE-2024-50236",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50236"
},
{
"name": "CVE-2024-50237",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50237"
},
{
"name": "CVE-2024-50242",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50242"
},
{
"name": "CVE-2024-50243",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50243"
},
{
"name": "CVE-2024-50244",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50244"
},
{
"name": "CVE-2024-50245",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50245"
},
{
"name": "CVE-2024-50247",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50247"
},
{
"name": "CVE-2024-50249",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50249"
},
{
"name": "CVE-2024-50250",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50250"
},
{
"name": "CVE-2024-50251",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50251"
},
{
"name": "CVE-2024-50252",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50252"
},
{
"name": "CVE-2024-50255",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50255"
},
{
"name": "CVE-2024-50256",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50256"
},
{
"name": "CVE-2024-50257",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50257"
},
{
"name": "CVE-2024-50259",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50259"
},
{
"name": "CVE-2024-50261",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50261"
},
{
"name": "CVE-2024-50262",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50262"
},
{
"name": "CVE-2024-50265",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50265"
},
{
"name": "CVE-2024-50267",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50267"
},
{
"name": "CVE-2024-50268",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50268"
},
{
"name": "CVE-2024-50269",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50269"
},
{
"name": "CVE-2024-50271",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50271"
},
{
"name": "CVE-2024-50272",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50272"
},
{
"name": "CVE-2024-50273",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50273"
},
{
"name": "CVE-2024-50276",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50276"
},
{
"name": "CVE-2024-50278",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50278"
},
{
"name": "CVE-2024-50279",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50279"
},
{
"name": "CVE-2024-50280",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50280"
},
{
"name": "CVE-2024-50282",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50282"
},
{
"name": "CVE-2024-50283",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50283"
},
{
"name": "CVE-2024-50284",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50284"
},
{
"name": "CVE-2024-50286",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50286"
},
{
"name": "CVE-2024-50287",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50287"
},
{
"name": "CVE-2024-50290",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50290"
},
{
"name": "CVE-2024-50292",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50292"
},
{
"name": "CVE-2024-50295",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50295"
},
{
"name": "CVE-2024-50296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50296"
},
{
"name": "CVE-2024-50299",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50299"
},
{
"name": "CVE-2024-50301",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50301"
},
{
"name": "CVE-2024-50302",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50302"
},
{
"name": "CVE-2024-53042",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53042"
},
{
"name": "CVE-2024-53043",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53043"
},
{
"name": "CVE-2024-53052",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53052"
},
{
"name": "CVE-2024-53055",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53055"
},
{
"name": "CVE-2024-53058",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53058"
},
{
"name": "CVE-2024-53059",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53059"
},
{
"name": "CVE-2024-53060",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53060"
},
{
"name": "CVE-2024-53061",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53061"
},
{
"name": "CVE-2024-53063",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53063"
},
{
"name": "CVE-2024-53066",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53066"
},
{
"name": "CVE-2024-53072",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53072"
},
{
"name": "CVE-2024-53081",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53081"
},
{
"name": "CVE-2024-53082",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53082"
},
{
"name": "CVE-2024-53088",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53088"
},
{
"name": "CVE-2024-53093",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53093"
},
{
"name": "CVE-2024-50226",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50226"
},
{
"name": "CVE-2024-49925",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49925"
},
{
"name": "CVE-2024-50208",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50208"
},
{
"name": "CVE-2024-50082",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50082"
},
{
"name": "CVE-2024-50099",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50099"
},
{
"name": "CVE-2024-50110",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50110"
},
{
"name": "CVE-2024-50142",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50142"
},
{
"name": "CVE-2024-50192",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50192"
},
{
"name": "CVE-2024-49884",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49884"
},
{
"name": "CVE-2024-49893",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49893"
},
{
"name": "CVE-2024-49921",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49921"
},
{
"name": "CVE-2024-50038",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50038"
},
{
"name": "CVE-2024-50039",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50039"
},
{
"name": "CVE-2024-50093",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50093"
},
{
"name": "CVE-2024-50095",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50095"
},
{
"name": "CVE-2024-50096",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50096"
},
{
"name": "CVE-2024-50180",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50180"
},
{
"name": "CVE-2024-50184",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50184"
},
{
"name": "CVE-2024-50186",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50186"
},
{
"name": "CVE-2024-50188",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50188"
},
{
"name": "CVE-2024-50189",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50189"
},
{
"name": "CVE-2024-50191",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50191"
},
{
"name": "CVE-2024-49968",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49968"
},
{
"name": "CVE-2024-50009",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50009"
},
{
"name": "CVE-2024-50026",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50026"
},
{
"name": "CVE-2024-50084",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50084"
},
{
"name": "CVE-2024-50087",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50087"
},
{
"name": "CVE-2024-50088",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50088"
},
{
"name": "CVE-2024-50098",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50098"
},
{
"name": "CVE-2024-50101",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50101"
},
{
"name": "CVE-2024-50103",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50103"
},
{
"name": "CVE-2024-50108",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50108"
},
{
"name": "CVE-2024-50115",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50115"
},
{
"name": "CVE-2024-50116",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50116"
},
{
"name": "CVE-2024-50117",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50117"
},
{
"name": "CVE-2024-50121",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50121"
},
{
"name": "CVE-2024-50124",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50124"
},
{
"name": "CVE-2024-50125",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50125"
},
{
"name": "CVE-2024-50127",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50127"
},
{
"name": "CVE-2024-50128",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50128"
},
{
"name": "CVE-2024-50130",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50130"
},
{
"name": "CVE-2024-50131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50131"
},
{
"name": "CVE-2024-50134",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50134"
},
{
"name": "CVE-2024-50135",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50135"
},
{
"name": "CVE-2024-50136",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50136"
},
{
"name": "CVE-2024-50138",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50138"
},
{
"name": "CVE-2024-50139",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50139"
},
{
"name": "CVE-2024-50141",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50141"
},
{
"name": "CVE-2024-50145",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50145"
},
{
"name": "CVE-2024-50146",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50146"
},
{
"name": "CVE-2024-50147",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50147"
},
{
"name": "CVE-2024-50148",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50148"
},
{
"name": "CVE-2024-50150",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50150"
},
{
"name": "CVE-2024-50153",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50153"
},
{
"name": "CVE-2024-50154",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50154"
},
{
"name": "CVE-2024-50155",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50155"
},
{
"name": "CVE-2024-50156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50156"
},
{
"name": "CVE-2024-50158",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50158"
},
{
"name": "CVE-2024-50159",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50159"
},
{
"name": "CVE-2024-50160",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50160"
},
{
"name": "CVE-2024-50166",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50166"
},
{
"name": "CVE-2024-50167",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50167"
},
{
"name": "CVE-2024-50169",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50169"
},
{
"name": "CVE-2024-50171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50171"
},
{
"name": "CVE-2024-50172",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50172"
},
{
"name": "CVE-2024-50182",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50182"
},
{
"name": "CVE-2024-50183",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50183"
},
{
"name": "CVE-2024-50187",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50187"
},
{
"name": "CVE-2024-50194",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50194"
},
{
"name": "CVE-2024-50195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50195"
},
{
"name": "CVE-2024-50196",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50196"
},
{
"name": "CVE-2024-50198",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50198"
},
{
"name": "CVE-2024-50200",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50200"
},
{
"name": "CVE-2024-50201",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50201"
},
{
"name": "CVE-2024-50205",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50205"
},
{
"name": "CVE-2024-50209",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50209"
},
{
"name": "CVE-2024-50210",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50210"
},
{
"name": "CVE-2024-50216",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50216"
},
{
"name": "CVE-2024-50221",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50221"
},
{
"name": "CVE-2024-50224",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50224"
},
{
"name": "CVE-2024-50225",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50225"
},
{
"name": "CVE-2024-50231",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50231"
},
{
"name": "CVE-2024-50240",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50240"
},
{
"name": "CVE-2024-50246",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50246"
},
{
"name": "CVE-2024-50248",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50248"
},
{
"name": "CVE-2024-50274",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50274"
},
{
"name": "CVE-2024-50275",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50275"
},
{
"name": "CVE-2024-50289",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50289"
},
{
"name": "CVE-2024-50298",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50298"
},
{
"name": "CVE-2024-53045",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53045"
},
{
"name": "CVE-2024-53048",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53048"
},
{
"name": "CVE-2024-53051",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53051"
},
{
"name": "CVE-2024-53068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53068"
},
{
"name": "CVE-2024-53076",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53076"
},
{
"name": "CVE-2024-53079",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53079"
},
{
"name": "CVE-2024-53085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53085"
},
{
"name": "CVE-2024-53094",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53094"
},
{
"name": "CVE-2024-53095",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53095"
},
{
"name": "CVE-2024-53096",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53096"
},
{
"name": "CVE-2024-53100",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53100"
},
{
"name": "CVE-2024-53101",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53101"
},
{
"name": "CVE-2024-53104",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53104"
},
{
"name": "CVE-2024-53106",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53106"
},
{
"name": "CVE-2024-53108",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53108"
},
{
"name": "CVE-2024-53110",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53110"
},
{
"name": "CVE-2024-53112",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53112"
},
{
"name": "CVE-2024-53114",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53114"
},
{
"name": "CVE-2024-53121",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53121"
},
{
"name": "CVE-2024-53138",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53138"
},
{
"name": "CVE-2024-53142",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53142"
},
{
"name": "CVE-2024-50010",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50010"
},
{
"name": "CVE-2024-50083",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50083"
},
{
"name": "CVE-2024-50085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50085"
},
{
"name": "CVE-2024-50086",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50086"
},
{
"name": "CVE-2024-50133",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50133"
},
{
"name": "CVE-2024-50143",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50143"
},
{
"name": "CVE-2024-50151",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50151"
},
{
"name": "CVE-2024-50162",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50162"
},
{
"name": "CVE-2024-50163",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50163"
},
{
"name": "CVE-2024-50168",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50168"
},
{
"name": "CVE-2024-50185",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50185"
},
{
"name": "CVE-2024-50193",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50193"
},
{
"name": "CVE-2024-50199",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50199"
},
{
"name": "CVE-2024-50202",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50202"
},
{
"name": "CVE-2024-53097",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53097"
},
{
"name": "CVE-2024-53113",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53113"
},
{
"name": "CVE-2024-53119",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53119"
},
{
"name": "CVE-2024-53120",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53120"
},
{
"name": "CVE-2024-53122",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53122"
},
{
"name": "CVE-2024-53123",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53123"
},
{
"name": "CVE-2024-53127",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53127"
},
{
"name": "CVE-2024-53129",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53129"
},
{
"name": "CVE-2024-53130",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53130"
},
{
"name": "CVE-2024-53131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53131"
},
{
"name": "CVE-2024-53135",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53135"
},
{
"name": "CVE-2024-53136",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53136"
},
{
"name": "CVE-2024-53140",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53140"
},
{
"name": "CVE-2024-50203",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50203"
},
{
"name": "CVE-2024-50211",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50211"
},
{
"name": "CVE-2024-53050",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53050"
},
{
"name": "CVE-2024-53090",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53090"
},
{
"name": "CVE-2024-53099",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53099"
},
{
"name": "CVE-2024-53105",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53105"
},
{
"name": "CVE-2024-53111",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53111"
},
{
"name": "CVE-2024-53117",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53117"
},
{
"name": "CVE-2024-53118",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53118"
},
{
"name": "CVE-2024-53125",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53125"
},
{
"name": "CVE-2024-53126",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53126"
},
{
"name": "CVE-2024-53133",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53133"
},
{
"name": "CVE-2024-53134",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53134"
},
{
"name": "CVE-2024-53146",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53146"
},
{
"name": "CVE-2024-53148",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53148"
},
{
"name": "CVE-2024-53150",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53150"
},
{
"name": "CVE-2024-53151",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53151"
},
{
"name": "CVE-2024-53154",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53154"
},
{
"name": "CVE-2024-53155",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53155"
},
{
"name": "CVE-2024-53156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53156"
},
{
"name": "CVE-2024-53157",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53157"
},
{
"name": "CVE-2024-53158",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53158"
},
{
"name": "CVE-2024-53160",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53160"
},
{
"name": "CVE-2024-53161",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53161"
},
{
"name": "CVE-2024-53162",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53162"
},
{
"name": "CVE-2024-53166",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53166"
},
{
"name": "CVE-2024-53169",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53169"
},
{
"name": "CVE-2024-53171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53171"
},
{
"name": "CVE-2024-53173",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53173"
},
{
"name": "CVE-2024-53174",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53174"
},
{
"name": "CVE-2024-53180",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53180"
},
{
"name": "CVE-2024-53188",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53188"
},
{
"name": "CVE-2024-53190",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53190"
},
{
"name": "CVE-2024-53191",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53191"
},
{
"name": "CVE-2024-53200",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53200"
},
{
"name": "CVE-2024-53201",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53201"
},
{
"name": "CVE-2024-53202",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53202"
},
{
"name": "CVE-2024-53206",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53206"
},
{
"name": "CVE-2024-53208",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53208"
},
{
"name": "CVE-2024-53209",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53209"
},
{
"name": "CVE-2024-53210",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53210"
},
{
"name": "CVE-2024-53213",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53213"
},
{
"name": "CVE-2024-53214",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53214"
},
{
"name": "CVE-2024-53215",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53215"
},
{
"name": "CVE-2024-53217",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53217"
},
{
"name": "CVE-2024-53222",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53222"
},
{
"name": "CVE-2024-53224",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53224"
},
{
"name": "CVE-2024-53229",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53229"
},
{
"name": "CVE-2024-53234",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53234"
},
{
"name": "CVE-2024-53237",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53237"
},
{
"name": "CVE-2024-56539",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56539"
},
{
"name": "CVE-2024-56549",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56549"
},
{
"name": "CVE-2024-56551",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56551"
},
{
"name": "CVE-2024-56562",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56562"
},
{
"name": "CVE-2024-56566",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56566"
},
{
"name": "CVE-2024-56567",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56567"
},
{
"name": "CVE-2024-56576",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56576"
},
{
"name": "CVE-2024-56582",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56582"
},
{
"name": "CVE-2024-56599",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56599"
},
{
"name": "CVE-2024-56604",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56604"
},
{
"name": "CVE-2024-56605",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56605"
},
{
"name": "CVE-2024-56645",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56645"
},
{
"name": "CVE-2024-56752",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56752"
},
{
"name": "CVE-2024-56754",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56754"
},
{
"name": "CVE-2024-56755",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56755"
},
{
"name": "CVE-2024-56756",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56756"
},
{
"name": "CVE-2024-53239",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53239"
},
{
"name": "CVE-2024-56548",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56548"
},
{
"name": "CVE-2024-56570",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56570"
},
{
"name": "CVE-2024-56575",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56575"
},
{
"name": "CVE-2024-56598",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56598"
},
{
"name": "CVE-2024-56619",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56619"
},
{
"name": "CVE-2024-56631",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56631"
},
{
"name": "CVE-2024-56704",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56704"
},
{
"name": "CVE-2024-36476",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36476"
},
{
"name": "CVE-2024-45828",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45828"
},
{
"name": "CVE-2024-47141",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47141"
},
{
"name": "CVE-2024-47143",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47143"
},
{
"name": "CVE-2024-47809",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47809"
},
{
"name": "CVE-2024-48873",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48873"
},
{
"name": "CVE-2024-48881",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48881"
},
{
"name": "CVE-2024-49569",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49569"
},
{
"name": "CVE-2024-49998",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49998"
},
{
"name": "CVE-2024-50051",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50051"
},
{
"name": "CVE-2024-52332",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52332"
},
{
"name": "CVE-2024-53091",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53091"
},
{
"name": "CVE-2024-53168",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53168"
},
{
"name": "CVE-2024-53170",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53170"
},
{
"name": "CVE-2024-53172",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53172"
},
{
"name": "CVE-2024-53175",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53175"
},
{
"name": "CVE-2024-53185",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53185"
},
{
"name": "CVE-2024-53194",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53194"
},
{
"name": "CVE-2024-53195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53195"
},
{
"name": "CVE-2024-53196",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53196"
},
{
"name": "CVE-2024-53197",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53197"
},
{
"name": "CVE-2024-53198",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53198"
},
{
"name": "CVE-2024-53227",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53227"
},
{
"name": "CVE-2024-53230",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53230"
},
{
"name": "CVE-2024-53231",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53231"
},
{
"name": "CVE-2024-53232",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53232"
},
{
"name": "CVE-2024-53233",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53233"
},
{
"name": "CVE-2024-53236",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53236"
},
{
"name": "CVE-2024-53685",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53685"
},
{
"name": "CVE-2024-53690",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53690"
},
{
"name": "CVE-2024-55881",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55881"
},
{
"name": "CVE-2024-55916",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55916"
},
{
"name": "CVE-2024-56369",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56369"
},
{
"name": "CVE-2024-56531",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56531"
},
{
"name": "CVE-2024-56532",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56532"
},
{
"name": "CVE-2024-56533",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56533"
},
{
"name": "CVE-2024-56538",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56538"
},
{
"name": "CVE-2024-56543",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56543"
},
{
"name": "CVE-2024-56546",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56546"
},
{
"name": "CVE-2024-56557",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56557"
},
{
"name": "CVE-2024-56558",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56558"
},
{
"name": "CVE-2024-56568",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56568"
},
{
"name": "CVE-2024-56569",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56569"
},
{
"name": "CVE-2024-56572",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56572"
},
{
"name": "CVE-2024-56573",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56573"
},
{
"name": "CVE-2024-56574",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56574"
},
{
"name": "CVE-2024-56577",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56577"
},
{
"name": "CVE-2024-56578",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56578"
},
{
"name": "CVE-2024-56584",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56584"
},
{
"name": "CVE-2024-56587",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56587"
},
{
"name": "CVE-2024-56588",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56588"
},
{
"name": "CVE-2024-56589",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56589"
},
{
"name": "CVE-2024-56590",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56590"
},
{
"name": "CVE-2024-56593",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56593"
},
{
"name": "CVE-2024-56594",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56594"
},
{
"name": "CVE-2024-56595",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56595"
},
{
"name": "CVE-2024-56596",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56596"
},
{
"name": "CVE-2024-56597",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56597"
},
{
"name": "CVE-2024-56602",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56602"
},
{
"name": "CVE-2024-56603",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56603"
},
{
"name": "CVE-2024-56606",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56606"
},
{
"name": "CVE-2024-56607",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56607"
},
{
"name": "CVE-2024-56609",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56609"
},
{
"name": "CVE-2024-56611",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56611"
},
{
"name": "CVE-2024-56614",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56614"
},
{
"name": "CVE-2024-56615",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56615"
},
{
"name": "CVE-2024-56616",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56616"
},
{
"name": "CVE-2024-56620",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56620"
},
{
"name": "CVE-2024-56622",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56622"
},
{
"name": "CVE-2024-56623",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56623"
},
{
"name": "CVE-2024-56625",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56625"
},
{
"name": "CVE-2024-56629",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56629"
},
{
"name": "CVE-2024-56630",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56630"
},
{
"name": "CVE-2024-56632",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56632"
},
{
"name": "CVE-2024-56634",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56634"
},
{
"name": "CVE-2024-56635",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56635"
},
{
"name": "CVE-2024-56636",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56636"
},
{
"name": "CVE-2024-56637",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56637"
},
{
"name": "CVE-2024-56641",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56641"
},
{
"name": "CVE-2024-56642",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56642"
},
{
"name": "CVE-2024-56643",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56643"
},
{
"name": "CVE-2024-56644",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56644"
},
{
"name": "CVE-2024-56648",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56648"
},
{
"name": "CVE-2024-56649",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56649"
},
{
"name": "CVE-2024-56651",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56651"
},
{
"name": "CVE-2024-56659",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56659"
},
{
"name": "CVE-2024-56662",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56662"
},
{
"name": "CVE-2024-56663",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56663"
},
{
"name": "CVE-2024-56670",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56670"
},
{
"name": "CVE-2024-56672",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56672"
},
{
"name": "CVE-2024-56677",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56677"
},
{
"name": "CVE-2024-56678",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56678"
},
{
"name": "CVE-2024-56681",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56681"
},
{
"name": "CVE-2024-56683",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56683"
},
{
"name": "CVE-2024-56687",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56687"
},
{
"name": "CVE-2024-56688",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56688"
},
{
"name": "CVE-2024-56690",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56690"
},
{
"name": "CVE-2024-56691",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56691"
},
{
"name": "CVE-2024-56694",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56694"
},
{
"name": "CVE-2024-56698",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56698"
},
{
"name": "CVE-2024-56700",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56700"
},
{
"name": "CVE-2024-56701",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56701"
},
{
"name": "CVE-2024-56705",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56705"
},
{
"name": "CVE-2024-56708",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56708"
},
{
"name": "CVE-2024-56716",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56716"
},
{
"name": "CVE-2024-56722",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56722"
},
{
"name": "CVE-2024-56723",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56723"
},
{
"name": "CVE-2024-56724",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56724"
},
{
"name": "CVE-2024-56729",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56729"
},
{
"name": "CVE-2024-56739",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56739"
},
{
"name": "CVE-2024-56745",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56745"
},
{
"name": "CVE-2024-56746",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56746"
},
{
"name": "CVE-2024-56747",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56747"
},
{
"name": "CVE-2024-56748",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56748"
},
{
"name": "CVE-2024-56759",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56759"
},
{
"name": "CVE-2024-56765",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56765"
},
{
"name": "CVE-2024-56767",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56767"
},
{
"name": "CVE-2024-56769",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56769"
},
{
"name": "CVE-2024-56774",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56774"
},
{
"name": "CVE-2024-56775",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56775"
},
{
"name": "CVE-2024-56776",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56776"
},
{
"name": "CVE-2024-56777",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56777"
},
{
"name": "CVE-2024-56778",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56778"
},
{
"name": "CVE-2024-56779",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56779"
},
{
"name": "CVE-2024-56780",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56780"
},
{
"name": "CVE-2024-56787",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56787"
},
{
"name": "CVE-2024-57791",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57791"
},
{
"name": "CVE-2024-57792",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57792"
},
{
"name": "CVE-2024-57798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57798"
},
{
"name": "CVE-2024-57838",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57838"
},
{
"name": "CVE-2024-57849",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57849"
},
{
"name": "CVE-2024-57850",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57850"
},
{
"name": "CVE-2024-57874",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57874"
},
{
"name": "CVE-2024-57876",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57876"
},
{
"name": "CVE-2024-57890",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57890"
},
{
"name": "CVE-2024-57892",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57892"
},
{
"name": "CVE-2024-57896",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57896"
},
{
"name": "CVE-2024-57897",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57897"
},
{
"name": "CVE-2024-57903",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57903"
},
{
"name": "CVE-2024-57904",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57904"
},
{
"name": "CVE-2024-57906",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57906"
},
{
"name": "CVE-2024-57907",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57907"
},
{
"name": "CVE-2024-57908",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57908"
},
{
"name": "CVE-2024-57910",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57910"
},
{
"name": "CVE-2024-57911",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57911"
},
{
"name": "CVE-2024-57912",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57912"
},
{
"name": "CVE-2024-57913",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57913"
},
{
"name": "CVE-2024-57922",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57922"
},
{
"name": "CVE-2024-57929",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57929"
},
{
"name": "CVE-2024-57940",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57940"
},
{
"name": "CVE-2025-21646",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21646"
},
{
"name": "CVE-2024-53047",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53047"
},
{
"name": "CVE-2024-50258",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50258"
},
{
"name": "CVE-2024-50304",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50304"
},
{
"name": "CVE-2024-53187",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53187"
},
{
"name": "CVE-2024-53203",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53203"
},
{
"name": "CVE-2024-56592",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56592"
},
{
"name": "CVE-2024-56600",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56600"
},
{
"name": "CVE-2024-56601",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56601"
},
{
"name": "CVE-2024-56608",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56608"
},
{
"name": "CVE-2024-56610",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56610"
},
{
"name": "CVE-2024-56650",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56650"
},
{
"name": "CVE-2024-56658",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56658"
},
{
"name": "CVE-2024-56679",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56679"
},
{
"name": "CVE-2024-56693",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56693"
},
{
"name": "CVE-2024-56707",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56707"
},
{
"name": "CVE-2024-56715",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56715"
},
{
"name": "CVE-2024-56725",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56725"
},
{
"name": "CVE-2024-56726",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56726"
},
{
"name": "CVE-2024-56727",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56727"
},
{
"name": "CVE-2024-56728",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56728"
},
{
"name": "CVE-2024-56763",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56763"
},
{
"name": "CVE-2024-57802",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57802"
},
{
"name": "CVE-2024-57882",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57882"
},
{
"name": "CVE-2024-57884",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57884"
},
{
"name": "CVE-2024-57917",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57917"
},
{
"name": "CVE-2024-57931",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57931"
},
{
"name": "CVE-2024-57938",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57938"
},
{
"name": "CVE-2024-57946",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57946"
},
{
"name": "CVE-2025-21653",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21653"
},
{
"name": "CVE-2025-21664",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21664"
},
{
"name": "CVE-2025-21666",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21666"
},
{
"name": "CVE-2025-21669",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21669"
},
{
"name": "CVE-2025-21670",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21670"
},
{
"name": "CVE-2025-21674",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21674"
},
{
"name": "CVE-2025-21675",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21675"
},
{
"name": "CVE-2025-21676",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21676"
},
{
"name": "CVE-2025-21678",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21678"
},
{
"name": "CVE-2025-21682",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21682"
},
{
"name": "CVE-2024-50164",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50164"
},
{
"name": "CVE-2024-53124",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53124"
},
{
"name": "CVE-2024-53128",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53128"
},
{
"name": "CVE-2024-56703",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56703"
},
{
"name": "CVE-2024-57925",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57925"
},
{
"name": "CVE-2024-57939",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57939"
},
{
"name": "CVE-2024-57948",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57948"
},
{
"name": "CVE-2025-21631",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21631"
},
{
"name": "CVE-2025-21636",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21636"
},
{
"name": "CVE-2025-21637",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21637"
},
{
"name": "CVE-2025-21638",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21638"
},
{
"name": "CVE-2025-21639",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21639"
},
{
"name": "CVE-2025-21640",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21640"
},
{
"name": "CVE-2025-21648",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21648"
},
{
"name": "CVE-2025-21665",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21665"
},
{
"name": "CVE-2025-21667",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21667"
},
{
"name": "CVE-2025-21668",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21668"
},
{
"name": "CVE-2025-21680",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21680"
},
{
"name": "CVE-2025-21681",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21681"
},
{
"name": "CVE-2025-21683",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21683"
},
{
"name": "CVE-2024-53177",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53177"
},
{
"name": "CVE-2024-56633",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56633"
},
{
"name": "CVE-2025-21673",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21673"
},
{
"name": "CVE-2022-49034",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49034"
},
{
"name": "CVE-2024-47711",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47711"
},
{
"name": "CVE-2024-47726",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47726"
},
{
"name": "CVE-2024-49865",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49865"
},
{
"name": "CVE-2024-50029",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50029"
},
{
"name": "CVE-2024-50030",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50030"
},
{
"name": "CVE-2024-50056",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50056"
},
{
"name": "CVE-2024-50057",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50057"
},
{
"name": "CVE-2024-50065",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50065"
},
{
"name": "CVE-2024-50066",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50066"
},
{
"name": "CVE-2024-50068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50068"
},
{
"name": "CVE-2024-50070",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50070"
},
{
"name": "CVE-2024-50090",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50090"
},
{
"name": "CVE-2024-50104",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50104"
},
{
"name": "CVE-2024-50105",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50105"
},
{
"name": "CVE-2024-50107",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50107"
},
{
"name": "CVE-2024-50111",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50111"
},
{
"name": "CVE-2024-50112",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50112"
},
{
"name": "CVE-2024-50118",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50118"
},
{
"name": "CVE-2024-50120",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50120"
},
{
"name": "CVE-2024-50137",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50137"
},
{
"name": "CVE-2024-50140",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50140"
},
{
"name": "CVE-2024-50152",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50152"
},
{
"name": "CVE-2024-50170",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50170"
},
{
"name": "CVE-2024-50197",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50197"
},
{
"name": "CVE-2024-50206",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50206"
},
{
"name": "CVE-2024-50207",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50207"
},
{
"name": "CVE-2024-50220",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50220"
},
{
"name": "CVE-2024-50222",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50222"
},
{
"name": "CVE-2024-50223",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50223"
},
{
"name": "CVE-2024-50238",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50238"
},
{
"name": "CVE-2024-50239",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50239"
},
{
"name": "CVE-2024-50263",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50263"
},
{
"name": "CVE-2024-50270",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50270"
},
{
"name": "CVE-2024-50285",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50285"
},
{
"name": "CVE-2024-50288",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50288"
},
{
"name": "CVE-2024-50291",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50291"
},
{
"name": "CVE-2024-50294",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50294"
},
{
"name": "CVE-2024-50297",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50297"
},
{
"name": "CVE-2024-50300",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50300"
},
{
"name": "CVE-2024-50303",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50303"
},
{
"name": "CVE-2024-53044",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53044"
},
{
"name": "CVE-2024-53046",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53046"
},
{
"name": "CVE-2024-53053",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53053"
},
{
"name": "CVE-2024-53062",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53062"
},
{
"name": "CVE-2024-53067",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53067"
},
{
"name": "CVE-2024-53083",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53083"
},
{
"name": "CVE-2024-53084",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53084"
},
{
"name": "CVE-2024-53086",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53086"
},
{
"name": "CVE-2024-53087",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53087"
},
{
"name": "CVE-2024-53089",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53089"
},
{
"name": "CVE-2024-53107",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53107"
},
{
"name": "CVE-2024-53109",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53109"
},
{
"name": "CVE-2024-53115",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53115"
},
{
"name": "CVE-2024-53139",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53139"
},
{
"name": "CVE-2024-53145",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53145"
},
{
"name": "CVE-2024-53147",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53147"
},
{
"name": "CVE-2024-53163",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53163"
},
{
"name": "CVE-2024-53165",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53165"
},
{
"name": "CVE-2024-53176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53176"
},
{
"name": "CVE-2024-53178",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53178"
},
{
"name": "CVE-2024-53181",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53181"
},
{
"name": "CVE-2024-53183",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53183"
},
{
"name": "CVE-2024-53184",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53184"
},
{
"name": "CVE-2024-53218",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53218"
},
{
"name": "CVE-2024-53219",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53219"
},
{
"name": "CVE-2024-53220",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53220"
},
{
"name": "CVE-2024-53221",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53221"
},
{
"name": "CVE-2024-53223",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53223"
},
{
"name": "CVE-2024-53226",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53226"
},
{
"name": "CVE-2024-53228",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53228"
},
{
"name": "CVE-2024-56540",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56540"
},
{
"name": "CVE-2024-56545",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56545"
},
{
"name": "CVE-2024-56685",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56685"
},
{
"name": "CVE-2024-56689",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56689"
},
{
"name": "CVE-2024-56692",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56692"
},
{
"name": "CVE-2024-56720",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56720"
},
{
"name": "CVE-2024-56721",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56721"
},
{
"name": "CVE-2024-56742",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56742"
},
{
"name": "CVE-2024-56744",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56744"
},
{
"name": "CVE-2024-56751",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56751"
},
{
"name": "CVE-2025-0927",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0927"
},
{
"name": "CVE-2024-56579",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56579"
},
{
"name": "CVE-2024-56647",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56647"
},
{
"name": "CVE-2024-57889",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57889"
},
{
"name": "CVE-2025-21684",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21684"
},
{
"name": "CVE-2025-21687",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21687"
},
{
"name": "CVE-2025-21689",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21689"
},
{
"name": "CVE-2025-21690",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21690"
},
{
"name": "CVE-2025-21692",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21692"
},
{
"name": "CVE-2025-21697",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21697"
},
{
"name": "CVE-2025-21699",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21699"
},
{
"name": "CVE-2025-21700",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21700"
},
{
"name": "CVE-2024-43098",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43098"
},
{
"name": "CVE-2024-47408",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47408"
},
{
"name": "CVE-2024-49571",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49571"
},
{
"name": "CVE-2024-53680",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53680"
},
{
"name": "CVE-2024-56581",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56581"
},
{
"name": "CVE-2024-56586",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56586"
},
{
"name": "CVE-2024-56626",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56626"
},
{
"name": "CVE-2024-56627",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56627"
},
{
"name": "CVE-2024-56640",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56640"
},
{
"name": "CVE-2024-56770",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56770"
},
{
"name": "CVE-2024-56781",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56781"
},
{
"name": "CVE-2024-56783",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56783"
},
{
"name": "CVE-2024-56785",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56785"
},
{
"name": "CVE-2024-57807",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57807"
},
{
"name": "CVE-2024-57841",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57841"
},
{
"name": "CVE-2024-57900",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57900"
},
{
"name": "CVE-2024-57901",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57901"
},
{
"name": "CVE-2024-57902",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57902"
},
{
"name": "CVE-2024-57949",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57949"
},
{
"name": "CVE-2024-57951",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57951"
},
{
"name": "CVE-2025-21694",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21694"
},
{
"name": "CVE-2022-0995",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0995"
},
{
"name": "CVE-2024-41932",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41932"
},
{
"name": "CVE-2024-41935",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41935"
},
{
"name": "CVE-2024-47794",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47794"
},
{
"name": "CVE-2024-48875",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48875"
},
{
"name": "CVE-2024-48876",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48876"
},
{
"name": "CVE-2024-56550",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56550"
},
{
"name": "CVE-2024-56561",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56561"
},
{
"name": "CVE-2024-56565",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56565"
},
{
"name": "CVE-2024-56580",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56580"
},
{
"name": "CVE-2024-56583",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56583"
},
{
"name": "CVE-2024-56613",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56613"
},
{
"name": "CVE-2024-56621",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56621"
},
{
"name": "CVE-2024-56638",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56638"
},
{
"name": "CVE-2024-56771",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56771"
},
{
"name": "CVE-2024-56772",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56772"
},
{
"name": "CVE-2024-56773",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56773"
},
{
"name": "CVE-2024-56782",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56782"
},
{
"name": "CVE-2024-56786",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56786"
},
{
"name": "CVE-2024-57843",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57843"
},
{
"name": "CVE-2024-57872",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57872"
},
{
"name": "CVE-2024-58087",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58087"
},
{
"name": "CVE-2025-21701",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21701"
},
{
"name": "CVE-2025-21703",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21703"
},
{
"name": "CVE-2025-21693",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21693"
},
{
"name": "CVE-2025-21756",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21756"
},
{
"name": "CVE-2025-21831",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21831"
},
{
"name": "CVE-2025-21702",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21702"
},
{
"name": "CVE-2025-21993",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21993"
},
{
"name": "CVE-2024-44955",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44955"
},
{
"name": "CVE-2024-50032",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50032"
},
{
"name": "CVE-2024-57950",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57950"
},
{
"name": "CVE-2024-57952",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57952"
},
{
"name": "CVE-2025-21672",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21672"
},
{
"name": "CVE-2025-21677",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21677"
},
{
"name": "CVE-2025-21685",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21685"
},
{
"name": "CVE-2025-21691",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21691"
},
{
"name": "CVE-2025-21695",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21695"
},
{
"name": "CVE-2025-21696",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21696"
},
{
"name": "CVE-2025-2312",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2312"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0349",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-04-25T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux d\u0027Ubuntu. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux d\u0027Ubuntu",
"vendor_advisories": [
{
"published_at": "2025-04-24",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7459-1",
"url": "https://ubuntu.com/security/notices/USN-7459-1"
},
{
"published_at": "2025-04-23",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7451-1",
"url": "https://ubuntu.com/security/notices/USN-7451-1"
},
{
"published_at": "2025-04-24",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7449-2",
"url": "https://ubuntu.com/security/notices/USN-7449-2"
},
{
"published_at": "2025-04-23",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7450-1",
"url": "https://ubuntu.com/security/notices/USN-7450-1"
},
{
"published_at": "2025-04-24",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7461-1",
"url": "https://ubuntu.com/security/notices/USN-7461-1"
},
{
"published_at": "2025-04-23",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7453-1",
"url": "https://ubuntu.com/security/notices/USN-7453-1"
},
{
"published_at": "2025-04-24",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7462-1",
"url": "https://ubuntu.com/security/notices/USN-7462-1"
},
{
"published_at": "2025-04-24",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7463-1",
"url": "https://ubuntu.com/security/notices/USN-7463-1"
},
{
"published_at": "2025-04-23",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7445-1",
"url": "https://ubuntu.com/security/notices/USN-7445-1"
},
{
"published_at": "2025-04-23",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7448-1",
"url": "https://ubuntu.com/security/notices/USN-7448-1"
},
{
"published_at": "2025-04-24",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7461-2",
"url": "https://ubuntu.com/security/notices/USN-7461-2"
},
{
"published_at": "2025-04-24",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7455-1",
"url": "https://ubuntu.com/security/notices/USN-7455-1"
},
{
"published_at": "2025-04-22",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7402-5",
"url": "https://ubuntu.com/security/notices/USN-7402-5"
},
{
"published_at": "2025-04-24",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7455-2",
"url": "https://ubuntu.com/security/notices/USN-7455-2"
},
{
"published_at": "2025-04-24",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7460-1",
"url": "https://ubuntu.com/security/notices/USN-7460-1"
},
{
"published_at": "2025-04-24",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7462-2",
"url": "https://ubuntu.com/security/notices/USN-7462-2"
},
{
"published_at": "2025-04-23",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7452-1",
"url": "https://ubuntu.com/security/notices/USN-7452-1"
},
{
"published_at": "2025-04-24",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7458-1",
"url": "https://ubuntu.com/security/notices/USN-7458-1"
},
{
"published_at": "2025-04-24",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7455-3",
"url": "https://ubuntu.com/security/notices/USN-7455-3"
},
{
"published_at": "2025-04-23",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7449-1",
"url": "https://ubuntu.com/security/notices/USN-7449-1"
}
]
}
CERTFR-2024-AVI-1078
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans le noyau Linux de Red Hat. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Red Hat | Red Hat CodeReady Linux Builder | Red Hat CodeReady Linux Builder for ARM 64 8 aarch64 | ||
| Red Hat | Red Hat CodeReady Linux Builder | Red Hat CodeReady Linux Builder for ARM 64 9 aarch64 | ||
| Red Hat | Red Hat CodeReady Linux Builder | Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 8.8 aarch64 | ||
| Red Hat | Red Hat CodeReady Linux Builder | Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 9.2 aarch64 | ||
| Red Hat | Red Hat CodeReady Linux Builder | Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 9.4 aarch64 | ||
| Red Hat | Red Hat CodeReady Linux Builder | Red Hat CodeReady Linux Builder for IBM z Systems 9 s390x | ||
| Red Hat | Red Hat CodeReady Linux Builder | Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 9.2 s390x | ||
| Red Hat | Red Hat CodeReady Linux Builder | Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 9.4 s390x | ||
| Red Hat | Red Hat CodeReady Linux Builder | Red Hat CodeReady Linux Builder for Power, little endian 8 ppc64le | ||
| Red Hat | Red Hat CodeReady Linux Builder | Red Hat CodeReady Linux Builder for Power, little endian 9 ppc64le | ||
| Red Hat | Red Hat CodeReady Linux Builder | Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 8.8 ppc64le | ||
| Red Hat | Red Hat CodeReady Linux Builder | Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 9.2 ppc64le | ||
| Red Hat | Red Hat CodeReady Linux Builder | Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 9.4 ppc64le | ||
| Red Hat | Red Hat CodeReady Linux Builder | Red Hat CodeReady Linux Builder for x86_64 8 x86_64 | ||
| Red Hat | Red Hat CodeReady Linux Builder | Red Hat CodeReady Linux Builder for x86_64 9 x86_64 | ||
| Red Hat | Red Hat CodeReady Linux Builder | Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 8.8 x86_64 | ||
| Red Hat | Red Hat CodeReady Linux Builder | Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 9.2 x86_64 | ||
| Red Hat | Red Hat CodeReady Linux Builder | Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 9.4 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.2 aarch64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.4 aarch64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for ARM 64 8 aarch64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for ARM 64 9 aarch64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.8 aarch64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.2 aarch64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.4 aarch64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.2 s390x | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.4 s390x | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for IBM z Systems 8 s390x | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for IBM z Systems 9 s390x | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.8 s390x | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.2 s390x | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.4 s390x | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for Power, little endian 8 ppc64le | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for Power, little endian 9 ppc64le | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.8 ppc64le | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.2 ppc64le | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.4 ppc64le | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for Real Time 8 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for Real Time 9 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for Real Time for NFV 8 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for Real Time for NFV 9 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for Real Time for NFV for x86_64 - 4 years of updates 9.2 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for Real Time for NFV for x86_64 - 4 years of updates 9.4 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for Real Time for x86_64 - 4 years of updates 9.2 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for Real Time for x86_64 - 4 years of updates 9.4 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for x86_64 8 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for x86_64 9 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.8 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.2 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.8 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.2 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.4 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux Server | Red Hat Enterprise Linux Server - AUS 9.2 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux Server | Red Hat Enterprise Linux Server - AUS 9.4 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux Server | Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.8 ppc64le | ||
| Red Hat | Red Hat Enterprise Linux Server | Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.2 ppc64le | ||
| Red Hat | Red Hat Enterprise Linux Server | Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.4 ppc64le | ||
| Red Hat | Red Hat Enterprise Linux Server | Red Hat Enterprise Linux Server - TUS 8.8 x86_64 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Red Hat CodeReady Linux Builder for ARM 64 8 aarch64",
"product": {
"name": "Red Hat CodeReady Linux Builder",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat CodeReady Linux Builder for ARM 64 9 aarch64",
"product": {
"name": "Red Hat CodeReady Linux Builder",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 8.8 aarch64",
"product": {
"name": "Red Hat CodeReady Linux Builder",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 9.2 aarch64",
"product": {
"name": "Red Hat CodeReady Linux Builder",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 9.4 aarch64",
"product": {
"name": "Red Hat CodeReady Linux Builder",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat CodeReady Linux Builder for IBM z Systems 9 s390x",
"product": {
"name": "Red Hat CodeReady Linux Builder",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 9.2 s390x",
"product": {
"name": "Red Hat CodeReady Linux Builder",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 9.4 s390x",
"product": {
"name": "Red Hat CodeReady Linux Builder",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat CodeReady Linux Builder for Power, little endian 8 ppc64le",
"product": {
"name": "Red Hat CodeReady Linux Builder",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat CodeReady Linux Builder for Power, little endian 9 ppc64le",
"product": {
"name": "Red Hat CodeReady Linux Builder",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 8.8 ppc64le",
"product": {
"name": "Red Hat CodeReady Linux Builder",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 9.2 ppc64le",
"product": {
"name": "Red Hat CodeReady Linux Builder",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 9.4 ppc64le",
"product": {
"name": "Red Hat CodeReady Linux Builder",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat CodeReady Linux Builder for x86_64 8 x86_64",
"product": {
"name": "Red Hat CodeReady Linux Builder",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat CodeReady Linux Builder for x86_64 9 x86_64",
"product": {
"name": "Red Hat CodeReady Linux Builder",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 8.8 x86_64",
"product": {
"name": "Red Hat CodeReady Linux Builder",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 9.2 x86_64",
"product": {
"name": "Red Hat CodeReady Linux Builder",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 9.4 x86_64",
"product": {
"name": "Red Hat CodeReady Linux Builder",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.2 aarch64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.4 aarch64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for ARM 64 8 aarch64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for ARM 64 9 aarch64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.8 aarch64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.2 aarch64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.4 aarch64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.2 s390x",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.4 s390x",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for IBM z Systems 8 s390x",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for IBM z Systems 9 s390x",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.8 s390x",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.2 s390x",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.4 s390x",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for Power, little endian 8 ppc64le",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for Power, little endian 9 ppc64le",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.8 ppc64le",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.2 ppc64le",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.4 ppc64le",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for Real Time 8 x86_64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for Real Time 9 x86_64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for Real Time for NFV 8 x86_64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for Real Time for NFV 9 x86_64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for Real Time for NFV for x86_64 - 4 years of updates 9.2 x86_64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for Real Time for NFV for x86_64 - 4 years of updates 9.4 x86_64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for Real Time for x86_64 - 4 years of updates 9.2 x86_64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for Real Time for x86_64 - 4 years of updates 9.4 x86_64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for x86_64 8 x86_64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for x86_64 9 x86_64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.8 x86_64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.2 x86_64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4 x86_64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.8 x86_64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.2 x86_64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.4 x86_64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux Server - AUS 9.2 x86_64",
"product": {
"name": "Red Hat Enterprise Linux Server",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux Server - AUS 9.4 x86_64",
"product": {
"name": "Red Hat Enterprise Linux Server",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.8 ppc64le",
"product": {
"name": "Red Hat Enterprise Linux Server",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.2 ppc64le",
"product": {
"name": "Red Hat Enterprise Linux Server",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.4 ppc64le",
"product": {
"name": "Red Hat Enterprise Linux Server",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux Server - TUS 8.8 x86_64",
"product": {
"name": "Red Hat Enterprise Linux Server",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-50142",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50142"
},
{
"name": "CVE-2024-50262",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50262"
},
{
"name": "CVE-2024-26830",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26830"
},
{
"name": "CVE-2024-27062",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27062"
},
{
"name": "CVE-2023-51779",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51779"
},
{
"name": "CVE-2024-50192",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50192"
},
{
"name": "CVE-2024-45018",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45018"
},
{
"name": "CVE-2024-26615",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26615"
},
{
"name": "CVE-2024-42124",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42124"
},
{
"name": "CVE-2024-50082",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50082"
},
{
"name": "CVE-2024-43854",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43854"
},
{
"name": "CVE-2024-50264",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50264"
},
{
"name": "CVE-2024-47675",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47675"
},
{
"name": "CVE-2024-49888",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49888"
},
{
"name": "CVE-2024-46695",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46695"
},
{
"name": "CVE-2024-49949",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49949"
},
{
"name": "CVE-2024-50099",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50099"
},
{
"name": "CVE-2024-50256",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50256"
},
{
"name": "CVE-2024-50251",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50251"
},
{
"name": "CVE-2024-38564",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38564"
},
{
"name": "CVE-2024-41049",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41049"
},
{
"name": "CVE-2024-41064",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41064"
},
{
"name": "CVE-2024-50110",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50110"
},
{
"name": "CVE-2024-44994",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44994"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-1078",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-12-13T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de Red Hat. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de Red Hat",
"vendor_advisories": [
{
"published_at": "2024-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2024:10939",
"url": "https://access.redhat.com/errata/RHSA-2024:10939"
},
{
"published_at": "2024-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2024:10945",
"url": "https://access.redhat.com/errata/RHSA-2024:10945"
},
{
"published_at": "2024-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2024:10942",
"url": "https://access.redhat.com/errata/RHSA-2024:10942"
},
{
"published_at": "2024-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2024:10943",
"url": "https://access.redhat.com/errata/RHSA-2024:10943"
},
{
"published_at": "2024-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2024:10944",
"url": "https://access.redhat.com/errata/RHSA-2024:10944"
},
{
"published_at": "2024-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2024:10946",
"url": "https://access.redhat.com/errata/RHSA-2024:10946"
},
{
"published_at": "2024-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2024:10941",
"url": "https://access.redhat.com/errata/RHSA-2024:10941"
}
]
}
CERTFR-2025-AVI-0152
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans le noyau Linux d'Ubuntu. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, une élévation de privilèges et un déni de service.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Ubuntu 16.04 ESM",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 24.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 18.04 ESM",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 20.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 24.10",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 22.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-26800",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26800"
},
{
"name": "CVE-2024-26921",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26921"
},
{
"name": "CVE-2024-38630",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38630"
},
{
"name": "CVE-2024-43882",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43882"
},
{
"name": "CVE-2023-52917",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52917"
},
{
"name": "CVE-2024-47671",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47671"
},
{
"name": "CVE-2024-47675",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47675"
},
{
"name": "CVE-2024-47681",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47681"
},
{
"name": "CVE-2024-47682",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47682"
},
{
"name": "CVE-2024-47684",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47684"
},
{
"name": "CVE-2024-47685",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47685"
},
{
"name": "CVE-2024-47686",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47686"
},
{
"name": "CVE-2024-47687",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47687"
},
{
"name": "CVE-2024-47688",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47688"
},
{
"name": "CVE-2024-47692",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47692"
},
{
"name": "CVE-2024-47693",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47693"
},
{
"name": "CVE-2024-47695",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47695"
},
{
"name": "CVE-2024-47696",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47696"
},
{
"name": "CVE-2024-47697",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47697"
},
{
"name": "CVE-2024-47698",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47698"
},
{
"name": "CVE-2024-47699",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47699"
},
{
"name": "CVE-2024-47702",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47702"
},
{
"name": "CVE-2024-47704",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47704"
},
{
"name": "CVE-2024-47705",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47705"
},
{
"name": "CVE-2024-47706",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47706"
},
{
"name": "CVE-2024-47707",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47707"
},
{
"name": "CVE-2024-47709",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47709"
},
{
"name": "CVE-2024-47710",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47710"
},
{
"name": "CVE-2024-47712",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47712"
},
{
"name": "CVE-2024-47713",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47713"
},
{
"name": "CVE-2024-47714",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47714"
},
{
"name": "CVE-2024-47715",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47715"
},
{
"name": "CVE-2024-47718",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47718"
},
{
"name": "CVE-2024-47719",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47719"
},
{
"name": "CVE-2024-47720",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47720"
},
{
"name": "CVE-2024-47723",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47723"
},
{
"name": "CVE-2024-47727",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47727"
},
{
"name": "CVE-2024-47728",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47728"
},
{
"name": "CVE-2024-47730",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47730"
},
{
"name": "CVE-2024-47731",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47731"
},
{
"name": "CVE-2024-47732",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47732"
},
{
"name": "CVE-2024-47735",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47735"
},
{
"name": "CVE-2024-47737",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47737"
},
{
"name": "CVE-2024-47738",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47738"
},
{
"name": "CVE-2024-47739",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47739"
},
{
"name": "CVE-2024-47741",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47741"
},
{
"name": "CVE-2024-47742",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47742"
},
{
"name": "CVE-2024-47743",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47743"
},
{
"name": "CVE-2024-47744",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47744"
},
{
"name": "CVE-2024-47745",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47745"
},
{
"name": "CVE-2024-47747",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47747"
},
{
"name": "CVE-2024-47748",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47748"
},
{
"name": "CVE-2024-47749",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47749"
},
{
"name": "CVE-2024-47750",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47750"
},
{
"name": "CVE-2024-47751",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47751"
},
{
"name": "CVE-2024-47752",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47752"
},
{
"name": "CVE-2024-47753",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47753"
},
{
"name": "CVE-2024-47754",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47754"
},
{
"name": "CVE-2024-47756",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47756"
},
{
"name": "CVE-2024-47757",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47757"
},
{
"name": "CVE-2024-49850",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49850"
},
{
"name": "CVE-2024-49851",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49851"
},
{
"name": "CVE-2024-49852",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49852"
},
{
"name": "CVE-2024-49853",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49853"
},
{
"name": "CVE-2024-49855",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49855"
},
{
"name": "CVE-2024-49858",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49858"
},
{
"name": "CVE-2024-49860",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49860"
},
{
"name": "CVE-2024-49861",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49861"
},
{
"name": "CVE-2024-49862",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49862"
},
{
"name": "CVE-2024-49863",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49863"
},
{
"name": "CVE-2024-49864",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49864"
},
{
"name": "CVE-2024-49866",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49866"
},
{
"name": "CVE-2024-49867",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49867"
},
{
"name": "CVE-2024-49870",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49870"
},
{
"name": "CVE-2024-49871",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49871"
},
{
"name": "CVE-2024-49874",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49874"
},
{
"name": "CVE-2024-49875",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49875"
},
{
"name": "CVE-2024-49877",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49877"
},
{
"name": "CVE-2024-49878",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49878"
},
{
"name": "CVE-2024-49879",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49879"
},
{
"name": "CVE-2024-49881",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49881"
},
{
"name": "CVE-2024-49882",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49882"
},
{
"name": "CVE-2024-49883",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49883"
},
{
"name": "CVE-2024-49886",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49886"
},
{
"name": "CVE-2024-49888",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49888"
},
{
"name": "CVE-2024-49890",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49890"
},
{
"name": "CVE-2024-49891",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49891"
},
{
"name": "CVE-2024-49892",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49892"
},
{
"name": "CVE-2024-49894",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49894"
},
{
"name": "CVE-2024-49895",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49895"
},
{
"name": "CVE-2024-49896",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49896"
},
{
"name": "CVE-2024-49897",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49897"
},
{
"name": "CVE-2024-49898",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49898"
},
{
"name": "CVE-2024-49899",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49899"
},
{
"name": "CVE-2024-49900",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49900"
},
{
"name": "CVE-2024-49901",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49901"
},
{
"name": "CVE-2024-49902",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49902"
},
{
"name": "CVE-2024-49903",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49903"
},
{
"name": "CVE-2024-49906",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49906"
},
{
"name": "CVE-2024-49907",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49907"
},
{
"name": "CVE-2024-49908",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49908"
},
{
"name": "CVE-2024-49909",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49909"
},
{
"name": "CVE-2024-49911",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49911"
},
{
"name": "CVE-2024-49912",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49912"
},
{
"name": "CVE-2024-49913",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49913"
},
{
"name": "CVE-2024-49914",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49914"
},
{
"name": "CVE-2024-49917",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49917"
},
{
"name": "CVE-2024-49918",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49918"
},
{
"name": "CVE-2024-49919",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49919"
},
{
"name": "CVE-2024-49920",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49920"
},
{
"name": "CVE-2024-49922",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49922"
},
{
"name": "CVE-2024-49923",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49923"
},
{
"name": "CVE-2024-49928",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49928"
},
{
"name": "CVE-2024-49929",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49929"
},
{
"name": "CVE-2024-49930",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49930"
},
{
"name": "CVE-2024-49931",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49931"
},
{
"name": "CVE-2024-49933",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49933"
},
{
"name": "CVE-2024-49935",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49935"
},
{
"name": "CVE-2024-49936",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49936"
},
{
"name": "CVE-2024-49937",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49937"
},
{
"name": "CVE-2024-49938",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49938"
},
{
"name": "CVE-2024-49939",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49939"
},
{
"name": "CVE-2024-49946",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49946"
},
{
"name": "CVE-2024-49947",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49947"
},
{
"name": "CVE-2024-49949",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49949"
},
{
"name": "CVE-2024-49950",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49950"
},
{
"name": "CVE-2024-49953",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49953"
},
{
"name": "CVE-2024-49954",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49954"
},
{
"name": "CVE-2024-49955",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49955"
},
{
"name": "CVE-2024-49957",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49957"
},
{
"name": "CVE-2024-49958",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49958"
},
{
"name": "CVE-2024-49959",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49959"
},
{
"name": "CVE-2024-49960",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49960"
},
{
"name": "CVE-2024-49961",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49961"
},
{
"name": "CVE-2024-49962",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49962"
},
{
"name": "CVE-2024-49963",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49963"
},
{
"name": "CVE-2024-49965",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49965"
},
{
"name": "CVE-2024-49966",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49966"
},
{
"name": "CVE-2024-49969",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49969"
},
{
"name": "CVE-2024-49972",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49972"
},
{
"name": "CVE-2024-49973",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49973"
},
{
"name": "CVE-2024-49974",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49974"
},
{
"name": "CVE-2024-49975",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49975"
},
{
"name": "CVE-2024-49981",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49981"
},
{
"name": "CVE-2024-49982",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49982"
},
{
"name": "CVE-2024-49985",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49985"
},
{
"name": "CVE-2024-49986",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49986"
},
{
"name": "CVE-2024-49991",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49991"
},
{
"name": "CVE-2024-49995",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49995"
},
{
"name": "CVE-2024-49996",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49996"
},
{
"name": "CVE-2024-50000",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50000"
},
{
"name": "CVE-2024-50001",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50001"
},
{
"name": "CVE-2024-50002",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50002"
},
{
"name": "CVE-2024-50006",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50006"
},
{
"name": "CVE-2024-50007",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50007"
},
{
"name": "CVE-2024-50008",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50008"
},
{
"name": "CVE-2024-50013",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50013"
},
{
"name": "CVE-2024-50014",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50014"
},
{
"name": "CVE-2024-50015",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50015"
},
{
"name": "CVE-2024-50017",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50017"
},
{
"name": "CVE-2024-50019",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50019"
},
{
"name": "CVE-2024-50020",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50020"
},
{
"name": "CVE-2024-50021",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50021"
},
{
"name": "CVE-2024-50022",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50022"
},
{
"name": "CVE-2024-50023",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50023"
},
{
"name": "CVE-2024-50024",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50024"
},
{
"name": "CVE-2024-50025",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50025"
},
{
"name": "CVE-2024-50027",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50027"
},
{
"name": "CVE-2024-50028",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50028"
},
{
"name": "CVE-2024-50031",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50031"
},
{
"name": "CVE-2024-50033",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50033"
},
{
"name": "CVE-2024-50035",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50035"
},
{
"name": "CVE-2024-50040",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50040"
},
{
"name": "CVE-2024-50041",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50041"
},
{
"name": "CVE-2024-50042",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50042"
},
{
"name": "CVE-2024-50044",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50044"
},
{
"name": "CVE-2024-50045",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50045"
},
{
"name": "CVE-2024-50046",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50046"
},
{
"name": "CVE-2024-50047",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50047"
},
{
"name": "CVE-2024-50048",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50048"
},
{
"name": "CVE-2024-50049",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50049"
},
{
"name": "CVE-2024-50055",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50055"
},
{
"name": "CVE-2024-50058",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50058"
},
{
"name": "CVE-2024-50059",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50059"
},
{
"name": "CVE-2024-50060",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50060"
},
{
"name": "CVE-2024-50061",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50061"
},
{
"name": "CVE-2024-50062",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50062"
},
{
"name": "CVE-2024-50063",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50063"
},
{
"name": "CVE-2024-50064",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50064"
},
{
"name": "CVE-2024-50069",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50069"
},
{
"name": "CVE-2024-50073",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50073"
},
{
"name": "CVE-2024-50074",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50074"
},
{
"name": "CVE-2024-50075",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50075"
},
{
"name": "CVE-2024-50076",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50076"
},
{
"name": "CVE-2024-50077",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50077"
},
{
"name": "CVE-2024-50078",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50078"
},
{
"name": "CVE-2024-50080",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50080"
},
{
"name": "CVE-2024-50081",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50081"
},
{
"name": "CVE-2024-50012",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50012"
},
{
"name": "CVE-2024-50036",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50036"
},
{
"name": "CVE-2024-50067",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50067"
},
{
"name": "CVE-2024-50072",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50072"
},
{
"name": "CVE-2024-50126",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50126"
},
{
"name": "CVE-2024-50215",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50215"
},
{
"name": "CVE-2024-50218",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50218"
},
{
"name": "CVE-2024-50229",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50229"
},
{
"name": "CVE-2024-50230",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50230"
},
{
"name": "CVE-2024-50232",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50232"
},
{
"name": "CVE-2024-50233",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50233"
},
{
"name": "CVE-2024-50234",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50234"
},
{
"name": "CVE-2024-50235",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50235"
},
{
"name": "CVE-2024-50236",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50236"
},
{
"name": "CVE-2024-50237",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50237"
},
{
"name": "CVE-2024-50242",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50242"
},
{
"name": "CVE-2024-50243",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50243"
},
{
"name": "CVE-2024-50244",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50244"
},
{
"name": "CVE-2024-50245",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50245"
},
{
"name": "CVE-2024-50247",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50247"
},
{
"name": "CVE-2024-50249",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50249"
},
{
"name": "CVE-2024-50250",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50250"
},
{
"name": "CVE-2024-50251",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50251"
},
{
"name": "CVE-2024-50252",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50252"
},
{
"name": "CVE-2024-50255",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50255"
},
{
"name": "CVE-2024-50256",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50256"
},
{
"name": "CVE-2024-50257",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50257"
},
{
"name": "CVE-2024-50259",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50259"
},
{
"name": "CVE-2024-50261",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50261"
},
{
"name": "CVE-2024-50262",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50262"
},
{
"name": "CVE-2024-50264",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50264"
},
{
"name": "CVE-2024-50265",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50265"
},
{
"name": "CVE-2024-50267",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50267"
},
{
"name": "CVE-2024-50268",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50268"
},
{
"name": "CVE-2024-50269",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50269"
},
{
"name": "CVE-2024-50271",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50271"
},
{
"name": "CVE-2024-50272",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50272"
},
{
"name": "CVE-2024-50273",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50273"
},
{
"name": "CVE-2024-50276",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50276"
},
{
"name": "CVE-2024-50278",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50278"
},
{
"name": "CVE-2024-50279",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50279"
},
{
"name": "CVE-2024-50280",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50280"
},
{
"name": "CVE-2024-50282",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50282"
},
{
"name": "CVE-2024-50283",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50283"
},
{
"name": "CVE-2024-50284",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50284"
},
{
"name": "CVE-2024-50286",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50286"
},
{
"name": "CVE-2024-50287",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50287"
},
{
"name": "CVE-2024-50290",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50290"
},
{
"name": "CVE-2024-50292",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50292"
},
{
"name": "CVE-2024-50295",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50295"
},
{
"name": "CVE-2024-50296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50296"
},
{
"name": "CVE-2024-50299",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50299"
},
{
"name": "CVE-2024-50301",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50301"
},
{
"name": "CVE-2024-50302",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50302"
},
{
"name": "CVE-2024-53042",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53042"
},
{
"name": "CVE-2024-53043",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53043"
},
{
"name": "CVE-2024-53052",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53052"
},
{
"name": "CVE-2024-53055",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53055"
},
{
"name": "CVE-2024-53058",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53058"
},
{
"name": "CVE-2024-53059",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53059"
},
{
"name": "CVE-2024-53061",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53061"
},
{
"name": "CVE-2024-53063",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53063"
},
{
"name": "CVE-2024-53066",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53066"
},
{
"name": "CVE-2024-53072",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53072"
},
{
"name": "CVE-2024-53081",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53081"
},
{
"name": "CVE-2024-53082",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53082"
},
{
"name": "CVE-2024-53088",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53088"
},
{
"name": "CVE-2024-53093",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53093"
},
{
"name": "CVE-2024-50226",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50226"
},
{
"name": "CVE-2024-49925",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49925"
},
{
"name": "CVE-2024-49945",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49945"
},
{
"name": "CVE-2024-50208",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50208"
},
{
"name": "CVE-2024-50082",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50082"
},
{
"name": "CVE-2024-50099",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50099"
},
{
"name": "CVE-2024-50110",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50110"
},
{
"name": "CVE-2024-50142",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50142"
},
{
"name": "CVE-2024-50192",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50192"
},
{
"name": "CVE-2024-47679",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47679"
},
{
"name": "CVE-2024-47690",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47690"
},
{
"name": "CVE-2024-47701",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47701"
},
{
"name": "CVE-2024-47734",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47734"
},
{
"name": "CVE-2024-47740",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47740"
},
{
"name": "CVE-2024-49856",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49856"
},
{
"name": "CVE-2024-49868",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49868"
},
{
"name": "CVE-2024-49884",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49884"
},
{
"name": "CVE-2024-49889",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49889"
},
{
"name": "CVE-2024-49893",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49893"
},
{
"name": "CVE-2024-49904",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49904"
},
{
"name": "CVE-2024-49905",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49905"
},
{
"name": "CVE-2024-49910",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49910"
},
{
"name": "CVE-2024-49915",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49915"
},
{
"name": "CVE-2024-49916",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49916"
},
{
"name": "CVE-2024-49921",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49921"
},
{
"name": "CVE-2024-49924",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49924"
},
{
"name": "CVE-2024-49927",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49927"
},
{
"name": "CVE-2024-49944",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49944"
},
{
"name": "CVE-2024-49948",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49948"
},
{
"name": "CVE-2024-49952",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49952"
},
{
"name": "CVE-2024-49977",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49977"
},
{
"name": "CVE-2024-49983",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49983"
},
{
"name": "CVE-2024-49997",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49997"
},
{
"name": "CVE-2024-50003",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50003"
},
{
"name": "CVE-2024-50038",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50038"
},
{
"name": "CVE-2024-50039",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50039"
},
{
"name": "CVE-2024-50093",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50093"
},
{
"name": "CVE-2024-50095",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50095"
},
{
"name": "CVE-2024-50096",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50096"
},
{
"name": "CVE-2024-50179",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50179"
},
{
"name": "CVE-2024-50180",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50180"
},
{
"name": "CVE-2024-50181",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50181"
},
{
"name": "CVE-2024-50184",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50184"
},
{
"name": "CVE-2024-50186",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50186"
},
{
"name": "CVE-2024-50188",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50188"
},
{
"name": "CVE-2024-50189",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50189"
},
{
"name": "CVE-2024-50191",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50191"
},
{
"name": "CVE-2024-47703",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47703"
},
{
"name": "CVE-2024-49934",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49934"
},
{
"name": "CVE-2024-49968",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49968"
},
{
"name": "CVE-2024-49976",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49976"
},
{
"name": "CVE-2024-49987",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49987"
},
{
"name": "CVE-2024-49989",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49989"
},
{
"name": "CVE-2024-50009",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50009"
},
{
"name": "CVE-2024-50026",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50026"
},
{
"name": "CVE-2024-50084",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50084"
},
{
"name": "CVE-2024-50087",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50087"
},
{
"name": "CVE-2024-50088",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50088"
},
{
"name": "CVE-2024-50098",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50098"
},
{
"name": "CVE-2024-50100",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50100"
},
{
"name": "CVE-2024-50101",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50101"
},
{
"name": "CVE-2024-50102",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50102"
},
{
"name": "CVE-2024-50103",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50103"
},
{
"name": "CVE-2024-50108",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50108"
},
{
"name": "CVE-2024-50115",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50115"
},
{
"name": "CVE-2024-50116",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50116"
},
{
"name": "CVE-2024-50117",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50117"
},
{
"name": "CVE-2024-50121",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50121"
},
{
"name": "CVE-2024-50124",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50124"
},
{
"name": "CVE-2024-50125",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50125"
},
{
"name": "CVE-2024-50127",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50127"
},
{
"name": "CVE-2024-50128",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50128"
},
{
"name": "CVE-2024-50130",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50130"
},
{
"name": "CVE-2024-50131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50131"
},
{
"name": "CVE-2024-50134",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50134"
},
{
"name": "CVE-2024-50135",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50135"
},
{
"name": "CVE-2024-50136",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50136"
},
{
"name": "CVE-2024-50138",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50138"
},
{
"name": "CVE-2024-50139",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50139"
},
{
"name": "CVE-2024-50141",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50141"
},
{
"name": "CVE-2024-50145",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50145"
},
{
"name": "CVE-2024-50146",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50146"
},
{
"name": "CVE-2024-50147",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50147"
},
{
"name": "CVE-2024-50148",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50148"
},
{
"name": "CVE-2024-50150",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50150"
},
{
"name": "CVE-2024-50153",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50153"
},
{
"name": "CVE-2024-50154",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50154"
},
{
"name": "CVE-2024-50155",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50155"
},
{
"name": "CVE-2024-50156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50156"
},
{
"name": "CVE-2024-50157",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50157"
},
{
"name": "CVE-2024-50158",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50158"
},
{
"name": "CVE-2024-50159",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50159"
},
{
"name": "CVE-2024-50160",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50160"
},
{
"name": "CVE-2024-50166",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50166"
},
{
"name": "CVE-2024-50167",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50167"
},
{
"name": "CVE-2024-50169",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50169"
},
{
"name": "CVE-2024-50171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50171"
},
{
"name": "CVE-2024-50172",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50172"
},
{
"name": "CVE-2024-50176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50176"
},
{
"name": "CVE-2024-50177",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50177"
},
{
"name": "CVE-2024-50182",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50182"
},
{
"name": "CVE-2024-50183",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50183"
},
{
"name": "CVE-2024-50187",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50187"
},
{
"name": "CVE-2024-50194",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50194"
},
{
"name": "CVE-2024-50195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50195"
},
{
"name": "CVE-2024-50196",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50196"
},
{
"name": "CVE-2024-50198",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50198"
},
{
"name": "CVE-2024-50200",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50200"
},
{
"name": "CVE-2024-50201",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50201"
},
{
"name": "CVE-2024-50205",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50205"
},
{
"name": "CVE-2024-50209",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50209"
},
{
"name": "CVE-2024-50216",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50216"
},
{
"name": "CVE-2024-50221",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50221"
},
{
"name": "CVE-2024-50224",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50224"
},
{
"name": "CVE-2024-50225",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50225"
},
{
"name": "CVE-2024-50231",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50231"
},
{
"name": "CVE-2024-50240",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50240"
},
{
"name": "CVE-2024-50246",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50246"
},
{
"name": "CVE-2024-50248",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50248"
},
{
"name": "CVE-2024-50274",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50274"
},
{
"name": "CVE-2024-50275",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50275"
},
{
"name": "CVE-2024-50289",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50289"
},
{
"name": "CVE-2024-50298",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50298"
},
{
"name": "CVE-2024-53045",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53045"
},
{
"name": "CVE-2024-53048",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53048"
},
{
"name": "CVE-2024-53056",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53056"
},
{
"name": "CVE-2024-53068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53068"
},
{
"name": "CVE-2024-53074",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53074"
},
{
"name": "CVE-2024-53076",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53076"
},
{
"name": "CVE-2024-53079",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53079"
},
{
"name": "CVE-2024-53085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53085"
},
{
"name": "CVE-2024-53094",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53094"
},
{
"name": "CVE-2024-53095",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53095"
},
{
"name": "CVE-2024-53100",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53100"
},
{
"name": "CVE-2024-53101",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53101"
},
{
"name": "CVE-2024-53104",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53104"
},
{
"name": "CVE-2024-53106",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53106"
},
{
"name": "CVE-2024-53108",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53108"
},
{
"name": "CVE-2024-53110",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53110"
},
{
"name": "CVE-2024-53112",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53112"
},
{
"name": "CVE-2024-53114",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53114"
},
{
"name": "CVE-2024-53121",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53121"
},
{
"name": "CVE-2024-53138",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53138"
},
{
"name": "CVE-2024-53142",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53142"
},
{
"name": "CVE-2024-47678",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47678"
},
{
"name": "CVE-2024-49859",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49859"
},
{
"name": "CVE-2024-49978",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49978"
},
{
"name": "CVE-2024-49992",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49992"
},
{
"name": "CVE-2024-50010",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50010"
},
{
"name": "CVE-2024-50083",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50083"
},
{
"name": "CVE-2024-50085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50085"
},
{
"name": "CVE-2024-50086",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50086"
},
{
"name": "CVE-2024-50133",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50133"
},
{
"name": "CVE-2024-50143",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50143"
},
{
"name": "CVE-2024-50151",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50151"
},
{
"name": "CVE-2024-50162",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50162"
},
{
"name": "CVE-2024-50163",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50163"
},
{
"name": "CVE-2024-50168",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50168"
},
{
"name": "CVE-2024-50185",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50185"
},
{
"name": "CVE-2024-50193",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50193"
},
{
"name": "CVE-2024-50199",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50199"
},
{
"name": "CVE-2024-50202",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50202"
},
{
"name": "CVE-2024-53103",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53103"
},
{
"name": "CVE-2024-53113",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53113"
},
{
"name": "CVE-2024-53119",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53119"
},
{
"name": "CVE-2024-53120",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53120"
},
{
"name": "CVE-2024-53122",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53122"
},
{
"name": "CVE-2024-53123",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53123"
},
{
"name": "CVE-2024-53127",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53127"
},
{
"name": "CVE-2024-53129",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53129"
},
{
"name": "CVE-2024-53130",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53130"
},
{
"name": "CVE-2024-53131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53131"
},
{
"name": "CVE-2024-53135",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53135"
},
{
"name": "CVE-2024-53140",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53140"
},
{
"name": "CVE-2024-53144",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53144"
},
{
"name": "CVE-2024-50011",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50011"
},
{
"name": "CVE-2024-50016",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50016"
},
{
"name": "CVE-2024-50203",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50203"
},
{
"name": "CVE-2024-50211",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50211"
},
{
"name": "CVE-2024-53064",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53064"
},
{
"name": "CVE-2024-53090",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53090"
},
{
"name": "CVE-2024-53099",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53099"
},
{
"name": "CVE-2024-53105",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53105"
},
{
"name": "CVE-2024-53111",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53111"
},
{
"name": "CVE-2024-53117",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53117"
},
{
"name": "CVE-2024-53118",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53118"
},
{
"name": "CVE-2024-53125",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53125"
},
{
"name": "CVE-2024-53126",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53126"
},
{
"name": "CVE-2024-53133",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53133"
},
{
"name": "CVE-2024-53134",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53134"
},
{
"name": "CVE-2024-53141",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53141"
},
{
"name": "CVE-2024-53146",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53146"
},
{
"name": "CVE-2024-53148",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53148"
},
{
"name": "CVE-2024-53150",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53150"
},
{
"name": "CVE-2024-53151",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53151"
},
{
"name": "CVE-2024-53154",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53154"
},
{
"name": "CVE-2024-53155",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53155"
},
{
"name": "CVE-2024-53156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53156"
},
{
"name": "CVE-2024-53157",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53157"
},
{
"name": "CVE-2024-53158",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53158"
},
{
"name": "CVE-2024-53160",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53160"
},
{
"name": "CVE-2024-53161",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53161"
},
{
"name": "CVE-2024-53162",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53162"
},
{
"name": "CVE-2024-53166",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53166"
},
{
"name": "CVE-2024-53169",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53169"
},
{
"name": "CVE-2024-53171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53171"
},
{
"name": "CVE-2024-53173",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53173"
},
{
"name": "CVE-2024-53174",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53174"
},
{
"name": "CVE-2024-53180",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53180"
},
{
"name": "CVE-2024-53188",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53188"
},
{
"name": "CVE-2024-53190",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53190"
},
{
"name": "CVE-2024-53191",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53191"
},
{
"name": "CVE-2024-53200",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53200"
},
{
"name": "CVE-2024-53202",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53202"
},
{
"name": "CVE-2024-53208",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53208"
},
{
"name": "CVE-2024-53209",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53209"
},
{
"name": "CVE-2024-53210",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53210"
},
{
"name": "CVE-2024-53213",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53213"
},
{
"name": "CVE-2024-53214",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53214"
},
{
"name": "CVE-2024-53215",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53215"
},
{
"name": "CVE-2024-53216",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53216"
},
{
"name": "CVE-2024-53217",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53217"
},
{
"name": "CVE-2024-53224",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53224"
},
{
"name": "CVE-2024-53229",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53229"
},
{
"name": "CVE-2024-53234",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53234"
},
{
"name": "CVE-2024-53237",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53237"
},
{
"name": "CVE-2024-56536",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56536"
},
{
"name": "CVE-2024-56539",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56539"
},
{
"name": "CVE-2024-56549",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56549"
},
{
"name": "CVE-2024-56752",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56752"
},
{
"name": "CVE-2024-56754",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56754"
},
{
"name": "CVE-2024-56755",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56755"
},
{
"name": "CVE-2024-56756",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56756"
},
{
"name": "CVE-2024-53239",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53239"
},
{
"name": "CVE-2024-56548",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56548"
},
{
"name": "CVE-2024-56704",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56704"
},
{
"name": "CVE-2024-49951",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49951"
},
{
"name": "CVE-2024-49998",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49998"
},
{
"name": "CVE-2024-50106",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50106"
},
{
"name": "CVE-2024-53091",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53091"
},
{
"name": "CVE-2024-53168",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53168"
},
{
"name": "CVE-2024-53170",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53170"
},
{
"name": "CVE-2024-53172",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53172"
},
{
"name": "CVE-2024-53175",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53175"
},
{
"name": "CVE-2024-53194",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53194"
},
{
"name": "CVE-2024-53195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53195"
},
{
"name": "CVE-2024-53196",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53196"
},
{
"name": "CVE-2024-53197",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53197"
},
{
"name": "CVE-2024-53198",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53198"
},
{
"name": "CVE-2024-53227",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53227"
},
{
"name": "CVE-2024-53230",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53230"
},
{
"name": "CVE-2024-53231",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53231"
},
{
"name": "CVE-2024-53232",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53232"
},
{
"name": "CVE-2024-53233",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53233"
},
{
"name": "CVE-2024-53236",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53236"
},
{
"name": "CVE-2024-56531",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56531"
},
{
"name": "CVE-2024-56532",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56532"
},
{
"name": "CVE-2024-56533",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56533"
},
{
"name": "CVE-2024-56538",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56538"
},
{
"name": "CVE-2024-56543",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56543"
},
{
"name": "CVE-2024-56546",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56546"
},
{
"name": "CVE-2024-53238",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53238"
},
{
"name": "CVE-2024-56677",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56677"
},
{
"name": "CVE-2024-56678",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56678"
},
{
"name": "CVE-2024-56681",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56681"
},
{
"name": "CVE-2024-56683",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56683"
},
{
"name": "CVE-2024-56687",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56687"
},
{
"name": "CVE-2024-56688",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56688"
},
{
"name": "CVE-2024-56690",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56690"
},
{
"name": "CVE-2024-56691",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56691"
},
{
"name": "CVE-2024-56694",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56694"
},
{
"name": "CVE-2024-56698",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56698"
},
{
"name": "CVE-2024-56700",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56700"
},
{
"name": "CVE-2024-56701",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56701"
},
{
"name": "CVE-2024-56705",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56705"
},
{
"name": "CVE-2024-56708",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56708"
},
{
"name": "CVE-2024-56722",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56722"
},
{
"name": "CVE-2024-56723",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56723"
},
{
"name": "CVE-2024-56724",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56724"
},
{
"name": "CVE-2024-56729",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56729"
},
{
"name": "CVE-2024-56739",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56739"
},
{
"name": "CVE-2024-56741",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56741"
},
{
"name": "CVE-2024-56745",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56745"
},
{
"name": "CVE-2024-56746",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56746"
},
{
"name": "CVE-2024-56747",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56747"
},
{
"name": "CVE-2024-56748",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56748"
},
{
"name": "CVE-2024-53047",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53047"
},
{
"name": "CVE-2024-50258",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50258"
},
{
"name": "CVE-2024-50304",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50304"
},
{
"name": "CVE-2024-53187",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53187"
},
{
"name": "CVE-2024-53203",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53203"
},
{
"name": "CVE-2024-56679",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56679"
},
{
"name": "CVE-2024-56693",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56693"
},
{
"name": "CVE-2024-56707",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56707"
},
{
"name": "CVE-2024-56725",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56725"
},
{
"name": "CVE-2024-56726",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56726"
},
{
"name": "CVE-2024-56727",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56727"
},
{
"name": "CVE-2024-56728",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56728"
},
{
"name": "CVE-2024-49994",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49994"
},
{
"name": "CVE-2024-50164",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50164"
},
{
"name": "CVE-2024-53124",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53124"
},
{
"name": "CVE-2024-53128",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53128"
},
{
"name": "CVE-2024-56703",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56703"
},
{
"name": "CVE-2024-53177",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53177"
},
{
"name": "CVE-2022-49034",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49034"
},
{
"name": "CVE-2024-46869",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46869"
},
{
"name": "CVE-2024-47676",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47676"
},
{
"name": "CVE-2024-47677",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47677"
},
{
"name": "CVE-2024-47680",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47680"
},
{
"name": "CVE-2024-47689",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47689"
},
{
"name": "CVE-2024-47691",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47691"
},
{
"name": "CVE-2024-47694",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47694"
},
{
"name": "CVE-2024-47700",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47700"
},
{
"name": "CVE-2024-47708",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47708"
},
{
"name": "CVE-2024-47711",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47711"
},
{
"name": "CVE-2024-47716",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47716"
},
{
"name": "CVE-2024-47717",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47717"
},
{
"name": "CVE-2024-47721",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47721"
},
{
"name": "CVE-2024-47724",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47724"
},
{
"name": "CVE-2024-47726",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47726"
},
{
"name": "CVE-2024-47733",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47733"
},
{
"name": "CVE-2024-47736",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47736"
},
{
"name": "CVE-2024-47746",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47746"
},
{
"name": "CVE-2024-49857",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49857"
},
{
"name": "CVE-2024-49865",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49865"
},
{
"name": "CVE-2024-49869",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49869"
},
{
"name": "CVE-2024-49872",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49872"
},
{
"name": "CVE-2024-49873",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49873"
},
{
"name": "CVE-2024-49876",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49876"
},
{
"name": "CVE-2024-49880",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49880"
},
{
"name": "CVE-2024-49885",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49885"
},
{
"name": "CVE-2024-49887",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49887"
},
{
"name": "CVE-2024-49926",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49926"
},
{
"name": "CVE-2024-49932",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49932"
},
{
"name": "CVE-2024-49940",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49940"
},
{
"name": "CVE-2024-49941",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49941"
},
{
"name": "CVE-2024-49942",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49942"
},
{
"name": "CVE-2024-49943",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49943"
},
{
"name": "CVE-2024-49956",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49956"
},
{
"name": "CVE-2024-49964",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49964"
},
{
"name": "CVE-2024-49970",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49970"
},
{
"name": "CVE-2024-49971",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49971"
},
{
"name": "CVE-2024-49979",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49979"
},
{
"name": "CVE-2024-49980",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49980"
},
{
"name": "CVE-2024-49988",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49988"
},
{
"name": "CVE-2024-49999",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49999"
},
{
"name": "CVE-2024-50005",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50005"
},
{
"name": "CVE-2024-50029",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50029"
},
{
"name": "CVE-2024-50030",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50030"
},
{
"name": "CVE-2024-50034",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50034"
},
{
"name": "CVE-2024-50037",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50037"
},
{
"name": "CVE-2024-50043",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50043"
},
{
"name": "CVE-2024-50056",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50056"
},
{
"name": "CVE-2024-50057",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50057"
},
{
"name": "CVE-2024-50065",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50065"
},
{
"name": "CVE-2024-50066",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50066"
},
{
"name": "CVE-2024-50068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50068"
},
{
"name": "CVE-2024-50070",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50070"
},
{
"name": "CVE-2024-50071",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50071"
},
{
"name": "CVE-2024-50079",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50079"
},
{
"name": "CVE-2024-50090",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50090"
},
{
"name": "CVE-2024-50091",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50091"
},
{
"name": "CVE-2024-50092",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50092"
},
{
"name": "CVE-2024-50094",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50094"
},
{
"name": "CVE-2024-50104",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50104"
},
{
"name": "CVE-2024-50105",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50105"
},
{
"name": "CVE-2024-50107",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50107"
},
{
"name": "CVE-2024-50109",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50109"
},
{
"name": "CVE-2024-50111",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50111"
},
{
"name": "CVE-2024-50112",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50112"
},
{
"name": "CVE-2024-50113",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50113"
},
{
"name": "CVE-2024-50114",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50114"
},
{
"name": "CVE-2024-50118",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50118"
},
{
"name": "CVE-2024-50119",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50119"
},
{
"name": "CVE-2024-50120",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50120"
},
{
"name": "CVE-2024-50122",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50122"
},
{
"name": "CVE-2024-50123",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50123"
},
{
"name": "CVE-2024-50129",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50129"
},
{
"name": "CVE-2024-50132",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50132"
},
{
"name": "CVE-2024-50137",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50137"
},
{
"name": "CVE-2024-50140",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50140"
},
{
"name": "CVE-2024-50144",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50144"
},
{
"name": "CVE-2024-50149",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50149"
},
{
"name": "CVE-2024-50152",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50152"
},
{
"name": "CVE-2024-50161",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50161"
},
{
"name": "CVE-2024-50165",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50165"
},
{
"name": "CVE-2024-50170",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50170"
},
{
"name": "CVE-2024-50173",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50173"
},
{
"name": "CVE-2024-50174",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50174"
},
{
"name": "CVE-2024-50178",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50178"
},
{
"name": "CVE-2024-50190",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50190"
},
{
"name": "CVE-2024-50197",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50197"
},
{
"name": "CVE-2024-50204",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50204"
},
{
"name": "CVE-2024-50206",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50206"
},
{
"name": "CVE-2024-50207",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50207"
},
{
"name": "CVE-2024-50212",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50212"
},
{
"name": "CVE-2024-50213",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50213"
},
{
"name": "CVE-2024-50214",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50214"
},
{
"name": "CVE-2024-50217",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50217"
},
{
"name": "CVE-2024-50220",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50220"
},
{
"name": "CVE-2024-50222",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50222"
},
{
"name": "CVE-2024-50223",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50223"
},
{
"name": "CVE-2024-50227",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50227"
},
{
"name": "CVE-2024-50238",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50238"
},
{
"name": "CVE-2024-50239",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50239"
},
{
"name": "CVE-2024-50253",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50253"
},
{
"name": "CVE-2024-50254",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50254"
},
{
"name": "CVE-2024-50260",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50260"
},
{
"name": "CVE-2024-50263",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50263"
},
{
"name": "CVE-2024-50266",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50266"
},
{
"name": "CVE-2024-50270",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50270"
},
{
"name": "CVE-2024-50277",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50277"
},
{
"name": "CVE-2024-50281",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50281"
},
{
"name": "CVE-2024-50285",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50285"
},
{
"name": "CVE-2024-50288",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50288"
},
{
"name": "CVE-2024-50291",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50291"
},
{
"name": "CVE-2024-50293",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50293"
},
{
"name": "CVE-2024-50294",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50294"
},
{
"name": "CVE-2024-50297",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50297"
},
{
"name": "CVE-2024-50300",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50300"
},
{
"name": "CVE-2024-50303",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50303"
},
{
"name": "CVE-2024-53044",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53044"
},
{
"name": "CVE-2024-53046",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53046"
},
{
"name": "CVE-2024-53049",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53049"
},
{
"name": "CVE-2024-53053",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53053"
},
{
"name": "CVE-2024-53062",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53062"
},
{
"name": "CVE-2024-53065",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53065"
},
{
"name": "CVE-2024-53067",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53067"
},
{
"name": "CVE-2024-53069",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53069"
},
{
"name": "CVE-2024-53071",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53071"
},
{
"name": "CVE-2024-53075",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53075"
},
{
"name": "CVE-2024-53077",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53077"
},
{
"name": "CVE-2024-53078",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53078"
},
{
"name": "CVE-2024-53080",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53080"
},
{
"name": "CVE-2024-53083",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53083"
},
{
"name": "CVE-2024-53084",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53084"
},
{
"name": "CVE-2024-53086",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53086"
},
{
"name": "CVE-2024-53087",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53087"
},
{
"name": "CVE-2024-53089",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53089"
},
{
"name": "CVE-2024-53092",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53092"
},
{
"name": "CVE-2024-53098",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53098"
},
{
"name": "CVE-2024-53107",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53107"
},
{
"name": "CVE-2024-53109",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53109"
},
{
"name": "CVE-2024-53115",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53115"
},
{
"name": "CVE-2024-53116",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53116"
},
{
"name": "CVE-2024-53132",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53132"
},
{
"name": "CVE-2024-53137",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53137"
},
{
"name": "CVE-2024-53139",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53139"
},
{
"name": "CVE-2024-53143",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53143"
},
{
"name": "CVE-2024-53145",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53145"
},
{
"name": "CVE-2024-53147",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53147"
},
{
"name": "CVE-2024-53149",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53149"
},
{
"name": "CVE-2024-53152",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53152"
},
{
"name": "CVE-2024-53153",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53153"
},
{
"name": "CVE-2024-53163",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53163"
},
{
"name": "CVE-2024-53165",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53165"
},
{
"name": "CVE-2024-53167",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53167"
},
{
"name": "CVE-2024-53176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53176"
},
{
"name": "CVE-2024-53178",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53178"
},
{
"name": "CVE-2024-53181",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53181"
},
{
"name": "CVE-2024-53183",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53183"
},
{
"name": "CVE-2024-53184",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53184"
},
{
"name": "CVE-2024-53189",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53189"
},
{
"name": "CVE-2024-53192",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53192"
},
{
"name": "CVE-2024-53193",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53193"
},
{
"name": "CVE-2024-53199",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53199"
},
{
"name": "CVE-2024-53212",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53212"
},
{
"name": "CVE-2024-53218",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53218"
},
{
"name": "CVE-2024-53219",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53219"
},
{
"name": "CVE-2024-53220",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53220"
},
{
"name": "CVE-2024-53221",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53221"
},
{
"name": "CVE-2024-53223",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53223"
},
{
"name": "CVE-2024-53226",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53226"
},
{
"name": "CVE-2024-53228",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53228"
},
{
"name": "CVE-2024-56534",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56534"
},
{
"name": "CVE-2024-56535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56535"
},
{
"name": "CVE-2024-56537",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56537"
},
{
"name": "CVE-2024-56540",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56540"
},
{
"name": "CVE-2024-56541",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56541"
},
{
"name": "CVE-2024-56544",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56544"
},
{
"name": "CVE-2024-56545",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56545"
},
{
"name": "CVE-2024-56674",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56674"
},
{
"name": "CVE-2024-56680",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56680"
},
{
"name": "CVE-2024-56684",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56684"
},
{
"name": "CVE-2024-56685",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56685"
},
{
"name": "CVE-2024-56689",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56689"
},
{
"name": "CVE-2024-56692",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56692"
},
{
"name": "CVE-2024-56696",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56696"
},
{
"name": "CVE-2024-56697",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56697"
},
{
"name": "CVE-2024-56699",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56699"
},
{
"name": "CVE-2024-56702",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56702"
},
{
"name": "CVE-2024-56720",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56720"
},
{
"name": "CVE-2024-56721",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56721"
},
{
"name": "CVE-2024-56742",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56742"
},
{
"name": "CVE-2024-56744",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56744"
},
{
"name": "CVE-2024-56749",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56749"
},
{
"name": "CVE-2024-56751",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56751"
},
{
"name": "CVE-2025-0927",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0927"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0152",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-02-21T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux d\u0027Ubuntu. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux d\u0027Ubuntu",
"vendor_advisories": [
{
"published_at": "2025-02-20",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu LSN-0109-1",
"url": "https://ubuntu.com/security/notices/LSN-0109-1"
},
{
"published_at": "2025-02-19",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7277-1",
"url": "https://ubuntu.com/security/notices/USN-7277-1"
},
{
"published_at": "2025-02-19",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7276-1",
"url": "https://ubuntu.com/security/notices/USN-7276-1"
}
]
}
CERTFR-2025-AVI-0002
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans le noyau Linux de Debian LTS. Elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à la confidentialité des données et un déni de service.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Debian LTS bullseye versions ant\u00e9rieures \u00e0 6.1.119-1~deb11u1",
"product": {
"name": "Debian",
"vendor": {
"name": "Debian",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2022-45888",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45888"
},
{
"name": "CVE-2023-31083",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31083"
},
{
"name": "CVE-2024-27072",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27072"
},
{
"name": "CVE-2024-35943",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35943"
},
{
"name": "CVE-2024-35963",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35963"
},
{
"name": "CVE-2024-35964",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35964"
},
{
"name": "CVE-2024-35966",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35966"
},
{
"name": "CVE-2024-35937",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35937"
},
{
"name": "CVE-2024-36894",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36894"
},
{
"name": "CVE-2024-27397",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27397"
},
{
"name": "CVE-2024-26952",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26952"
},
{
"name": "CVE-2024-26954",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26954"
},
{
"name": "CVE-2024-36478",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36478"
},
{
"name": "CVE-2024-36915",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36915"
},
{
"name": "CVE-2024-36923",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36923"
},
{
"name": "CVE-2024-36978",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36978"
},
{
"name": "CVE-2024-37078",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37078"
},
{
"name": "CVE-2024-38540",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38540"
},
{
"name": "CVE-2024-38553",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38553"
},
{
"name": "CVE-2024-38619",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38619"
},
{
"name": "CVE-2024-39469",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39469"
},
{
"name": "CVE-2024-27017",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27017"
},
{
"name": "CVE-2023-52760",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52760"
},
{
"name": "CVE-2024-25741",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25741"
},
{
"name": "CVE-2024-36973",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36973"
},
{
"name": "CVE-2024-39298",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39298"
},
{
"name": "CVE-2024-39371",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39371"
},
{
"name": "CVE-2024-39474",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39474"
},
{
"name": "CVE-2024-39484",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39484"
},
{
"name": "CVE-2024-39487",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39487"
},
{
"name": "CVE-2024-39494",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39494"
},
{
"name": "CVE-2024-39495",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39495"
},
{
"name": "CVE-2024-39496",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39496"
},
{
"name": "CVE-2024-39499",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39499"
},
{
"name": "CVE-2024-39500",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39500"
},
{
"name": "CVE-2024-39501",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39501"
},
{
"name": "CVE-2024-39502",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39502"
},
{
"name": "CVE-2024-39503",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39503"
},
{
"name": "CVE-2024-39505",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39505"
},
{
"name": "CVE-2024-39506",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39506"
},
{
"name": "CVE-2024-39507",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39507"
},
{
"name": "CVE-2024-39509",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39509"
},
{
"name": "CVE-2024-39510",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39510"
},
{
"name": "CVE-2024-40899",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40899"
},
{
"name": "CVE-2024-40900",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40900"
},
{
"name": "CVE-2024-40901",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40901"
},
{
"name": "CVE-2024-40902",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40902"
},
{
"name": "CVE-2024-40903",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40903"
},
{
"name": "CVE-2024-40904",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40904"
},
{
"name": "CVE-2024-40905",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40905"
},
{
"name": "CVE-2024-40906",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40906"
},
{
"name": "CVE-2024-40908",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40908"
},
{
"name": "CVE-2024-40910",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40910"
},
{
"name": "CVE-2024-40911",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40911"
},
{
"name": "CVE-2024-40912",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40912"
},
{
"name": "CVE-2024-40913",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40913"
},
{
"name": "CVE-2024-40914",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40914"
},
{
"name": "CVE-2024-40915",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40915"
},
{
"name": "CVE-2024-40916",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40916"
},
{
"name": "CVE-2024-40919",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40919"
},
{
"name": "CVE-2024-40920",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40920"
},
{
"name": "CVE-2024-40921",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40921"
},
{
"name": "CVE-2024-40924",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40924"
},
{
"name": "CVE-2024-40927",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40927"
},
{
"name": "CVE-2024-40929",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40929"
},
{
"name": "CVE-2024-40931",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40931"
},
{
"name": "CVE-2024-40932",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40932"
},
{
"name": "CVE-2024-40934",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40934"
},
{
"name": "CVE-2024-40935",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40935"
},
{
"name": "CVE-2024-40937",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40937"
},
{
"name": "CVE-2024-40938",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40938"
},
{
"name": "CVE-2024-40939",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40939"
},
{
"name": "CVE-2024-40940",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40940"
},
{
"name": "CVE-2024-40941",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40941"
},
{
"name": "CVE-2024-40942",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40942"
},
{
"name": "CVE-2024-40943",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40943"
},
{
"name": "CVE-2024-40947",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40947"
},
{
"name": "CVE-2024-40948",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40948"
},
{
"name": "CVE-2024-40953",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40953"
},
{
"name": "CVE-2024-40954",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40954"
},
{
"name": "CVE-2024-40956",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40956"
},
{
"name": "CVE-2024-40957",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40957"
},
{
"name": "CVE-2024-40958",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40958"
},
{
"name": "CVE-2024-40959",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40959"
},
{
"name": "CVE-2024-40960",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40960"
},
{
"name": "CVE-2024-40961",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40961"
},
{
"name": "CVE-2024-40963",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40963"
},
{
"name": "CVE-2024-40966",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40966"
},
{
"name": "CVE-2024-40967",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40967"
},
{
"name": "CVE-2024-40968",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40968"
},
{
"name": "CVE-2024-40970",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40970"
},
{
"name": "CVE-2024-40971",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40971"
},
{
"name": "CVE-2024-40974",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40974"
},
{
"name": "CVE-2024-40976",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40976"
},
{
"name": "CVE-2024-40977",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40977"
},
{
"name": "CVE-2024-40978",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40978"
},
{
"name": "CVE-2024-40980",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40980"
},
{
"name": "CVE-2024-40981",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40981"
},
{
"name": "CVE-2024-40983",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40983"
},
{
"name": "CVE-2024-40984",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40984"
},
{
"name": "CVE-2024-40987",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40987"
},
{
"name": "CVE-2024-40988",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40988"
},
{
"name": "CVE-2024-40989",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40989"
},
{
"name": "CVE-2024-40990",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40990"
},
{
"name": "CVE-2024-40993",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40993"
},
{
"name": "CVE-2024-40994",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40994"
},
{
"name": "CVE-2024-40995",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40995"
},
{
"name": "CVE-2024-40996",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40996"
},
{
"name": "CVE-2024-41000",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41000"
},
{
"name": "CVE-2024-41001",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41001"
},
{
"name": "CVE-2024-41002",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41002"
},
{
"name": "CVE-2024-41004",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41004"
},
{
"name": "CVE-2024-41005",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41005"
},
{
"name": "CVE-2024-41006",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41006"
},
{
"name": "CVE-2023-52812",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52812"
},
{
"name": "CVE-2024-36914",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36914"
},
{
"name": "CVE-2024-39472",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39472"
},
{
"name": "CVE-2024-40972",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40972"
},
{
"name": "CVE-2024-41017",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41017"
},
{
"name": "CVE-2024-41090",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41090"
},
{
"name": "CVE-2024-41091",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41091"
},
{
"name": "CVE-2024-39497",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39497"
},
{
"name": "CVE-2024-41009",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41009"
},
{
"name": "CVE-2024-41012",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41012"
},
{
"name": "CVE-2024-41015",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41015"
},
{
"name": "CVE-2024-41016",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41016"
},
{
"name": "CVE-2024-41040",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41040"
},
{
"name": "CVE-2024-41041",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41041"
},
{
"name": "CVE-2024-41044",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41044"
},
{
"name": "CVE-2024-41048",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41048"
},
{
"name": "CVE-2024-41057",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41057"
},
{
"name": "CVE-2024-41058",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41058"
},
{
"name": "CVE-2024-41059",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41059"
},
{
"name": "CVE-2024-41060",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41060"
},
{
"name": "CVE-2024-41063",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41063"
},
{
"name": "CVE-2024-41064",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41064"
},
{
"name": "CVE-2024-41066",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41066"
},
{
"name": "CVE-2024-41069",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41069"
},
{
"name": "CVE-2024-41070",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41070"
},
{
"name": "CVE-2024-41071",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41071"
},
{
"name": "CVE-2024-41072",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41072"
},
{
"name": "CVE-2024-41076",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41076"
},
{
"name": "CVE-2024-41078",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41078"
},
{
"name": "CVE-2024-41081",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41081"
},
{
"name": "CVE-2024-41087",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41087"
},
{
"name": "CVE-2024-41089",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41089"
},
{
"name": "CVE-2024-41095",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41095"
},
{
"name": "CVE-2024-42070",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42070"
},
{
"name": "CVE-2024-42093",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42093"
},
{
"name": "CVE-2024-42096",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42096"
},
{
"name": "CVE-2024-42105",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42105"
},
{
"name": "CVE-2024-42119",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42119"
},
{
"name": "CVE-2024-42120",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42120"
},
{
"name": "CVE-2024-42124",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42124"
},
{
"name": "CVE-2024-42145",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42145"
},
{
"name": "CVE-2024-42161",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42161"
},
{
"name": "CVE-2024-42223",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42223"
},
{
"name": "CVE-2024-42224",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42224"
},
{
"name": "CVE-2024-42230",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42230"
},
{
"name": "CVE-2024-41007",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41007"
},
{
"name": "CVE-2024-41020",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41020"
},
{
"name": "CVE-2024-41022",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41022"
},
{
"name": "CVE-2024-41034",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41034"
},
{
"name": "CVE-2024-41035",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41035"
},
{
"name": "CVE-2024-41046",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41046"
},
{
"name": "CVE-2024-41049",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41049"
},
{
"name": "CVE-2024-41055",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41055"
},
{
"name": "CVE-2024-41065",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41065"
},
{
"name": "CVE-2024-41068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41068"
},
{
"name": "CVE-2024-41077",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41077"
},
{
"name": "CVE-2024-42101",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42101"
},
{
"name": "CVE-2024-42102",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42102"
},
{
"name": "CVE-2024-42104",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42104"
},
{
"name": "CVE-2024-42106",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42106"
},
{
"name": "CVE-2024-42115",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42115"
},
{
"name": "CVE-2024-42121",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42121"
},
{
"name": "CVE-2024-42127",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42127"
},
{
"name": "CVE-2024-42131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42131"
},
{
"name": "CVE-2024-42137",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42137"
},
{
"name": "CVE-2024-42148",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42148"
},
{
"name": "CVE-2024-42152",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42152"
},
{
"name": "CVE-2024-42153",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42153"
},
{
"name": "CVE-2024-42154",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42154"
},
{
"name": "CVE-2024-42157",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42157"
},
{
"name": "CVE-2024-42229",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42229"
},
{
"name": "CVE-2024-42232",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42232"
},
{
"name": "CVE-2024-42236",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42236"
},
{
"name": "CVE-2024-42244",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42244"
},
{
"name": "CVE-2024-42247",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42247"
},
{
"name": "CVE-2024-42110",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42110"
},
{
"name": "CVE-2024-41073",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41073"
},
{
"name": "CVE-2024-41096",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41096"
},
{
"name": "CVE-2024-42082",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42082"
},
{
"name": "CVE-2023-52887",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52887"
},
{
"name": "CVE-2024-36244",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36244"
},
{
"name": "CVE-2024-38632",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38632"
},
{
"name": "CVE-2024-41027",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41027"
},
{
"name": "CVE-2024-41047",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41047"
},
{
"name": "CVE-2024-41092",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41092"
},
{
"name": "CVE-2024-41093",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41093"
},
{
"name": "CVE-2024-41097",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41097"
},
{
"name": "CVE-2024-42068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42068"
},
{
"name": "CVE-2024-42076",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42076"
},
{
"name": "CVE-2024-42077",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42077"
},
{
"name": "CVE-2024-42080",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42080"
},
{
"name": "CVE-2024-42084",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42084"
},
{
"name": "CVE-2024-42085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42085"
},
{
"name": "CVE-2024-42086",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42086"
},
{
"name": "CVE-2024-42087",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42087"
},
{
"name": "CVE-2024-42089",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42089"
},
{
"name": "CVE-2024-42090",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42090"
},
{
"name": "CVE-2024-42092",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42092"
},
{
"name": "CVE-2024-42094",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42094"
},
{
"name": "CVE-2024-42095",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42095"
},
{
"name": "CVE-2024-42097",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42097"
},
{
"name": "CVE-2024-42098",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42098"
},
{
"name": "CVE-2024-42109",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42109"
},
{
"name": "CVE-2024-42130",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42130"
},
{
"name": "CVE-2024-42140",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42140"
},
{
"name": "CVE-2024-42225",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42225"
},
{
"name": "CVE-2024-42240",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42240"
},
{
"name": "CVE-2024-42270",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42270"
},
{
"name": "CVE-2023-52889",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52889"
},
{
"name": "CVE-2024-41028",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41028"
},
{
"name": "CVE-2024-41036",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41036"
},
{
"name": "CVE-2024-41038",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41038"
},
{
"name": "CVE-2024-41039",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41039"
},
{
"name": "CVE-2024-41042",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41042"
},
{
"name": "CVE-2024-41050",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41050"
},
{
"name": "CVE-2024-41051",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41051"
},
{
"name": "CVE-2024-41056",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41056"
},
{
"name": "CVE-2024-41062",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41062"
},
{
"name": "CVE-2024-41074",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41074"
},
{
"name": "CVE-2024-41075",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41075"
},
{
"name": "CVE-2024-41079",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41079"
},
{
"name": "CVE-2024-41080",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41080"
},
{
"name": "CVE-2024-41088",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41088"
},
{
"name": "CVE-2024-41098",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41098"
},
{
"name": "CVE-2024-42073",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42073"
},
{
"name": "CVE-2024-42114",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42114"
},
{
"name": "CVE-2024-42126",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42126"
},
{
"name": "CVE-2024-42136",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42136"
},
{
"name": "CVE-2024-42138",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42138"
},
{
"name": "CVE-2024-42142",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42142"
},
{
"name": "CVE-2024-42147",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42147"
},
{
"name": "CVE-2024-42159",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42159"
},
{
"name": "CVE-2024-42228",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42228"
},
{
"name": "CVE-2024-42237",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42237"
},
{
"name": "CVE-2024-42238",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42238"
},
{
"name": "CVE-2024-42245",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42245"
},
{
"name": "CVE-2024-42246",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42246"
},
{
"name": "CVE-2024-42250",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42250"
},
{
"name": "CVE-2024-42253",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42253"
},
{
"name": "CVE-2024-42259",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42259"
},
{
"name": "CVE-2024-42268",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42268"
},
{
"name": "CVE-2024-42269",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42269"
},
{
"name": "CVE-2024-42271",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42271"
},
{
"name": "CVE-2024-42274",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42274"
},
{
"name": "CVE-2024-42276",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42276"
},
{
"name": "CVE-2024-42277",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42277"
},
{
"name": "CVE-2024-42280",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42280"
},
{
"name": "CVE-2024-42281",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42281"
},
{
"name": "CVE-2024-42283",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42283"
},
{
"name": "CVE-2024-42284",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42284"
},
{
"name": "CVE-2024-42285",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42285"
},
{
"name": "CVE-2024-42286",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42286"
},
{
"name": "CVE-2024-42287",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42287"
},
{
"name": "CVE-2024-42288",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42288"
},
{
"name": "CVE-2024-42289",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42289"
},
{
"name": "CVE-2024-42290",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42290"
},
{
"name": "CVE-2024-42291",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42291"
},
{
"name": "CVE-2024-42292",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42292"
},
{
"name": "CVE-2024-42295",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42295"
},
{
"name": "CVE-2024-42301",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42301"
},
{
"name": "CVE-2024-42302",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42302"
},
{
"name": "CVE-2024-42309",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42309"
},
{
"name": "CVE-2024-42310",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42310"
},
{
"name": "CVE-2024-42311",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42311"
},
{
"name": "CVE-2024-42312",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42312"
},
{
"name": "CVE-2024-42313",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42313"
},
{
"name": "CVE-2024-42314",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42314"
},
{
"name": "CVE-2024-42316",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42316"
},
{
"name": "CVE-2024-42318",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42318"
},
{
"name": "CVE-2024-42320",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42320"
},
{
"name": "CVE-2024-42322",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42322"
},
{
"name": "CVE-2024-43817",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43817"
},
{
"name": "CVE-2024-43818",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43818"
},
{
"name": "CVE-2024-43823",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43823"
},
{
"name": "CVE-2024-43829",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43829"
},
{
"name": "CVE-2024-43830",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43830"
},
{
"name": "CVE-2024-43833",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43833"
},
{
"name": "CVE-2024-43834",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43834"
},
{
"name": "CVE-2024-43837",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43837"
},
{
"name": "CVE-2024-43839",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43839"
},
{
"name": "CVE-2024-43841",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43841"
},
{
"name": "CVE-2024-43842",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43842"
},
{
"name": "CVE-2024-43846",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43846"
},
{
"name": "CVE-2024-43849",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43849"
},
{
"name": "CVE-2024-43851",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43851"
},
{
"name": "CVE-2024-43853",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43853"
},
{
"name": "CVE-2024-43854",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43854"
},
{
"name": "CVE-2024-43855",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43855"
},
{
"name": "CVE-2024-43856",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43856"
},
{
"name": "CVE-2024-43858",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43858"
},
{
"name": "CVE-2024-43860",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43860"
},
{
"name": "CVE-2024-43861",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43861"
},
{
"name": "CVE-2024-43863",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43863"
},
{
"name": "CVE-2024-43866",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43866"
},
{
"name": "CVE-2024-43867",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43867"
},
{
"name": "CVE-2024-43871",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43871"
},
{
"name": "CVE-2024-43873",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43873"
},
{
"name": "CVE-2024-43875",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43875"
},
{
"name": "CVE-2024-43876",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43876"
},
{
"name": "CVE-2024-43877",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43877"
},
{
"name": "CVE-2024-43879",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43879"
},
{
"name": "CVE-2024-43880",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43880"
},
{
"name": "CVE-2024-43882",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43882"
},
{
"name": "CVE-2024-43883",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43883"
},
{
"name": "CVE-2024-43884",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43884"
},
{
"name": "CVE-2024-43889",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43889"
},
{
"name": "CVE-2024-43892",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43892"
},
{
"name": "CVE-2024-43893",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43893"
},
{
"name": "CVE-2024-43894",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43894"
},
{
"name": "CVE-2024-43895",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43895"
},
{
"name": "CVE-2024-43897",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43897"
},
{
"name": "CVE-2024-43900",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43900"
},
{
"name": "CVE-2024-43902",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43902"
},
{
"name": "CVE-2024-43904",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43904"
},
{
"name": "CVE-2024-43905",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43905"
},
{
"name": "CVE-2024-43907",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43907"
},
{
"name": "CVE-2024-43908",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43908"
},
{
"name": "CVE-2024-43909",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43909"
},
{
"name": "CVE-2024-43911",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43911"
},
{
"name": "CVE-2024-43912",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43912"
},
{
"name": "CVE-2024-44931",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44931"
},
{
"name": "CVE-2024-44938",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44938"
},
{
"name": "CVE-2024-44939",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44939"
},
{
"name": "CVE-2024-44947",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44947"
},
{
"name": "CVE-2024-42160",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42160"
},
{
"name": "CVE-2024-45003",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45003"
},
{
"name": "CVE-2024-43835",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43835"
},
{
"name": "CVE-2024-43859",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43859"
},
{
"name": "CVE-2024-44940",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44940"
},
{
"name": "CVE-2024-44946",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44946"
},
{
"name": "CVE-2024-44974",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44974"
},
{
"name": "CVE-2024-44977",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44977"
},
{
"name": "CVE-2024-44982",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44982"
},
{
"name": "CVE-2024-44983",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44983"
},
{
"name": "CVE-2024-44985",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44985"
},
{
"name": "CVE-2024-44986",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44986"
},
{
"name": "CVE-2024-44987",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44987"
},
{
"name": "CVE-2024-44988",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44988"
},
{
"name": "CVE-2024-44989",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44989"
},
{
"name": "CVE-2024-44990",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44990"
},
{
"name": "CVE-2024-44991",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44991"
},
{
"name": "CVE-2024-44995",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44995"
},
{
"name": "CVE-2024-44998",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44998"
},
{
"name": "CVE-2024-44999",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44999"
},
{
"name": "CVE-2024-45000",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45000"
},
{
"name": "CVE-2024-45002",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45002"
},
{
"name": "CVE-2024-45006",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45006"
},
{
"name": "CVE-2024-45007",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45007"
},
{
"name": "CVE-2024-45008",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45008"
},
{
"name": "CVE-2024-45009",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45009"
},
{
"name": "CVE-2024-45010",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45010"
},
{
"name": "CVE-2024-45011",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45011"
},
{
"name": "CVE-2024-45016",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45016"
},
{
"name": "CVE-2024-45018",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45018"
},
{
"name": "CVE-2024-45019",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45019"
},
{
"name": "CVE-2024-45021",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45021"
},
{
"name": "CVE-2024-45022",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45022"
},
{
"name": "CVE-2024-45025",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45025"
},
{
"name": "CVE-2024-45026",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45026"
},
{
"name": "CVE-2024-45028",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45028"
},
{
"name": "CVE-2024-45029",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45029"
},
{
"name": "CVE-2024-46673",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46673"
},
{
"name": "CVE-2024-46674",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46674"
},
{
"name": "CVE-2024-46675",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46675"
},
{
"name": "CVE-2024-46676",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46676"
},
{
"name": "CVE-2024-46677",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46677"
},
{
"name": "CVE-2024-46679",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46679"
},
{
"name": "CVE-2024-46685",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46685"
},
{
"name": "CVE-2024-46686",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46686"
},
{
"name": "CVE-2024-46689",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46689"
},
{
"name": "CVE-2024-46694",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46694"
},
{
"name": "CVE-2024-46702",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46702"
},
{
"name": "CVE-2024-46707",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46707"
},
{
"name": "CVE-2024-46711",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46711"
},
{
"name": "CVE-2024-46713",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46713"
},
{
"name": "CVE-2024-46714",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46714"
},
{
"name": "CVE-2024-46715",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46715"
},
{
"name": "CVE-2024-46716",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46716"
},
{
"name": "CVE-2024-46717",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46717"
},
{
"name": "CVE-2024-46719",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46719"
},
{
"name": "CVE-2024-46720",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46720"
},
{
"name": "CVE-2024-46721",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46721"
},
{
"name": "CVE-2024-46722",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46722"
},
{
"name": "CVE-2024-46723",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46723"
},
{
"name": "CVE-2024-46724",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46724"
},
{
"name": "CVE-2024-46725",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46725"
},
{
"name": "CVE-2024-46726",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46726"
},
{
"name": "CVE-2024-46731",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46731"
},
{
"name": "CVE-2024-46732",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46732"
},
{
"name": "CVE-2024-46734",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46734"
},
{
"name": "CVE-2024-46735",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46735"
},
{
"name": "CVE-2024-46737",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46737"
},
{
"name": "CVE-2024-46738",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46738"
},
{
"name": "CVE-2024-46739",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46739"
},
{
"name": "CVE-2024-46740",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46740"
},
{
"name": "CVE-2024-46743",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46743"
},
{
"name": "CVE-2024-46744",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46744"
},
{
"name": "CVE-2024-46745",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46745"
},
{
"name": "CVE-2024-46746",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46746"
},
{
"name": "CVE-2024-46747",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46747"
},
{
"name": "CVE-2024-46750",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46750"
},
{
"name": "CVE-2024-46752",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46752"
},
{
"name": "CVE-2024-46755",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46755"
},
{
"name": "CVE-2024-46756",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46756"
},
{
"name": "CVE-2024-46757",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46757"
},
{
"name": "CVE-2024-46758",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46758"
},
{
"name": "CVE-2024-46759",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46759"
},
{
"name": "CVE-2024-46761",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46761"
},
{
"name": "CVE-2024-46763",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46763"
},
{
"name": "CVE-2024-46770",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46770"
},
{
"name": "CVE-2024-46771",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46771"
},
{
"name": "CVE-2024-46773",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46773"
},
{
"name": "CVE-2024-46777",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46777"
},
{
"name": "CVE-2024-46780",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46780"
},
{
"name": "CVE-2024-46781",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46781"
},
{
"name": "CVE-2024-46782",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46782"
},
{
"name": "CVE-2024-46783",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46783"
},
{
"name": "CVE-2024-46784",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46784"
},
{
"name": "CVE-2024-46791",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46791"
},
{
"name": "CVE-2024-46794",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46794"
},
{
"name": "CVE-2024-46795",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46795"
},
{
"name": "CVE-2024-46798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46798"
},
{
"name": "CVE-2024-46800",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46800"
},
{
"name": "CVE-2024-46802",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46802"
},
{
"name": "CVE-2024-46804",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46804"
},
{
"name": "CVE-2024-46805",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46805"
},
{
"name": "CVE-2024-46807",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46807"
},
{
"name": "CVE-2024-46810",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46810"
},
{
"name": "CVE-2024-46812",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46812"
},
{
"name": "CVE-2024-46814",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46814"
},
{
"name": "CVE-2024-46815",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46815"
},
{
"name": "CVE-2024-46817",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46817"
},
{
"name": "CVE-2024-46818",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46818"
},
{
"name": "CVE-2024-46819",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46819"
},
{
"name": "CVE-2024-46821",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46821"
},
{
"name": "CVE-2024-46822",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46822"
},
{
"name": "CVE-2024-46826",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46826"
},
{
"name": "CVE-2024-46828",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46828"
},
{
"name": "CVE-2024-46829",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46829"
},
{
"name": "CVE-2024-46830",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46830"
},
{
"name": "CVE-2024-46832",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46832"
},
{
"name": "CVE-2024-46835",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46835"
},
{
"name": "CVE-2024-46836",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46836"
},
{
"name": "CVE-2024-46840",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46840"
},
{
"name": "CVE-2024-46844",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46844"
},
{
"name": "CVE-2024-46846",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46846"
},
{
"name": "CVE-2024-46848",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46848"
},
{
"name": "CVE-2024-46849",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46849"
},
{
"name": "CVE-2024-46852",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46852"
},
{
"name": "CVE-2024-46853",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46853"
},
{
"name": "CVE-2024-46854",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46854"
},
{
"name": "CVE-2024-46855",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46855"
},
{
"name": "CVE-2024-46857",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46857"
},
{
"name": "CVE-2024-46858",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46858"
},
{
"name": "CVE-2024-46859",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46859"
},
{
"name": "CVE-2024-46865",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46865"
},
{
"name": "CVE-2024-42272",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42272"
},
{
"name": "CVE-2024-42297",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42297"
},
{
"name": "CVE-2024-44968",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44968"
},
{
"name": "CVE-2024-42265",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42265"
},
{
"name": "CVE-2024-42304",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42304"
},
{
"name": "CVE-2024-42305",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42305"
},
{
"name": "CVE-2024-42306",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42306"
},
{
"name": "CVE-2024-43828",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43828"
},
{
"name": "CVE-2024-43832",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43832"
},
{
"name": "CVE-2024-43870",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43870"
},
{
"name": "CVE-2024-43890",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43890"
},
{
"name": "CVE-2024-43914",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43914"
},
{
"name": "CVE-2024-44935",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44935"
},
{
"name": "CVE-2024-44944",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44944"
},
{
"name": "CVE-2024-44948",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44948"
},
{
"name": "CVE-2024-44954",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44954"
},
{
"name": "CVE-2024-44960",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44960"
},
{
"name": "CVE-2024-44965",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44965"
},
{
"name": "CVE-2024-44967",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44967"
},
{
"name": "CVE-2024-44969",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44969"
},
{
"name": "CVE-2024-44970",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44970"
},
{
"name": "CVE-2024-44971",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44971"
},
{
"name": "CVE-2024-46695",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46695"
},
{
"name": "CVE-2024-46710",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46710"
},
{
"name": "CVE-2024-47668",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47668"
},
{
"name": "CVE-2023-52918",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52918"
},
{
"name": "CVE-2024-41019",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41019"
},
{
"name": "CVE-2024-41030",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41030"
},
{
"name": "CVE-2024-42063",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42063"
},
{
"name": "CVE-2024-42103",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42103"
},
{
"name": "CVE-2024-47659",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47659"
},
{
"name": "CVE-2024-47663",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47663"
},
{
"name": "CVE-2024-47667",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47667"
},
{
"name": "CVE-2024-47669",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47669"
},
{
"name": "CVE-2024-42258",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42258"
},
{
"name": "CVE-2023-52917",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52917"
},
{
"name": "CVE-2024-46871",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46871"
},
{
"name": "CVE-2024-42267",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42267"
},
{
"name": "CVE-2024-42296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42296"
},
{
"name": "CVE-2024-42299",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42299"
},
{
"name": "CVE-2024-43869",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43869"
},
{
"name": "CVE-2024-44934",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44934"
},
{
"name": "CVE-2024-44958",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44958"
},
{
"name": "CVE-2024-44966",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44966"
},
{
"name": "CVE-2024-47660",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47660"
},
{
"name": "CVE-2024-47665",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47665"
},
{
"name": "CVE-2024-47670",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47670"
},
{
"name": "CVE-2024-47671",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47671"
},
{
"name": "CVE-2024-47672",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47672"
},
{
"name": "CVE-2024-47673",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47673"
},
{
"name": "CVE-2024-47674",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47674"
},
{
"name": "CVE-2024-47682",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47682"
},
{
"name": "CVE-2024-47684",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47684"
},
{
"name": "CVE-2024-47685",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47685"
},
{
"name": "CVE-2024-47686",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47686"
},
{
"name": "CVE-2024-47692",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47692"
},
{
"name": "CVE-2024-47693",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47693"
},
{
"name": "CVE-2024-47695",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47695"
},
{
"name": "CVE-2024-47696",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47696"
},
{
"name": "CVE-2024-47697",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47697"
},
{
"name": "CVE-2024-47698",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47698"
},
{
"name": "CVE-2024-47699",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47699"
},
{
"name": "CVE-2024-47705",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47705"
},
{
"name": "CVE-2024-47706",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47706"
},
{
"name": "CVE-2024-47707",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47707"
},
{
"name": "CVE-2024-47709",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47709"
},
{
"name": "CVE-2024-47710",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47710"
},
{
"name": "CVE-2024-47712",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47712"
},
{
"name": "CVE-2024-47713",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47713"
},
{
"name": "CVE-2024-47718",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47718"
},
{
"name": "CVE-2024-47720",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47720"
},
{
"name": "CVE-2024-47723",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47723"
},
{
"name": "CVE-2024-47727",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47727"
},
{
"name": "CVE-2024-47728",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47728"
},
{
"name": "CVE-2024-47730",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47730"
},
{
"name": "CVE-2024-47731",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47731"
},
{
"name": "CVE-2024-47735",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47735"
},
{
"name": "CVE-2024-47737",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47737"
},
{
"name": "CVE-2024-47738",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47738"
},
{
"name": "CVE-2024-47739",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47739"
},
{
"name": "CVE-2024-47742",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47742"
},
{
"name": "CVE-2024-47743",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47743"
},
{
"name": "CVE-2024-47747",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47747"
},
{
"name": "CVE-2024-47748",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47748"
},
{
"name": "CVE-2024-47749",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47749"
},
{
"name": "CVE-2024-47750",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47750"
},
{
"name": "CVE-2024-47751",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47751"
},
{
"name": "CVE-2024-47756",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47756"
},
{
"name": "CVE-2024-47757",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47757"
},
{
"name": "CVE-2024-49850",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49850"
},
{
"name": "CVE-2024-49851",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49851"
},
{
"name": "CVE-2024-49852",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49852"
},
{
"name": "CVE-2024-49853",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49853"
},
{
"name": "CVE-2024-49855",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49855"
},
{
"name": "CVE-2024-49858",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49858"
},
{
"name": "CVE-2024-49860",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49860"
},
{
"name": "CVE-2024-49863",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49863"
},
{
"name": "CVE-2024-49866",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49866"
},
{
"name": "CVE-2024-49867",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49867"
},
{
"name": "CVE-2024-49870",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49870"
},
{
"name": "CVE-2024-49871",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49871"
},
{
"name": "CVE-2024-49875",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49875"
},
{
"name": "CVE-2024-49877",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49877"
},
{
"name": "CVE-2024-49878",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49878"
},
{
"name": "CVE-2024-49879",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49879"
},
{
"name": "CVE-2024-49881",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49881"
},
{
"name": "CVE-2024-49882",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49882"
},
{
"name": "CVE-2024-49883",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49883"
},
{
"name": "CVE-2024-49886",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49886"
},
{
"name": "CVE-2024-49890",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49890"
},
{
"name": "CVE-2024-49892",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49892"
},
{
"name": "CVE-2024-49894",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49894"
},
{
"name": "CVE-2024-49895",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49895"
},
{
"name": "CVE-2024-49896",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49896"
},
{
"name": "CVE-2024-49900",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49900"
},
{
"name": "CVE-2024-49902",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49902"
},
{
"name": "CVE-2024-49903",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49903"
},
{
"name": "CVE-2024-49907",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49907"
},
{
"name": "CVE-2024-49912",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49912"
},
{
"name": "CVE-2024-49913",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49913"
},
{
"name": "CVE-2024-49930",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49930"
},
{
"name": "CVE-2024-49933",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49933"
},
{
"name": "CVE-2024-49935",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49935"
},
{
"name": "CVE-2024-49936",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49936"
},
{
"name": "CVE-2024-49937",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49937"
},
{
"name": "CVE-2024-49938",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49938"
},
{
"name": "CVE-2024-49946",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49946"
},
{
"name": "CVE-2024-49949",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49949"
},
{
"name": "CVE-2024-49950",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49950"
},
{
"name": "CVE-2024-49954",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49954"
},
{
"name": "CVE-2024-49955",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49955"
},
{
"name": "CVE-2024-49957",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49957"
},
{
"name": "CVE-2024-49958",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49958"
},
{
"name": "CVE-2024-49959",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49959"
},
{
"name": "CVE-2024-49960",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49960"
},
{
"name": "CVE-2024-49961",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49961"
},
{
"name": "CVE-2024-49962",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49962"
},
{
"name": "CVE-2024-49963",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49963"
},
{
"name": "CVE-2024-49965",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49965"
},
{
"name": "CVE-2024-49966",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49966"
},
{
"name": "CVE-2024-49967",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49967"
},
{
"name": "CVE-2024-49969",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49969"
},
{
"name": "CVE-2024-49973",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49973"
},
{
"name": "CVE-2024-49974",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49974"
},
{
"name": "CVE-2024-49975",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49975"
},
{
"name": "CVE-2024-49981",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49981"
},
{
"name": "CVE-2024-49982",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49982"
},
{
"name": "CVE-2024-49985",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49985"
},
{
"name": "CVE-2024-49986",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49986"
},
{
"name": "CVE-2024-49991",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49991"
},
{
"name": "CVE-2024-49995",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49995"
},
{
"name": "CVE-2024-50000",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50000"
},
{
"name": "CVE-2024-50001",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50001"
},
{
"name": "CVE-2024-50002",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50002"
},
{
"name": "CVE-2024-50006",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50006"
},
{
"name": "CVE-2024-50007",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50007"
},
{
"name": "CVE-2024-50008",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50008"
},
{
"name": "CVE-2024-50013",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50013"
},
{
"name": "CVE-2024-50015",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50015"
},
{
"name": "CVE-2024-50019",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50019"
},
{
"name": "CVE-2024-50022",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50022"
},
{
"name": "CVE-2024-50024",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50024"
},
{
"name": "CVE-2024-50031",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50031"
},
{
"name": "CVE-2024-50033",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50033"
},
{
"name": "CVE-2024-50035",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50035"
},
{
"name": "CVE-2024-50040",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50040"
},
{
"name": "CVE-2024-50041",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50041"
},
{
"name": "CVE-2024-50044",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50044"
},
{
"name": "CVE-2024-50045",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50045"
},
{
"name": "CVE-2024-50046",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50046"
},
{
"name": "CVE-2024-50048",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50048"
},
{
"name": "CVE-2024-50049",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50049"
},
{
"name": "CVE-2024-50058",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50058"
},
{
"name": "CVE-2024-50059",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50059"
},
{
"name": "CVE-2024-50060",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50060"
},
{
"name": "CVE-2024-50062",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50062"
},
{
"name": "CVE-2024-50069",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50069"
},
{
"name": "CVE-2024-50073",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50073"
},
{
"name": "CVE-2024-50074",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50074"
},
{
"name": "CVE-2024-50077",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50077"
},
{
"name": "CVE-2024-50078",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50078"
},
{
"name": "CVE-2024-43868",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43868"
},
{
"name": "CVE-2024-44949",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44949"
},
{
"name": "CVE-2024-50012",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50012"
},
{
"name": "CVE-2024-50036",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50036"
},
{
"name": "CVE-2024-50067",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50067"
},
{
"name": "CVE-2024-50072",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50072"
},
{
"name": "CVE-2024-50126",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50126"
},
{
"name": "CVE-2024-50215",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50215"
},
{
"name": "CVE-2024-50218",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50218"
},
{
"name": "CVE-2024-50229",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50229"
},
{
"name": "CVE-2024-50230",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50230"
},
{
"name": "CVE-2024-50232",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50232"
},
{
"name": "CVE-2024-50233",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50233"
},
{
"name": "CVE-2024-50234",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50234"
},
{
"name": "CVE-2024-50235",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50235"
},
{
"name": "CVE-2024-50236",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50236"
},
{
"name": "CVE-2024-50237",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50237"
},
{
"name": "CVE-2024-50242",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50242"
},
{
"name": "CVE-2024-50243",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50243"
},
{
"name": "CVE-2024-50244",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50244"
},
{
"name": "CVE-2024-50245",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50245"
},
{
"name": "CVE-2024-50247",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50247"
},
{
"name": "CVE-2024-50249",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50249"
},
{
"name": "CVE-2024-50250",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50250"
},
{
"name": "CVE-2024-50251",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50251"
},
{
"name": "CVE-2024-50252",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50252"
},
{
"name": "CVE-2024-50255",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50255"
},
{
"name": "CVE-2024-50256",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50256"
},
{
"name": "CVE-2024-50257",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50257"
},
{
"name": "CVE-2024-50259",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50259"
},
{
"name": "CVE-2024-50261",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50261"
},
{
"name": "CVE-2024-50262",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50262"
},
{
"name": "CVE-2024-50264",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50264"
},
{
"name": "CVE-2024-50265",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50265"
},
{
"name": "CVE-2024-50267",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50267"
},
{
"name": "CVE-2024-50268",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50268"
},
{
"name": "CVE-2024-50269",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50269"
},
{
"name": "CVE-2024-50271",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50271"
},
{
"name": "CVE-2024-50272",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50272"
},
{
"name": "CVE-2024-50273",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50273"
},
{
"name": "CVE-2024-50276",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50276"
},
{
"name": "CVE-2024-50278",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50278"
},
{
"name": "CVE-2024-50279",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50279"
},
{
"name": "CVE-2024-50280",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50280"
},
{
"name": "CVE-2024-50282",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50282"
},
{
"name": "CVE-2024-50283",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50283"
},
{
"name": "CVE-2024-50284",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50284"
},
{
"name": "CVE-2024-50286",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50286"
},
{
"name": "CVE-2024-50287",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50287"
},
{
"name": "CVE-2024-50290",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50290"
},
{
"name": "CVE-2024-50292",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50292"
},
{
"name": "CVE-2024-50295",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50295"
},
{
"name": "CVE-2024-50296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50296"
},
{
"name": "CVE-2024-50299",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50299"
},
{
"name": "CVE-2024-50301",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50301"
},
{
"name": "CVE-2024-50302",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50302"
},
{
"name": "CVE-2024-53042",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53042"
},
{
"name": "CVE-2024-53043",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53043"
},
{
"name": "CVE-2024-53052",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53052"
},
{
"name": "CVE-2024-53055",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53055"
},
{
"name": "CVE-2024-53057",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53057"
},
{
"name": "CVE-2024-53058",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53058"
},
{
"name": "CVE-2024-53059",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53059"
},
{
"name": "CVE-2024-53060",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53060"
},
{
"name": "CVE-2024-53061",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53061"
},
{
"name": "CVE-2024-53063",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53063"
},
{
"name": "CVE-2024-53066",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53066"
},
{
"name": "CVE-2024-53070",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53070"
},
{
"name": "CVE-2024-53072",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53072"
},
{
"name": "CVE-2024-53081",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53081"
},
{
"name": "CVE-2024-53082",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53082"
},
{
"name": "CVE-2024-53088",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53088"
},
{
"name": "CVE-2024-53093",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53093"
},
{
"name": "CVE-2024-50208",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50208"
},
{
"name": "CVE-2024-50082",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50082"
},
{
"name": "CVE-2024-50099",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50099"
},
{
"name": "CVE-2024-50110",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50110"
},
{
"name": "CVE-2024-50142",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50142"
},
{
"name": "CVE-2024-50192",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50192"
},
{
"name": "CVE-2024-42273",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42273"
},
{
"name": "CVE-2024-42307",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42307"
},
{
"name": "CVE-2024-42321",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42321"
},
{
"name": "CVE-2024-47683",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47683"
},
{
"name": "CVE-2024-47679",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47679"
},
{
"name": "CVE-2024-47690",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47690"
},
{
"name": "CVE-2024-47701",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47701"
},
{
"name": "CVE-2024-47734",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47734"
},
{
"name": "CVE-2024-47740",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47740"
},
{
"name": "CVE-2024-49856",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49856"
},
{
"name": "CVE-2024-49868",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49868"
},
{
"name": "CVE-2024-49884",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49884"
},
{
"name": "CVE-2024-49889",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49889"
},
{
"name": "CVE-2024-49905",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49905"
},
{
"name": "CVE-2024-49924",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49924"
},
{
"name": "CVE-2024-49927",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49927"
},
{
"name": "CVE-2024-49944",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49944"
},
{
"name": "CVE-2024-49948",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49948"
},
{
"name": "CVE-2024-49952",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49952"
},
{
"name": "CVE-2024-49977",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49977"
},
{
"name": "CVE-2024-49983",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49983"
},
{
"name": "CVE-2024-49997",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49997"
},
{
"name": "CVE-2024-50003",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50003"
},
{
"name": "CVE-2024-50038",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50038"
},
{
"name": "CVE-2024-50039",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50039"
},
{
"name": "CVE-2024-50093",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50093"
},
{
"name": "CVE-2024-50095",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50095"
},
{
"name": "CVE-2024-50096",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50096"
},
{
"name": "CVE-2024-50179",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50179"
},
{
"name": "CVE-2024-50180",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50180"
},
{
"name": "CVE-2024-50181",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50181"
},
{
"name": "CVE-2024-50184",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50184"
},
{
"name": "CVE-2024-50186",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50186"
},
{
"name": "CVE-2024-50188",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50188"
},
{
"name": "CVE-2024-50189",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50189"
},
{
"name": "CVE-2024-50191",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50191"
},
{
"name": "CVE-2024-50026",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50026"
},
{
"name": "CVE-2024-50087",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50087"
},
{
"name": "CVE-2024-50088",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50088"
},
{
"name": "CVE-2024-50098",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50098"
},
{
"name": "CVE-2024-50101",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50101"
},
{
"name": "CVE-2024-50103",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50103"
},
{
"name": "CVE-2024-50108",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50108"
},
{
"name": "CVE-2024-50115",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50115"
},
{
"name": "CVE-2024-50116",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50116"
},
{
"name": "CVE-2024-50117",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50117"
},
{
"name": "CVE-2024-50124",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50124"
},
{
"name": "CVE-2024-50125",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50125"
},
{
"name": "CVE-2024-50127",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50127"
},
{
"name": "CVE-2024-50128",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50128"
},
{
"name": "CVE-2024-50131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50131"
},
{
"name": "CVE-2024-50134",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50134"
},
{
"name": "CVE-2024-50136",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50136"
},
{
"name": "CVE-2024-50138",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50138"
},
{
"name": "CVE-2024-50141",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50141"
},
{
"name": "CVE-2024-50145",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50145"
},
{
"name": "CVE-2024-50147",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50147"
},
{
"name": "CVE-2024-50148",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50148"
},
{
"name": "CVE-2024-50150",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50150"
},
{
"name": "CVE-2024-50153",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50153"
},
{
"name": "CVE-2024-50154",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50154"
},
{
"name": "CVE-2024-50155",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50155"
},
{
"name": "CVE-2024-50156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50156"
},
{
"name": "CVE-2024-50160",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50160"
},
{
"name": "CVE-2024-50167",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50167"
},
{
"name": "CVE-2024-50171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50171"
},
{
"name": "CVE-2024-50176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50176"
},
{
"name": "CVE-2024-50182",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50182"
},
{
"name": "CVE-2024-50183",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50183"
},
{
"name": "CVE-2024-50187",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50187"
},
{
"name": "CVE-2024-50194",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50194"
},
{
"name": "CVE-2024-50195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50195"
},
{
"name": "CVE-2024-50196",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50196"
},
{
"name": "CVE-2024-50198",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50198"
},
{
"name": "CVE-2024-50200",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50200"
},
{
"name": "CVE-2024-50201",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50201"
},
{
"name": "CVE-2024-50205",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50205"
},
{
"name": "CVE-2024-50209",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50209"
},
{
"name": "CVE-2024-50210",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50210"
},
{
"name": "CVE-2024-53096",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53096"
},
{
"name": "CVE-2024-53100",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53100"
},
{
"name": "CVE-2024-53101",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53101"
},
{
"name": "CVE-2024-53104",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53104"
},
{
"name": "CVE-2024-53106",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53106"
},
{
"name": "CVE-2024-53110",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53110"
},
{
"name": "CVE-2024-53112",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53112"
},
{
"name": "CVE-2024-53121",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53121"
},
{
"name": "CVE-2024-53138",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53138"
},
{
"name": "CVE-2023-45896",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45896"
},
{
"name": "CVE-2024-47678",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47678"
},
{
"name": "CVE-2024-49854",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49854"
},
{
"name": "CVE-2024-49859",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49859"
},
{
"name": "CVE-2024-49978",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49978"
},
{
"name": "CVE-2024-49992",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49992"
},
{
"name": "CVE-2024-50010",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50010"
},
{
"name": "CVE-2024-50083",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50083"
},
{
"name": "CVE-2024-50085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50085"
},
{
"name": "CVE-2024-50086",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50086"
},
{
"name": "CVE-2024-50133",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50133"
},
{
"name": "CVE-2024-50143",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50143"
},
{
"name": "CVE-2024-50151",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50151"
},
{
"name": "CVE-2024-50162",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50162"
},
{
"name": "CVE-2024-50163",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50163"
},
{
"name": "CVE-2024-50168",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50168"
},
{
"name": "CVE-2024-50185",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50185"
},
{
"name": "CVE-2024-50193",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50193"
},
{
"name": "CVE-2024-50199",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50199"
},
{
"name": "CVE-2024-50202",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50202"
},
{
"name": "CVE-2024-53097",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53097"
},
{
"name": "CVE-2024-53103",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53103"
},
{
"name": "CVE-2024-53113",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53113"
},
{
"name": "CVE-2024-53119",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53119"
},
{
"name": "CVE-2024-53120",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53120"
},
{
"name": "CVE-2024-53122",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53122"
},
{
"name": "CVE-2024-53123",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53123"
},
{
"name": "CVE-2024-53127",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53127"
},
{
"name": "CVE-2024-53129",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53129"
},
{
"name": "CVE-2024-53130",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53130"
},
{
"name": "CVE-2024-53131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53131"
},
{
"name": "CVE-2024-53135",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53135"
},
{
"name": "CVE-2024-53136",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53136"
},
{
"name": "CVE-2024-53140",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53140"
},
{
"name": "CVE-2024-53144",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53144"
},
{
"name": "CVE-2024-8805",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8805"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0002",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-01-03T00:00:00.000000"
},
{
"description": "Changement r\u00e9f\u00e9rence ",
"revision_date": "2025-01-06T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de Debian LTS. Elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un d\u00e9ni de service.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de Debian LTS",
"vendor_advisories": [
{
"published_at": "2025-01-05",
"title": "Bulletin de s\u00e9curit\u00e9 Debian LTS DLA-4008-1",
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
]
}
CERTFR-2025-AVI-0151
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SUSE | N/A | SUSE Linux Enterprise Micro for Rancher 5.3 | ||
| SUSE | N/A | SUSE Linux Enterprise High Performance Computing 15 SP5 | ||
| SUSE | N/A | SUSE Manager Proxy 4.2 | ||
| SUSE | N/A | SUSE Linux Enterprise Micro 5.3 | ||
| SUSE | N/A | SUSE Manager Proxy 4.3 | ||
| SUSE | N/A | SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 | ||
| SUSE | N/A | SUSE Linux Enterprise Micro for Rancher 5.2 | ||
| SUSE | N/A | SUSE Real Time Module 15-SP6 | ||
| SUSE | N/A | SUSE Linux Enterprise High Performance Computing 12 SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Server 12 SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise High Availability Extension 15 SP4 | ||
| SUSE | N/A | SUSE Linux Enterprise Micro for Rancher 5.4 | ||
| SUSE | N/A | SUSE Linux Enterprise Live Patching 15-SP4 | ||
| SUSE | N/A | SUSE Manager Retail Branch Server 4.3 | ||
| SUSE | N/A | SUSE Linux Enterprise Server 12 SP5 LTSS | ||
| SUSE | N/A | SUSE Linux Enterprise High Availability Extension 15 SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Live Patching 15-SP3 | ||
| SUSE | N/A | openSUSE Leap 15.4 | ||
| SUSE | N/A | SUSE Linux Enterprise Server 11 SP4 | ||
| SUSE | N/A | SUSE Linux Enterprise Server for SAP Applications 15 SP4 | ||
| SUSE | N/A | openSUSE Leap 15.5 | ||
| SUSE | N/A | SUSE Manager Server 4.3 | ||
| SUSE | N/A | SUSE Linux Enterprise High Availability Extension 12 SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise High Performance Computing 15 SP4 | ||
| SUSE | N/A | SUSE Linux Enterprise High Availability Extension 15 SP3 | ||
| SUSE | N/A | SUSE Linux Enterprise Live Patching 15-SP6 | ||
| SUSE | N/A | SUSE Linux Enterprise Server 15 SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Server 15 SP3 Business Critical Linux | ||
| SUSE | N/A | SUSE Linux Enterprise Server for SAP Applications 15 SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Real Time 15 SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Live Patching 12-SP5 | ||
| SUSE | N/A | SUSE Manager Retail Branch Server 4.2 | ||
| SUSE | N/A | Confidential Computing Module 15-SP6 | ||
| SUSE | N/A | SUSE Linux Enterprise Live Patching 15-SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Server 15 SP3 | ||
| SUSE | N/A | SUSE Linux Enterprise Server 15 SP4 LTSS | ||
| SUSE | N/A | SUSE Linux Enterprise Micro 5.2 | ||
| SUSE | N/A | SUSE Linux Enterprise Real Time 15 SP6 | ||
| SUSE | N/A | openSUSE Leap 15.6 | ||
| SUSE | N/A | SUSE Enterprise Storage 7.1 | ||
| SUSE | N/A | SUSE Linux Enterprise Server 15 SP4 | ||
| SUSE | N/A | SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 | ||
| SUSE | N/A | SUSE Linux Enterprise Server 15 SP5 LTSS | ||
| SUSE | N/A | SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 | ||
| SUSE | N/A | SUSE Linux Enterprise Real Time 15 SP4 | ||
| SUSE | N/A | SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 | ||
| SUSE | N/A | SUSE Manager Server 4.2 | ||
| SUSE | N/A | SUSE Linux Enterprise High Performance Computing 15 SP3 | ||
| SUSE | N/A | SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE | ||
| SUSE | N/A | SUSE Linux Enterprise Server for SAP Applications 15 SP3 | ||
| SUSE | N/A | SUSE Linux Enterprise Server for SAP Applications 12 SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Server 15 SP3 LTSS | ||
| SUSE | N/A | SUSE Linux Enterprise Micro 5.1 | ||
| SUSE | N/A | SUSE Linux Enterprise Micro 5.4 | ||
| SUSE | N/A | openSUSE Leap 15.3 | ||
| SUSE | N/A | SUSE Linux Enterprise Server for SAP Applications 15 SP6 | ||
| SUSE | N/A | SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security | ||
| SUSE | N/A | SUSE Linux Enterprise Server 15 SP6 | ||
| SUSE | N/A | SUSE Linux Enterprise Micro 5.5 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SUSE Linux Enterprise Micro for Rancher 5.3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 15 SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Proxy 4.2",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro 5.3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Proxy 4.3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing LTSS 15 SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro for Rancher 5.2",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Real Time Module 15-SP6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 12 SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 12 SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Availability Extension 15 SP4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro for Rancher 5.4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 15-SP4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Retail Branch Server 4.3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 12 SP5 LTSS",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Availability Extension 15 SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 15-SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "openSUSE Leap 15.4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 11 SP4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "openSUSE Leap 15.5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Server 4.3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Availability Extension 12 SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 15 SP4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Availability Extension 15 SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 15-SP6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15 SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15 SP3 Business Critical Linux",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Real Time 15 SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 12-SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Retail Branch Server 4.2",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "Confidential Computing Module 15-SP6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 15-SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing LTSS 15 SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15 SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15 SP4 LTSS",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro 5.2",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Real Time 15 SP6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "openSUSE Leap 15.6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Enterprise Storage 7.1",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15 SP4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15 SP5 LTSS",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing LTSS 15 SP4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Real Time 15 SP4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Server 4.2",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 15 SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15 SP3 LTSS",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro 5.1",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro 5.4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "openSUSE Leap 15.3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15 SP6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro 5.5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2023-4244",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4244"
},
{
"name": "CVE-2024-26644",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26644"
},
{
"name": "CVE-2024-26758",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26758"
},
{
"name": "CVE-2024-26943",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26943"
},
{
"name": "CVE-2024-35863",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35863"
},
{
"name": "CVE-2024-36898",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36898"
},
{
"name": "CVE-2024-38599",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38599"
},
{
"name": "CVE-2024-40980",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40980"
},
{
"name": "CVE-2024-41047",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41047"
},
{
"name": "CVE-2024-45019",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45019"
},
{
"name": "CVE-2024-46858",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46858"
},
{
"name": "CVE-2024-50251",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50251"
},
{
"name": "CVE-2024-50299",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50299"
},
{
"name": "CVE-2024-50142",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50142"
},
{
"name": "CVE-2024-43913",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43913"
},
{
"name": "CVE-2024-49948",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49948"
},
{
"name": "CVE-2024-50136",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50136"
},
{
"name": "CVE-2024-50195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50195"
},
{
"name": "CVE-2024-50210",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50210"
},
{
"name": "CVE-2024-50275",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50275"
},
{
"name": "CVE-2024-53095",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53095"
},
{
"name": "CVE-2024-53104",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53104"
},
{
"name": "CVE-2024-53112",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53112"
},
{
"name": "CVE-2024-53121",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53121"
},
{
"name": "CVE-2024-53138",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53138"
},
{
"name": "CVE-2024-49978",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49978"
},
{
"name": "CVE-2024-50151",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50151"
},
{
"name": "CVE-2024-50199",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50199"
},
{
"name": "CVE-2024-53103",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53103"
},
{
"name": "CVE-2024-53123",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53123"
},
{
"name": "CVE-2024-53127",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53127"
},
{
"name": "CVE-2024-53129",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53129"
},
{
"name": "CVE-2024-53144",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53144"
},
{
"name": "CVE-2024-8805",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8805"
},
{
"name": "CVE-2024-53141",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53141"
},
{
"name": "CVE-2024-53148",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53148"
},
{
"name": "CVE-2024-53151",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53151"
},
{
"name": "CVE-2024-53155",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53155"
},
{
"name": "CVE-2024-53166",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53166"
},
{
"name": "CVE-2024-53169",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53169"
},
{
"name": "CVE-2024-53171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53171"
},
{
"name": "CVE-2024-53173",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53173"
},
{
"name": "CVE-2024-53174",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53174"
},
{
"name": "CVE-2024-53208",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53208"
},
{
"name": "CVE-2024-53209",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53209"
},
{
"name": "CVE-2024-53215",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53215"
},
{
"name": "CVE-2024-53217",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53217"
},
{
"name": "CVE-2024-53224",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53224"
},
{
"name": "CVE-2024-53229",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53229"
},
{
"name": "CVE-2024-56539",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56539"
},
{
"name": "CVE-2024-56562",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56562"
},
{
"name": "CVE-2024-56567",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56567"
},
{
"name": "CVE-2024-56605",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56605"
},
{
"name": "CVE-2024-56645",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56645"
},
{
"name": "CVE-2024-56754",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56754"
},
{
"name": "CVE-2024-56756",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56756"
},
{
"name": "CVE-2024-53239",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53239"
},
{
"name": "CVE-2024-56548",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56548"
},
{
"name": "CVE-2024-56570",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56570"
},
{
"name": "CVE-2024-56571",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56571"
},
{
"name": "CVE-2024-56575",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56575"
},
{
"name": "CVE-2024-56598",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56598"
},
{
"name": "CVE-2024-56619",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56619"
},
{
"name": "CVE-2024-56631",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56631"
},
{
"name": "CVE-2024-56704",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56704"
},
{
"name": "CVE-2023-52923",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52923"
},
{
"name": "CVE-2024-36476",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36476"
},
{
"name": "CVE-2024-39282",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39282"
},
{
"name": "CVE-2024-45828",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45828"
},
{
"name": "CVE-2024-46896",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46896"
},
{
"name": "CVE-2024-47141",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47141"
},
{
"name": "CVE-2024-47143",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47143"
},
{
"name": "CVE-2024-47809",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47809"
},
{
"name": "CVE-2024-48873",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48873"
},
{
"name": "CVE-2024-48881",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48881"
},
{
"name": "CVE-2024-49569",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49569"
},
{
"name": "CVE-2024-49951",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49951"
},
{
"name": "CVE-2024-49998",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49998"
},
{
"name": "CVE-2024-50051",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50051"
},
{
"name": "CVE-2024-50106",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50106"
},
{
"name": "CVE-2024-52332",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52332"
},
{
"name": "CVE-2024-53091",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53091"
},
{
"name": "CVE-2024-53168",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53168"
},
{
"name": "CVE-2024-53170",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53170"
},
{
"name": "CVE-2024-53172",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53172"
},
{
"name": "CVE-2024-53175",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53175"
},
{
"name": "CVE-2024-53185",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53185"
},
{
"name": "CVE-2024-53194",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53194"
},
{
"name": "CVE-2024-53195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53195"
},
{
"name": "CVE-2024-53196",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53196"
},
{
"name": "CVE-2024-53197",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53197"
},
{
"name": "CVE-2024-53198",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53198"
},
{
"name": "CVE-2024-53227",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53227"
},
{
"name": "CVE-2024-53230",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53230"
},
{
"name": "CVE-2024-53231",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53231"
},
{
"name": "CVE-2024-53232",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53232"
},
{
"name": "CVE-2024-53233",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53233"
},
{
"name": "CVE-2024-53236",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53236"
},
{
"name": "CVE-2024-53685",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53685"
},
{
"name": "CVE-2024-53690",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53690"
},
{
"name": "CVE-2024-54680",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54680"
},
{
"name": "CVE-2024-55639",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55639"
},
{
"name": "CVE-2024-55881",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55881"
},
{
"name": "CVE-2024-55916",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55916"
},
{
"name": "CVE-2024-56369",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56369"
},
{
"name": "CVE-2024-56372",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56372"
},
{
"name": "CVE-2024-56531",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56531"
},
{
"name": "CVE-2024-56532",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56532"
},
{
"name": "CVE-2024-56533",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56533"
},
{
"name": "CVE-2024-56538",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56538"
},
{
"name": "CVE-2024-56543",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56543"
},
{
"name": "CVE-2024-56546",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56546"
},
{
"name": "CVE-2024-56557",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56557"
},
{
"name": "CVE-2024-56558",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56558"
},
{
"name": "CVE-2024-56568",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56568"
},
{
"name": "CVE-2024-56569",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56569"
},
{
"name": "CVE-2024-56572",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56572"
},
{
"name": "CVE-2024-56573",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56573"
},
{
"name": "CVE-2024-56574",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56574"
},
{
"name": "CVE-2024-53164",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53164"
},
{
"name": "CVE-2024-56577",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56577"
},
{
"name": "CVE-2024-56578",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56578"
},
{
"name": "CVE-2024-56584",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56584"
},
{
"name": "CVE-2024-56587",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56587"
},
{
"name": "CVE-2024-56588",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56588"
},
{
"name": "CVE-2024-56589",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56589"
},
{
"name": "CVE-2024-56590",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56590"
},
{
"name": "CVE-2024-56593",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56593"
},
{
"name": "CVE-2024-56594",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56594"
},
{
"name": "CVE-2024-56595",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56595"
},
{
"name": "CVE-2024-56596",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56596"
},
{
"name": "CVE-2024-56597",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56597"
},
{
"name": "CVE-2024-5660",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5660"
},
{
"name": "CVE-2024-56602",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56602"
},
{
"name": "CVE-2024-56603",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56603"
},
{
"name": "CVE-2024-56606",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56606"
},
{
"name": "CVE-2024-56607",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56607"
},
{
"name": "CVE-2024-56609",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56609"
},
{
"name": "CVE-2024-56611",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56611"
},
{
"name": "CVE-2024-56614",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56614"
},
{
"name": "CVE-2024-56615",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56615"
},
{
"name": "CVE-2024-56616",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56616"
},
{
"name": "CVE-2024-56617",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56617"
},
{
"name": "CVE-2024-56620",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56620"
},
{
"name": "CVE-2024-56622",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56622"
},
{
"name": "CVE-2024-56623",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56623"
},
{
"name": "CVE-2024-56625",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56625"
},
{
"name": "CVE-2024-56629",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56629"
},
{
"name": "CVE-2024-56630",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56630"
},
{
"name": "CVE-2024-56632",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56632"
},
{
"name": "CVE-2024-56634",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56634"
},
{
"name": "CVE-2024-56635",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56635"
},
{
"name": "CVE-2024-56636",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56636"
},
{
"name": "CVE-2024-56637",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56637"
},
{
"name": "CVE-2024-56641",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56641"
},
{
"name": "CVE-2024-56642",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56642"
},
{
"name": "CVE-2024-56643",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56643"
},
{
"name": "CVE-2024-56644",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56644"
},
{
"name": "CVE-2024-56648",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56648"
},
{
"name": "CVE-2024-56649",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56649"
},
{
"name": "CVE-2024-56651",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56651"
},
{
"name": "CVE-2024-56654",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56654"
},
{
"name": "CVE-2024-56656",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56656"
},
{
"name": "CVE-2024-56659",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56659"
},
{
"name": "CVE-2024-56660",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56660"
},
{
"name": "CVE-2024-56661",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56661"
},
{
"name": "CVE-2024-56662",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56662"
},
{
"name": "CVE-2024-56663",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56663"
},
{
"name": "CVE-2024-56664",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56664"
},
{
"name": "CVE-2024-56670",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56670"
},
{
"name": "CVE-2024-56672",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56672"
},
{
"name": "CVE-2024-56675",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56675"
},
{
"name": "CVE-2024-56677",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56677"
},
{
"name": "CVE-2024-56678",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56678"
},
{
"name": "CVE-2024-56681",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56681"
},
{
"name": "CVE-2024-56683",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56683"
},
{
"name": "CVE-2024-56687",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56687"
},
{
"name": "CVE-2024-56688",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56688"
},
{
"name": "CVE-2024-56690",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56690"
},
{
"name": "CVE-2024-56691",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56691"
},
{
"name": "CVE-2024-56694",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56694"
},
{
"name": "CVE-2024-56698",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56698"
},
{
"name": "CVE-2024-56700",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56700"
},
{
"name": "CVE-2024-56701",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56701"
},
{
"name": "CVE-2024-56705",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56705"
},
{
"name": "CVE-2024-56708",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56708"
},
{
"name": "CVE-2024-56709",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56709"
},
{
"name": "CVE-2024-56712",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56712"
},
{
"name": "CVE-2024-56716",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56716"
},
{
"name": "CVE-2024-56722",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56722"
},
{
"name": "CVE-2024-56723",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56723"
},
{
"name": "CVE-2024-56724",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56724"
},
{
"name": "CVE-2024-56729",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56729"
},
{
"name": "CVE-2024-56739",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56739"
},
{
"name": "CVE-2024-56741",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56741"
},
{
"name": "CVE-2024-56745",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56745"
},
{
"name": "CVE-2024-56746",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56746"
},
{
"name": "CVE-2024-56747",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56747"
},
{
"name": "CVE-2024-56748",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56748"
},
{
"name": "CVE-2024-56759",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56759"
},
{
"name": "CVE-2024-56760",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56760"
},
{
"name": "CVE-2024-56765",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56765"
},
{
"name": "CVE-2024-56766",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56766"
},
{
"name": "CVE-2024-56767",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56767"
},
{
"name": "CVE-2024-56769",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56769"
},
{
"name": "CVE-2024-56774",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56774"
},
{
"name": "CVE-2024-56775",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56775"
},
{
"name": "CVE-2024-56776",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56776"
},
{
"name": "CVE-2024-56777",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56777"
},
{
"name": "CVE-2024-56778",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56778"
},
{
"name": "CVE-2024-56779",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56779"
},
{
"name": "CVE-2024-56780",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56780"
},
{
"name": "CVE-2024-56787",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56787"
},
{
"name": "CVE-2024-57791",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57791"
},
{
"name": "CVE-2024-57792",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57792"
},
{
"name": "CVE-2024-57793",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57793"
},
{
"name": "CVE-2024-57795",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57795"
},
{
"name": "CVE-2024-57798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57798"
},
{
"name": "CVE-2024-57801",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57801"
},
{
"name": "CVE-2024-57804",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57804"
},
{
"name": "CVE-2024-57809",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57809"
},
{
"name": "CVE-2024-57838",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57838"
},
{
"name": "CVE-2024-57849",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57849"
},
{
"name": "CVE-2024-57850",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57850"
},
{
"name": "CVE-2024-57857",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57857"
},
{
"name": "CVE-2024-57874",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57874"
},
{
"name": "CVE-2024-57876",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57876"
},
{
"name": "CVE-2024-57887",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57887"
},
{
"name": "CVE-2024-57888",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57888"
},
{
"name": "CVE-2024-57890",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57890"
},
{
"name": "CVE-2024-57892",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57892"
},
{
"name": "CVE-2024-57893",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57893"
},
{
"name": "CVE-2024-57896",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57896"
},
{
"name": "CVE-2024-57897",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57897"
},
{
"name": "CVE-2024-57899",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57899"
},
{
"name": "CVE-2024-57903",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57903"
},
{
"name": "CVE-2024-57904",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57904"
},
{
"name": "CVE-2024-57906",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57906"
},
{
"name": "CVE-2024-57907",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57907"
},
{
"name": "CVE-2024-57908",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57908"
},
{
"name": "CVE-2024-57910",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57910"
},
{
"name": "CVE-2024-57911",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57911"
},
{
"name": "CVE-2024-57912",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57912"
},
{
"name": "CVE-2024-57913",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57913"
},
{
"name": "CVE-2024-57915",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57915"
},
{
"name": "CVE-2024-57916",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57916"
},
{
"name": "CVE-2024-57922",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57922"
},
{
"name": "CVE-2024-57926",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57926"
},
{
"name": "CVE-2024-57929",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57929"
},
{
"name": "CVE-2024-57932",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57932"
},
{
"name": "CVE-2024-57933",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57933"
},
{
"name": "CVE-2024-57935",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57935"
},
{
"name": "CVE-2024-57936",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57936"
},
{
"name": "CVE-2024-57940",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57940"
},
{
"name": "CVE-2025-21632",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21632"
},
{
"name": "CVE-2025-21645",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21645"
},
{
"name": "CVE-2025-21646",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21646"
},
{
"name": "CVE-2025-21649",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21649"
},
{
"name": "CVE-2025-21650",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21650"
},
{
"name": "CVE-2025-21651",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21651"
},
{
"name": "CVE-2025-21656",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21656"
},
{
"name": "CVE-2025-21662",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21662"
},
{
"name": "CVE-2024-50258",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50258"
},
{
"name": "CVE-2024-50304",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50304"
},
{
"name": "CVE-2024-53187",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53187"
},
{
"name": "CVE-2024-53203",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53203"
},
{
"name": "CVE-2024-56592",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56592"
},
{
"name": "CVE-2024-56600",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56600"
},
{
"name": "CVE-2024-56601",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56601"
},
{
"name": "CVE-2024-56608",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56608"
},
{
"name": "CVE-2024-56610",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56610"
},
{
"name": "CVE-2024-56650",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56650"
},
{
"name": "CVE-2024-56658",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56658"
},
{
"name": "CVE-2024-56665",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56665"
},
{
"name": "CVE-2024-56679",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56679"
},
{
"name": "CVE-2024-56693",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56693"
},
{
"name": "CVE-2024-56707",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56707"
},
{
"name": "CVE-2024-56715",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56715"
},
{
"name": "CVE-2024-56725",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56725"
},
{
"name": "CVE-2024-56726",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56726"
},
{
"name": "CVE-2024-56727",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56727"
},
{
"name": "CVE-2024-56728",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56728"
},
{
"name": "CVE-2024-56763",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56763"
},
{
"name": "CVE-2024-57802",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57802"
},
{
"name": "CVE-2024-57882",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57882"
},
{
"name": "CVE-2024-57884",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57884"
},
{
"name": "CVE-2024-57917",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57917"
},
{
"name": "CVE-2024-57931",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57931"
},
{
"name": "CVE-2024-57938",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57938"
},
{
"name": "CVE-2024-57946",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57946"
},
{
"name": "CVE-2025-21652",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21652"
},
{
"name": "CVE-2025-21653",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21653"
},
{
"name": "CVE-2025-21655",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21655"
},
{
"name": "CVE-2025-21663",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21663"
},
{
"name": "CVE-2025-21664",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21664"
},
{
"name": "CVE-2025-21666",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21666"
},
{
"name": "CVE-2025-21669",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21669"
},
{
"name": "CVE-2025-21670",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21670"
},
{
"name": "CVE-2025-21674",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21674"
},
{
"name": "CVE-2025-21675",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21675"
},
{
"name": "CVE-2025-21676",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21676"
},
{
"name": "CVE-2025-21678",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21678"
},
{
"name": "CVE-2025-21682",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21682"
},
{
"name": "CVE-2025-21665",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21665"
},
{
"name": "CVE-2025-21667",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21667"
},
{
"name": "CVE-2025-21668",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21668"
},
{
"name": "CVE-2025-21681",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21681"
},
{
"name": "CVE-2021-47222",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47222"
},
{
"name": "CVE-2021-47223",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47223"
},
{
"name": "CVE-2024-53177",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53177"
},
{
"name": "CVE-2024-56633",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56633"
},
{
"name": "CVE-2025-21673",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21673"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0151",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-02-21T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de SUSE. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de SUSE",
"vendor_advisories": [
{
"published_at": "2025-02-14",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2025:0555-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250555-1"
},
{
"published_at": "2025-02-17",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2025:0564-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250564-1"
},
{
"published_at": "2025-02-14",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2025:0556-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250556-1"
},
{
"published_at": "2025-02-18",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2025:0577-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250577-1"
},
{
"published_at": "2025-02-14",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2025:0557-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250557-1"
},
{
"published_at": "2025-02-18",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2025:0576-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250576-1"
},
{
"published_at": "2025-02-20",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2025:0603-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250603-1"
},
{
"published_at": "2025-02-17",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2025:0565-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250565-1"
},
{
"published_at": "2025-02-20",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2025:0517-2",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250517-2"
}
]
}
CERTFR-2025-AVI-0212
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SUSE | N/A | SUSE Manager Proxy 4.3 | ||
| SUSE | N/A | SUSE Linux Enterprise High Availability Extension 15 SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Live Patching 15-SP5 | ||
| SUSE | N/A | Public Cloud Module 15-SP6 | ||
| SUSE | N/A | Development Tools Module 15-SP6 | ||
| SUSE | N/A | SUSE Linux Enterprise Server 15 SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 | ||
| SUSE | N/A | SUSE Manager Server 4.3 | ||
| SUSE | N/A | SUSE Linux Enterprise High Performance Computing 15 SP4 | ||
| SUSE | N/A | SUSE Linux Enterprise Server 12 SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Live Patching 15-SP6 | ||
| SUSE | N/A | SUSE Linux Enterprise Live Patching 15-SP3 | ||
| SUSE | N/A | SUSE Linux Enterprise Micro 5.2 | ||
| SUSE | N/A | SUSE Enterprise Storage 7.1 | ||
| SUSE | N/A | SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 | ||
| SUSE | N/A | SUSE Linux Enterprise High Availability Extension 15 SP4 | ||
| SUSE | N/A | SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Real Time 15 SP6 | ||
| SUSE | N/A | SUSE Linux Enterprise Server for SAP Applications 15 SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security | ||
| SUSE | N/A | Basesystem Module 15-SP6 | ||
| SUSE | N/A | SUSE Linux Enterprise Micro 5.1 | ||
| SUSE | N/A | SUSE Linux Enterprise High Availability Extension 12 SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Server 15 SP4 | ||
| SUSE | N/A | SUSE Linux Enterprise High Performance Computing 12 SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Real Time 15 SP5 | ||
| SUSE | N/A | SUSE Manager Server 4.2 | ||
| SUSE | N/A | SUSE Linux Enterprise Server for SAP Applications 15 SP3 | ||
| SUSE | N/A | openSUSE Leap 15.3 | ||
| SUSE | N/A | SUSE Linux Enterprise Micro for Rancher 5.3 | ||
| SUSE | N/A | SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 | ||
| SUSE | N/A | SUSE Linux Enterprise Real Time 15 SP4 | ||
| SUSE | N/A | SUSE Linux Enterprise Live Patching 12-SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise High Availability Extension 15 SP6 | ||
| SUSE | N/A | SUSE Linux Enterprise Server 15 SP3 | ||
| SUSE | N/A | SUSE Linux Enterprise Server 15 SP3 Business Critical Linux | ||
| SUSE | N/A | SUSE Linux Enterprise High Performance Computing 15 SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Server 12 SP5 LTSS | ||
| SUSE | N/A | SUSE Manager Proxy 4.2 | ||
| SUSE | N/A | SUSE Linux Enterprise Workstation Extension 15 SP6 | ||
| SUSE | N/A | SUSE Manager Retail Branch Server 4.2 | ||
| SUSE | N/A | SUSE Linux Enterprise Live Patching 15-SP4 | ||
| SUSE | N/A | SUSE Linux Enterprise Server 15 SP6 | ||
| SUSE | N/A | SUSE Linux Enterprise High Performance Computing 15 SP3 | ||
| SUSE | N/A | SUSE Linux Enterprise Desktop 15 SP6 | ||
| SUSE | N/A | SUSE Linux Enterprise Server for SAP Applications 15 SP6 | ||
| SUSE | N/A | SUSE Manager Retail Branch Server 4.3 | ||
| SUSE | N/A | SUSE Linux Enterprise Server 15 SP4 LTSS | ||
| SUSE | N/A | openSUSE Leap 15.5 | ||
| SUSE | N/A | SUSE Linux Enterprise Micro for Rancher 5.4 | ||
| SUSE | N/A | Legacy Module 15-SP6 | ||
| SUSE | N/A | SUSE Linux Enterprise Server 15 SP3 LTSS | ||
| SUSE | N/A | SUSE Linux Enterprise Micro 5.5 | ||
| SUSE | N/A | SUSE Linux Enterprise Server 15 SP5 LTSS | ||
| SUSE | N/A | SUSE Linux Enterprise High Availability Extension 15 SP3 | ||
| SUSE | N/A | SUSE Linux Enterprise Micro for Rancher 5.2 | ||
| SUSE | N/A | SUSE Linux Enterprise Micro 5.4 | ||
| SUSE | N/A | SUSE Linux Enterprise Micro 5.3 | ||
| SUSE | N/A | SUSE Linux Enterprise Server for SAP Applications 12 SP5 | ||
| SUSE | N/A | openSUSE Leap 15.6 | ||
| SUSE | N/A | SUSE Linux Enterprise Server for SAP Applications 15 SP4 | ||
| SUSE | N/A | openSUSE Leap 15.4 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SUSE Manager Proxy 4.3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Availability Extension 15 SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 15-SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "Public Cloud Module 15-SP6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "Development Tools Module 15-SP6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15 SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Server 4.3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 15 SP4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 12 SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 15-SP6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 15-SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro 5.2",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Enterprise Storage 7.1",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing LTSS 15 SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Availability Extension 15 SP4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Real Time 15 SP6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing LTSS 15 SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "Basesystem Module 15-SP6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro 5.1",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Availability Extension 12 SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15 SP4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 12 SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Real Time 15 SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Server 4.2",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "openSUSE Leap 15.3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro for Rancher 5.3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing LTSS 15 SP4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Real Time 15 SP4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 12-SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Availability Extension 15 SP6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15 SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15 SP3 Business Critical Linux",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 15 SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 12 SP5 LTSS",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Proxy 4.2",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Workstation Extension 15 SP6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Retail Branch Server 4.2",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 15-SP4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15 SP6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 15 SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Desktop 15 SP6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Retail Branch Server 4.3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15 SP4 LTSS",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "openSUSE Leap 15.5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro for Rancher 5.4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "Legacy Module 15-SP6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15 SP3 LTSS",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro 5.5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15 SP5 LTSS",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Availability Extension 15 SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro for Rancher 5.2",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro 5.4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro 5.3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "openSUSE Leap 15.6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "openSUSE Leap 15.4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2021-22543",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22543"
},
{
"name": "CVE-2021-37159",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37159"
},
{
"name": "CVE-2022-2991",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2991"
},
{
"name": "CVE-2023-0394",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0394"
},
{
"name": "CVE-2022-36280",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36280"
},
{
"name": "CVE-2023-1382",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1382"
},
{
"name": "CVE-2023-33951",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33951"
},
{
"name": "CVE-2023-33952",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33952"
},
{
"name": "CVE-2023-1192",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1192"
},
{
"name": "CVE-2023-4244",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4244"
},
{
"name": "CVE-2023-6606",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6606"
},
{
"name": "CVE-2024-24860",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24860"
},
{
"name": "CVE-2024-23307",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23307"
},
{
"name": "CVE-2024-26810",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26810"
},
{
"name": "CVE-2023-52572",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52572"
},
{
"name": "CVE-2021-47202",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47202"
},
{
"name": "CVE-2024-26931",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26931"
},
{
"name": "CVE-2024-27388",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27388"
},
{
"name": "CVE-2024-26924",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26924"
},
{
"name": "CVE-2024-27054",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27054"
},
{
"name": "CVE-2022-48650",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48650"
},
{
"name": "CVE-2023-52646",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52646"
},
{
"name": "CVE-2024-26929",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26929"
},
{
"name": "CVE-2023-52653",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52653"
},
{
"name": "CVE-2022-48636",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48636"
},
{
"name": "CVE-2024-26930",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26930"
},
{
"name": "CVE-2023-52853",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52853"
},
{
"name": "CVE-2024-26758",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26758"
},
{
"name": "CVE-2024-26943",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26943"
},
{
"name": "CVE-2024-36898",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36898"
},
{
"name": "CVE-2024-38599",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38599"
},
{
"name": "CVE-2024-27397",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27397"
},
{
"name": "CVE-2024-26886",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26886"
},
{
"name": "CVE-2024-36915",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36915"
},
{
"name": "CVE-2024-26708",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26708"
},
{
"name": "CVE-2024-40980",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40980"
},
{
"name": "CVE-2024-35949",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35949"
},
{
"name": "CVE-2024-41055",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41055"
},
{
"name": "CVE-2024-42232",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42232"
},
{
"name": "CVE-2024-41047",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41047"
},
{
"name": "CVE-2024-44974",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44974"
},
{
"name": "CVE-2024-45009",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45009"
},
{
"name": "CVE-2024-45010",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45010"
},
{
"name": "CVE-2024-45019",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45019"
},
{
"name": "CVE-2024-46858",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46858"
},
{
"name": "CVE-2022-48664",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48664"
},
{
"name": "CVE-2022-48953",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48953"
},
{
"name": "CVE-2022-48975",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48975"
},
{
"name": "CVE-2022-49006",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49006"
},
{
"name": "CVE-2024-44934",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44934"
},
{
"name": "CVE-2024-49867",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49867"
},
{
"name": "CVE-2024-49950",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49950"
},
{
"name": "CVE-2024-49963",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49963"
},
{
"name": "CVE-2024-49975",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49975"
},
{
"name": "CVE-2024-50073",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50073"
},
{
"name": "CVE-2024-50036",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50036"
},
{
"name": "CVE-2024-50067",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50067"
},
{
"name": "CVE-2024-50251",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50251"
},
{
"name": "CVE-2024-50256",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50256"
},
{
"name": "CVE-2024-50262",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50262"
},
{
"name": "CVE-2024-50278",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50278"
},
{
"name": "CVE-2024-50279",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50279"
},
{
"name": "CVE-2024-50280",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50280"
},
{
"name": "CVE-2024-50296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50296"
},
{
"name": "CVE-2024-50299",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50299"
},
{
"name": "CVE-2024-53055",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53055"
},
{
"name": "CVE-2024-53072",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53072"
},
{
"name": "CVE-2024-50142",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50142"
},
{
"name": "CVE-2024-53241",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53241"
},
{
"name": "CVE-2024-53240",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53240"
},
{
"name": "CVE-2024-47666",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47666"
},
{
"name": "CVE-2024-47701",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47701"
},
{
"name": "CVE-2024-49884",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49884"
},
{
"name": "CVE-2024-49944",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49944"
},
{
"name": "CVE-2024-49952",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49952"
},
{
"name": "CVE-2024-50181",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50181"
},
{
"name": "CVE-2023-52920",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52920"
},
{
"name": "CVE-2024-50115",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50115"
},
{
"name": "CVE-2024-50128",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50128"
},
{
"name": "CVE-2024-50136",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50136"
},
{
"name": "CVE-2024-50154",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50154"
},
{
"name": "CVE-2024-50166",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50166"
},
{
"name": "CVE-2024-50195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50195"
},
{
"name": "CVE-2024-50210",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50210"
},
{
"name": "CVE-2024-50275",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50275"
},
{
"name": "CVE-2024-53051",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53051"
},
{
"name": "CVE-2024-53056",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53056"
},
{
"name": "CVE-2024-53095",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53095"
},
{
"name": "CVE-2024-53101",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53101"
},
{
"name": "CVE-2024-53104",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53104"
},
{
"name": "CVE-2024-53112",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53112"
},
{
"name": "CVE-2024-53114",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53114"
},
{
"name": "CVE-2024-53121",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53121"
},
{
"name": "CVE-2024-53138",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53138"
},
{
"name": "CVE-2024-53142",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53142"
},
{
"name": "CVE-2024-47678",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47678"
},
{
"name": "CVE-2024-50085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50085"
},
{
"name": "CVE-2024-50143",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50143"
},
{
"name": "CVE-2024-50151",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50151"
},
{
"name": "CVE-2024-50185",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50185"
},
{
"name": "CVE-2024-50199",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50199"
},
{
"name": "CVE-2024-50202",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50202"
},
{
"name": "CVE-2024-53103",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53103"
},
{
"name": "CVE-2024-53113",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53113"
},
{
"name": "CVE-2024-53119",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53119"
},
{
"name": "CVE-2024-53120",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53120"
},
{
"name": "CVE-2024-53122",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53122"
},
{
"name": "CVE-2024-53123",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53123"
},
{
"name": "CVE-2024-53127",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53127"
},
{
"name": "CVE-2024-53129",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53129"
},
{
"name": "CVE-2024-53130",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53130"
},
{
"name": "CVE-2024-53131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53131"
},
{
"name": "CVE-2024-53135",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53135"
},
{
"name": "CVE-2024-53144",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53144"
},
{
"name": "CVE-2024-8805",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8805"
},
{
"name": "CVE-2024-50018",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50018"
},
{
"name": "CVE-2024-50211",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50211"
},
{
"name": "CVE-2024-53064",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53064"
},
{
"name": "CVE-2024-53090",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53090"
},
{
"name": "CVE-2024-53125",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53125"
},
{
"name": "CVE-2024-53141",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53141"
},
{
"name": "CVE-2024-53146",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53146"
},
{
"name": "CVE-2024-53148",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53148"
},
{
"name": "CVE-2024-53150",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53150"
},
{
"name": "CVE-2024-53151",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53151"
},
{
"name": "CVE-2024-53156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53156"
},
{
"name": "CVE-2024-53157",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53157"
},
{
"name": "CVE-2024-53158",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53158"
},
{
"name": "CVE-2024-53161",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53161"
},
{
"name": "CVE-2024-53162",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53162"
},
{
"name": "CVE-2024-53166",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53166"
},
{
"name": "CVE-2024-53169",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53169"
},
{
"name": "CVE-2024-53171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53171"
},
{
"name": "CVE-2024-53173",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53173"
},
{
"name": "CVE-2024-53174",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53174"
},
{
"name": "CVE-2024-53179",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53179"
},
{
"name": "CVE-2024-53206",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53206"
},
{
"name": "CVE-2024-53208",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53208"
},
{
"name": "CVE-2024-53209",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53209"
},
{
"name": "CVE-2024-53210",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53210"
},
{
"name": "CVE-2024-53213",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53213"
},
{
"name": "CVE-2024-53214",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53214"
},
{
"name": "CVE-2024-53215",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53215"
},
{
"name": "CVE-2024-53217",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53217"
},
{
"name": "CVE-2024-53224",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53224"
},
{
"name": "CVE-2024-53229",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53229"
},
{
"name": "CVE-2024-56539",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56539"
},
{
"name": "CVE-2024-56549",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56549"
},
{
"name": "CVE-2024-56562",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56562"
},
{
"name": "CVE-2024-56567",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56567"
},
{
"name": "CVE-2024-56604",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56604"
},
{
"name": "CVE-2024-56605",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56605"
},
{
"name": "CVE-2024-56645",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56645"
},
{
"name": "CVE-2024-56754",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56754"
},
{
"name": "CVE-2024-56755",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56755"
},
{
"name": "CVE-2024-56756",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56756"
},
{
"name": "CVE-2022-48742",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48742"
},
{
"name": "CVE-2022-49033",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49033"
},
{
"name": "CVE-2022-49035",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49035"
},
{
"name": "CVE-2024-53239",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53239"
},
{
"name": "CVE-2024-56548",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56548"
},
{
"name": "CVE-2024-56570",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56570"
},
{
"name": "CVE-2024-56571",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56571"
},
{
"name": "CVE-2024-56575",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56575"
},
{
"name": "CVE-2024-56598",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56598"
},
{
"name": "CVE-2024-56619",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56619"
},
{
"name": "CVE-2024-56631",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56631"
},
{
"name": "CVE-2024-56704",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56704"
},
{
"name": "CVE-2024-50051",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50051"
},
{
"name": "CVE-2024-53227",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53227"
},
{
"name": "CVE-2024-53690",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53690"
},
{
"name": "CVE-2024-54680",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54680"
},
{
"name": "CVE-2024-55916",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55916"
},
{
"name": "CVE-2024-56531",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56531"
},
{
"name": "CVE-2024-56532",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56532"
},
{
"name": "CVE-2024-56533",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56533"
},
{
"name": "CVE-2024-56557",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56557"
},
{
"name": "CVE-2024-56558",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56558"
},
{
"name": "CVE-2024-56568",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56568"
},
{
"name": "CVE-2024-56588",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56588"
},
{
"name": "CVE-2024-56595",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56595"
},
{
"name": "CVE-2024-56596",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56596"
},
{
"name": "CVE-2024-56597",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56597"
},
{
"name": "CVE-2024-56602",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56602"
},
{
"name": "CVE-2024-56623",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56623"
},
{
"name": "CVE-2024-56629",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56629"
},
{
"name": "CVE-2024-56642",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56642"
},
{
"name": "CVE-2024-56644",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56644"
},
{
"name": "CVE-2024-56648",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56648"
},
{
"name": "CVE-2024-56661",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56661"
},
{
"name": "CVE-2024-56664",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56664"
},
{
"name": "CVE-2024-56678",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56678"
},
{
"name": "CVE-2024-56681",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56681"
},
{
"name": "CVE-2024-56688",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56688"
},
{
"name": "CVE-2024-56698",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56698"
},
{
"name": "CVE-2024-56701",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56701"
},
{
"name": "CVE-2024-56722",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56722"
},
{
"name": "CVE-2024-56739",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56739"
},
{
"name": "CVE-2024-56745",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56745"
},
{
"name": "CVE-2024-56747",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56747"
},
{
"name": "CVE-2024-56759",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56759"
},
{
"name": "CVE-2024-56765",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56765"
},
{
"name": "CVE-2024-56776",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56776"
},
{
"name": "CVE-2024-56777",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56777"
},
{
"name": "CVE-2024-56778",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56778"
},
{
"name": "CVE-2024-57791",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57791"
},
{
"name": "CVE-2024-57792",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57792"
},
{
"name": "CVE-2024-57793",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57793"
},
{
"name": "CVE-2024-57798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57798"
},
{
"name": "CVE-2024-57849",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57849"
},
{
"name": "CVE-2024-57850",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57850"
},
{
"name": "CVE-2024-57876",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57876"
},
{
"name": "CVE-2024-57893",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57893"
},
{
"name": "CVE-2024-57896",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57896"
},
{
"name": "CVE-2024-57897",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57897"
},
{
"name": "CVE-2024-50304",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50304"
},
{
"name": "CVE-2024-56592",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56592"
},
{
"name": "CVE-2024-56600",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56600"
},
{
"name": "CVE-2024-56601",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56601"
},
{
"name": "CVE-2024-56650",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56650"
},
{
"name": "CVE-2024-56658",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56658"
},
{
"name": "CVE-2024-57882",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57882"
},
{
"name": "CVE-2025-21666",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21666"
},
{
"name": "CVE-2025-21669",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21669"
},
{
"name": "CVE-2025-21670",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21670"
},
{
"name": "CVE-2025-21675",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21675"
},
{
"name": "CVE-2024-57948",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57948"
},
{
"name": "CVE-2025-21636",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21636"
},
{
"name": "CVE-2025-21637",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21637"
},
{
"name": "CVE-2025-21638",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21638"
},
{
"name": "CVE-2025-21639",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21639"
},
{
"name": "CVE-2025-21640",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21640"
},
{
"name": "CVE-2025-21647",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21647"
},
{
"name": "CVE-2025-21665",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21665"
},
{
"name": "CVE-2025-21667",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21667"
},
{
"name": "CVE-2025-21668",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21668"
},
{
"name": "CVE-2025-21680",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21680"
},
{
"name": "CVE-2025-21681",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21681"
},
{
"name": "CVE-2024-53177",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53177"
},
{
"name": "CVE-2024-56633",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56633"
},
{
"name": "CVE-2025-21673",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21673"
},
{
"name": "CVE-2024-50029",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50029"
},
{
"name": "CVE-2024-50294",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50294"
},
{
"name": "CVE-2024-53147",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53147"
},
{
"name": "CVE-2024-53176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53176"
},
{
"name": "CVE-2024-53178",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53178"
},
{
"name": "CVE-2024-53226",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53226"
},
{
"name": "CVE-2024-56720",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56720"
},
{
"name": "CVE-2023-52924",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52924"
},
{
"name": "CVE-2023-52925",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52925"
},
{
"name": "CVE-2024-56579",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56579"
},
{
"name": "CVE-2024-56647",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56647"
},
{
"name": "CVE-2024-57889",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57889"
},
{
"name": "CVE-2025-21684",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21684"
},
{
"name": "CVE-2025-21687",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21687"
},
{
"name": "CVE-2025-21688",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21688"
},
{
"name": "CVE-2025-21689",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21689"
},
{
"name": "CVE-2025-21690",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21690"
},
{
"name": "CVE-2025-21692",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21692"
},
{
"name": "CVE-2025-21697",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21697"
},
{
"name": "CVE-2025-21699",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21699"
},
{
"name": "CVE-2025-21700",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21700"
},
{
"name": "CVE-2021-47633",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47633"
},
{
"name": "CVE-2021-47634",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47634"
},
{
"name": "CVE-2021-47644",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47644"
},
{
"name": "CVE-2022-49076",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49076"
},
{
"name": "CVE-2022-49080",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49080"
},
{
"name": "CVE-2022-49089",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49089"
},
{
"name": "CVE-2022-49124",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49124"
},
{
"name": "CVE-2022-49134",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49134"
},
{
"name": "CVE-2022-49135",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49135"
},
{
"name": "CVE-2022-49151",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49151"
},
{
"name": "CVE-2022-49178",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49178"
},
{
"name": "CVE-2022-49182",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49182"
},
{
"name": "CVE-2022-49201",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49201"
},
{
"name": "CVE-2022-49247",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49247"
},
{
"name": "CVE-2022-49490",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49490"
},
{
"name": "CVE-2022-49626",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49626"
},
{
"name": "CVE-2022-49661",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49661"
},
{
"name": "CVE-2024-57979",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57979"
},
{
"name": "CVE-2024-57994",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57994"
},
{
"name": "CVE-2025-21705",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21705"
},
{
"name": "CVE-2025-21715",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21715"
},
{
"name": "CVE-2025-21716",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21716"
},
{
"name": "CVE-2025-21719",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21719"
},
{
"name": "CVE-2025-21724",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21724"
},
{
"name": "CVE-2025-21725",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21725"
},
{
"name": "CVE-2025-21728",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21728"
},
{
"name": "CVE-2025-21733",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21733"
},
{
"name": "CVE-2025-21753",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21753"
},
{
"name": "CVE-2025-21754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21754"
},
{
"name": "CVE-2025-21767",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21767"
},
{
"name": "CVE-2025-21790",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21790"
},
{
"name": "CVE-2025-21795",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21795"
},
{
"name": "CVE-2025-21799",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21799"
},
{
"name": "CVE-2025-21802",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21802"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0212",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-03-14T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de SUSE. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de SUSE",
"vendor_advisories": [
{
"published_at": "2025-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2025:0833-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250833-1"
},
{
"published_at": "2025-03-12",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2025:0847-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250847-1"
},
{
"published_at": "2025-03-13",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2025:0855-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250855-1"
},
{
"published_at": "2025-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2025:0833-2",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250833-2"
},
{
"published_at": "2025-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2025:0577-2",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250577-2"
},
{
"published_at": "2025-03-13",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2025:0856-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250856-1"
},
{
"published_at": "2025-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2025:0834-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250834-1"
},
{
"published_at": "2025-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2025:0835-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250835-1"
},
{
"published_at": "2025-03-13",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2025:0853-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250853-1"
},
{
"published_at": "2025-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2025:0201-2",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250201-2"
}
]
}
CERTFR-2025-AVI-0152
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans le noyau Linux d'Ubuntu. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, une élévation de privilèges et un déni de service.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Ubuntu 16.04 ESM",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 24.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 18.04 ESM",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 20.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 24.10",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 22.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-26800",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26800"
},
{
"name": "CVE-2024-26921",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26921"
},
{
"name": "CVE-2024-38630",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38630"
},
{
"name": "CVE-2024-43882",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43882"
},
{
"name": "CVE-2023-52917",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52917"
},
{
"name": "CVE-2024-47671",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47671"
},
{
"name": "CVE-2024-47675",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47675"
},
{
"name": "CVE-2024-47681",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47681"
},
{
"name": "CVE-2024-47682",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47682"
},
{
"name": "CVE-2024-47684",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47684"
},
{
"name": "CVE-2024-47685",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47685"
},
{
"name": "CVE-2024-47686",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47686"
},
{
"name": "CVE-2024-47687",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47687"
},
{
"name": "CVE-2024-47688",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47688"
},
{
"name": "CVE-2024-47692",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47692"
},
{
"name": "CVE-2024-47693",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47693"
},
{
"name": "CVE-2024-47695",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47695"
},
{
"name": "CVE-2024-47696",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47696"
},
{
"name": "CVE-2024-47697",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47697"
},
{
"name": "CVE-2024-47698",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47698"
},
{
"name": "CVE-2024-47699",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47699"
},
{
"name": "CVE-2024-47702",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47702"
},
{
"name": "CVE-2024-47704",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47704"
},
{
"name": "CVE-2024-47705",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47705"
},
{
"name": "CVE-2024-47706",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47706"
},
{
"name": "CVE-2024-47707",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47707"
},
{
"name": "CVE-2024-47709",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47709"
},
{
"name": "CVE-2024-47710",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47710"
},
{
"name": "CVE-2024-47712",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47712"
},
{
"name": "CVE-2024-47713",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47713"
},
{
"name": "CVE-2024-47714",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47714"
},
{
"name": "CVE-2024-47715",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47715"
},
{
"name": "CVE-2024-47718",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47718"
},
{
"name": "CVE-2024-47719",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47719"
},
{
"name": "CVE-2024-47720",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47720"
},
{
"name": "CVE-2024-47723",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47723"
},
{
"name": "CVE-2024-47727",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47727"
},
{
"name": "CVE-2024-47728",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47728"
},
{
"name": "CVE-2024-47730",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47730"
},
{
"name": "CVE-2024-47731",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47731"
},
{
"name": "CVE-2024-47732",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47732"
},
{
"name": "CVE-2024-47735",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47735"
},
{
"name": "CVE-2024-47737",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47737"
},
{
"name": "CVE-2024-47738",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47738"
},
{
"name": "CVE-2024-47739",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47739"
},
{
"name": "CVE-2024-47741",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47741"
},
{
"name": "CVE-2024-47742",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47742"
},
{
"name": "CVE-2024-47743",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47743"
},
{
"name": "CVE-2024-47744",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47744"
},
{
"name": "CVE-2024-47745",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47745"
},
{
"name": "CVE-2024-47747",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47747"
},
{
"name": "CVE-2024-47748",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47748"
},
{
"name": "CVE-2024-47749",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47749"
},
{
"name": "CVE-2024-47750",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47750"
},
{
"name": "CVE-2024-47751",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47751"
},
{
"name": "CVE-2024-47752",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47752"
},
{
"name": "CVE-2024-47753",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47753"
},
{
"name": "CVE-2024-47754",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47754"
},
{
"name": "CVE-2024-47756",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47756"
},
{
"name": "CVE-2024-47757",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47757"
},
{
"name": "CVE-2024-49850",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49850"
},
{
"name": "CVE-2024-49851",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49851"
},
{
"name": "CVE-2024-49852",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49852"
},
{
"name": "CVE-2024-49853",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49853"
},
{
"name": "CVE-2024-49855",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49855"
},
{
"name": "CVE-2024-49858",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49858"
},
{
"name": "CVE-2024-49860",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49860"
},
{
"name": "CVE-2024-49861",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49861"
},
{
"name": "CVE-2024-49862",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49862"
},
{
"name": "CVE-2024-49863",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49863"
},
{
"name": "CVE-2024-49864",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49864"
},
{
"name": "CVE-2024-49866",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49866"
},
{
"name": "CVE-2024-49867",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49867"
},
{
"name": "CVE-2024-49870",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49870"
},
{
"name": "CVE-2024-49871",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49871"
},
{
"name": "CVE-2024-49874",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49874"
},
{
"name": "CVE-2024-49875",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49875"
},
{
"name": "CVE-2024-49877",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49877"
},
{
"name": "CVE-2024-49878",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49878"
},
{
"name": "CVE-2024-49879",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49879"
},
{
"name": "CVE-2024-49881",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49881"
},
{
"name": "CVE-2024-49882",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49882"
},
{
"name": "CVE-2024-49883",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49883"
},
{
"name": "CVE-2024-49886",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49886"
},
{
"name": "CVE-2024-49888",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49888"
},
{
"name": "CVE-2024-49890",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49890"
},
{
"name": "CVE-2024-49891",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49891"
},
{
"name": "CVE-2024-49892",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49892"
},
{
"name": "CVE-2024-49894",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49894"
},
{
"name": "CVE-2024-49895",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49895"
},
{
"name": "CVE-2024-49896",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49896"
},
{
"name": "CVE-2024-49897",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49897"
},
{
"name": "CVE-2024-49898",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49898"
},
{
"name": "CVE-2024-49899",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49899"
},
{
"name": "CVE-2024-49900",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49900"
},
{
"name": "CVE-2024-49901",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49901"
},
{
"name": "CVE-2024-49902",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49902"
},
{
"name": "CVE-2024-49903",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49903"
},
{
"name": "CVE-2024-49906",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49906"
},
{
"name": "CVE-2024-49907",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49907"
},
{
"name": "CVE-2024-49908",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49908"
},
{
"name": "CVE-2024-49909",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49909"
},
{
"name": "CVE-2024-49911",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49911"
},
{
"name": "CVE-2024-49912",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49912"
},
{
"name": "CVE-2024-49913",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49913"
},
{
"name": "CVE-2024-49914",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49914"
},
{
"name": "CVE-2024-49917",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49917"
},
{
"name": "CVE-2024-49918",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49918"
},
{
"name": "CVE-2024-49919",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49919"
},
{
"name": "CVE-2024-49920",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49920"
},
{
"name": "CVE-2024-49922",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49922"
},
{
"name": "CVE-2024-49923",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49923"
},
{
"name": "CVE-2024-49928",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49928"
},
{
"name": "CVE-2024-49929",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49929"
},
{
"name": "CVE-2024-49930",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49930"
},
{
"name": "CVE-2024-49931",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49931"
},
{
"name": "CVE-2024-49933",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49933"
},
{
"name": "CVE-2024-49935",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49935"
},
{
"name": "CVE-2024-49936",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49936"
},
{
"name": "CVE-2024-49937",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49937"
},
{
"name": "CVE-2024-49938",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49938"
},
{
"name": "CVE-2024-49939",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49939"
},
{
"name": "CVE-2024-49946",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49946"
},
{
"name": "CVE-2024-49947",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49947"
},
{
"name": "CVE-2024-49949",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49949"
},
{
"name": "CVE-2024-49950",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49950"
},
{
"name": "CVE-2024-49953",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49953"
},
{
"name": "CVE-2024-49954",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49954"
},
{
"name": "CVE-2024-49955",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49955"
},
{
"name": "CVE-2024-49957",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49957"
},
{
"name": "CVE-2024-49958",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49958"
},
{
"name": "CVE-2024-49959",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49959"
},
{
"name": "CVE-2024-49960",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49960"
},
{
"name": "CVE-2024-49961",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49961"
},
{
"name": "CVE-2024-49962",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49962"
},
{
"name": "CVE-2024-49963",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49963"
},
{
"name": "CVE-2024-49965",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49965"
},
{
"name": "CVE-2024-49966",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49966"
},
{
"name": "CVE-2024-49969",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49969"
},
{
"name": "CVE-2024-49972",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49972"
},
{
"name": "CVE-2024-49973",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49973"
},
{
"name": "CVE-2024-49974",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49974"
},
{
"name": "CVE-2024-49975",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49975"
},
{
"name": "CVE-2024-49981",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49981"
},
{
"name": "CVE-2024-49982",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49982"
},
{
"name": "CVE-2024-49985",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49985"
},
{
"name": "CVE-2024-49986",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49986"
},
{
"name": "CVE-2024-49991",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49991"
},
{
"name": "CVE-2024-49995",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49995"
},
{
"name": "CVE-2024-49996",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49996"
},
{
"name": "CVE-2024-50000",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50000"
},
{
"name": "CVE-2024-50001",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50001"
},
{
"name": "CVE-2024-50002",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50002"
},
{
"name": "CVE-2024-50006",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50006"
},
{
"name": "CVE-2024-50007",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50007"
},
{
"name": "CVE-2024-50008",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50008"
},
{
"name": "CVE-2024-50013",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50013"
},
{
"name": "CVE-2024-50014",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50014"
},
{
"name": "CVE-2024-50015",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50015"
},
{
"name": "CVE-2024-50017",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50017"
},
{
"name": "CVE-2024-50019",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50019"
},
{
"name": "CVE-2024-50020",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50020"
},
{
"name": "CVE-2024-50021",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50021"
},
{
"name": "CVE-2024-50022",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50022"
},
{
"name": "CVE-2024-50023",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50023"
},
{
"name": "CVE-2024-50024",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50024"
},
{
"name": "CVE-2024-50025",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50025"
},
{
"name": "CVE-2024-50027",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50027"
},
{
"name": "CVE-2024-50028",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50028"
},
{
"name": "CVE-2024-50031",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50031"
},
{
"name": "CVE-2024-50033",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50033"
},
{
"name": "CVE-2024-50035",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50035"
},
{
"name": "CVE-2024-50040",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50040"
},
{
"name": "CVE-2024-50041",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50041"
},
{
"name": "CVE-2024-50042",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50042"
},
{
"name": "CVE-2024-50044",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50044"
},
{
"name": "CVE-2024-50045",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50045"
},
{
"name": "CVE-2024-50046",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50046"
},
{
"name": "CVE-2024-50047",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50047"
},
{
"name": "CVE-2024-50048",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50048"
},
{
"name": "CVE-2024-50049",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50049"
},
{
"name": "CVE-2024-50055",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50055"
},
{
"name": "CVE-2024-50058",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50058"
},
{
"name": "CVE-2024-50059",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50059"
},
{
"name": "CVE-2024-50060",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50060"
},
{
"name": "CVE-2024-50061",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50061"
},
{
"name": "CVE-2024-50062",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50062"
},
{
"name": "CVE-2024-50063",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50063"
},
{
"name": "CVE-2024-50064",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50064"
},
{
"name": "CVE-2024-50069",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50069"
},
{
"name": "CVE-2024-50073",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50073"
},
{
"name": "CVE-2024-50074",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50074"
},
{
"name": "CVE-2024-50075",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50075"
},
{
"name": "CVE-2024-50076",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50076"
},
{
"name": "CVE-2024-50077",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50077"
},
{
"name": "CVE-2024-50078",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50078"
},
{
"name": "CVE-2024-50080",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50080"
},
{
"name": "CVE-2024-50081",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50081"
},
{
"name": "CVE-2024-50012",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50012"
},
{
"name": "CVE-2024-50036",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50036"
},
{
"name": "CVE-2024-50067",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50067"
},
{
"name": "CVE-2024-50072",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50072"
},
{
"name": "CVE-2024-50126",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50126"
},
{
"name": "CVE-2024-50215",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50215"
},
{
"name": "CVE-2024-50218",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50218"
},
{
"name": "CVE-2024-50229",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50229"
},
{
"name": "CVE-2024-50230",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50230"
},
{
"name": "CVE-2024-50232",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50232"
},
{
"name": "CVE-2024-50233",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50233"
},
{
"name": "CVE-2024-50234",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50234"
},
{
"name": "CVE-2024-50235",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50235"
},
{
"name": "CVE-2024-50236",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50236"
},
{
"name": "CVE-2024-50237",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50237"
},
{
"name": "CVE-2024-50242",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50242"
},
{
"name": "CVE-2024-50243",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50243"
},
{
"name": "CVE-2024-50244",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50244"
},
{
"name": "CVE-2024-50245",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50245"
},
{
"name": "CVE-2024-50247",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50247"
},
{
"name": "CVE-2024-50249",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50249"
},
{
"name": "CVE-2024-50250",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50250"
},
{
"name": "CVE-2024-50251",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50251"
},
{
"name": "CVE-2024-50252",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50252"
},
{
"name": "CVE-2024-50255",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50255"
},
{
"name": "CVE-2024-50256",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50256"
},
{
"name": "CVE-2024-50257",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50257"
},
{
"name": "CVE-2024-50259",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50259"
},
{
"name": "CVE-2024-50261",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50261"
},
{
"name": "CVE-2024-50262",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50262"
},
{
"name": "CVE-2024-50264",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50264"
},
{
"name": "CVE-2024-50265",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50265"
},
{
"name": "CVE-2024-50267",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50267"
},
{
"name": "CVE-2024-50268",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50268"
},
{
"name": "CVE-2024-50269",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50269"
},
{
"name": "CVE-2024-50271",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50271"
},
{
"name": "CVE-2024-50272",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50272"
},
{
"name": "CVE-2024-50273",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50273"
},
{
"name": "CVE-2024-50276",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50276"
},
{
"name": "CVE-2024-50278",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50278"
},
{
"name": "CVE-2024-50279",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50279"
},
{
"name": "CVE-2024-50280",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50280"
},
{
"name": "CVE-2024-50282",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50282"
},
{
"name": "CVE-2024-50283",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50283"
},
{
"name": "CVE-2024-50284",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50284"
},
{
"name": "CVE-2024-50286",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50286"
},
{
"name": "CVE-2024-50287",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50287"
},
{
"name": "CVE-2024-50290",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50290"
},
{
"name": "CVE-2024-50292",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50292"
},
{
"name": "CVE-2024-50295",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50295"
},
{
"name": "CVE-2024-50296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50296"
},
{
"name": "CVE-2024-50299",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50299"
},
{
"name": "CVE-2024-50301",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50301"
},
{
"name": "CVE-2024-50302",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50302"
},
{
"name": "CVE-2024-53042",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53042"
},
{
"name": "CVE-2024-53043",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53043"
},
{
"name": "CVE-2024-53052",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53052"
},
{
"name": "CVE-2024-53055",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53055"
},
{
"name": "CVE-2024-53058",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53058"
},
{
"name": "CVE-2024-53059",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53059"
},
{
"name": "CVE-2024-53061",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53061"
},
{
"name": "CVE-2024-53063",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53063"
},
{
"name": "CVE-2024-53066",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53066"
},
{
"name": "CVE-2024-53072",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53072"
},
{
"name": "CVE-2024-53081",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53081"
},
{
"name": "CVE-2024-53082",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53082"
},
{
"name": "CVE-2024-53088",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53088"
},
{
"name": "CVE-2024-53093",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53093"
},
{
"name": "CVE-2024-50226",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50226"
},
{
"name": "CVE-2024-49925",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49925"
},
{
"name": "CVE-2024-49945",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49945"
},
{
"name": "CVE-2024-50208",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50208"
},
{
"name": "CVE-2024-50082",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50082"
},
{
"name": "CVE-2024-50099",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50099"
},
{
"name": "CVE-2024-50110",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50110"
},
{
"name": "CVE-2024-50142",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50142"
},
{
"name": "CVE-2024-50192",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50192"
},
{
"name": "CVE-2024-47679",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47679"
},
{
"name": "CVE-2024-47690",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47690"
},
{
"name": "CVE-2024-47701",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47701"
},
{
"name": "CVE-2024-47734",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47734"
},
{
"name": "CVE-2024-47740",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47740"
},
{
"name": "CVE-2024-49856",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49856"
},
{
"name": "CVE-2024-49868",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49868"
},
{
"name": "CVE-2024-49884",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49884"
},
{
"name": "CVE-2024-49889",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49889"
},
{
"name": "CVE-2024-49893",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49893"
},
{
"name": "CVE-2024-49904",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49904"
},
{
"name": "CVE-2024-49905",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49905"
},
{
"name": "CVE-2024-49910",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49910"
},
{
"name": "CVE-2024-49915",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49915"
},
{
"name": "CVE-2024-49916",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49916"
},
{
"name": "CVE-2024-49921",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49921"
},
{
"name": "CVE-2024-49924",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49924"
},
{
"name": "CVE-2024-49927",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49927"
},
{
"name": "CVE-2024-49944",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49944"
},
{
"name": "CVE-2024-49948",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49948"
},
{
"name": "CVE-2024-49952",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49952"
},
{
"name": "CVE-2024-49977",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49977"
},
{
"name": "CVE-2024-49983",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49983"
},
{
"name": "CVE-2024-49997",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49997"
},
{
"name": "CVE-2024-50003",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50003"
},
{
"name": "CVE-2024-50038",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50038"
},
{
"name": "CVE-2024-50039",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50039"
},
{
"name": "CVE-2024-50093",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50093"
},
{
"name": "CVE-2024-50095",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50095"
},
{
"name": "CVE-2024-50096",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50096"
},
{
"name": "CVE-2024-50179",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50179"
},
{
"name": "CVE-2024-50180",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50180"
},
{
"name": "CVE-2024-50181",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50181"
},
{
"name": "CVE-2024-50184",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50184"
},
{
"name": "CVE-2024-50186",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50186"
},
{
"name": "CVE-2024-50188",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50188"
},
{
"name": "CVE-2024-50189",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50189"
},
{
"name": "CVE-2024-50191",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50191"
},
{
"name": "CVE-2024-47703",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47703"
},
{
"name": "CVE-2024-49934",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49934"
},
{
"name": "CVE-2024-49968",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49968"
},
{
"name": "CVE-2024-49976",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49976"
},
{
"name": "CVE-2024-49987",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49987"
},
{
"name": "CVE-2024-49989",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49989"
},
{
"name": "CVE-2024-50009",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50009"
},
{
"name": "CVE-2024-50026",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50026"
},
{
"name": "CVE-2024-50084",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50084"
},
{
"name": "CVE-2024-50087",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50087"
},
{
"name": "CVE-2024-50088",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50088"
},
{
"name": "CVE-2024-50098",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50098"
},
{
"name": "CVE-2024-50100",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50100"
},
{
"name": "CVE-2024-50101",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50101"
},
{
"name": "CVE-2024-50102",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50102"
},
{
"name": "CVE-2024-50103",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50103"
},
{
"name": "CVE-2024-50108",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50108"
},
{
"name": "CVE-2024-50115",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50115"
},
{
"name": "CVE-2024-50116",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50116"
},
{
"name": "CVE-2024-50117",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50117"
},
{
"name": "CVE-2024-50121",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50121"
},
{
"name": "CVE-2024-50124",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50124"
},
{
"name": "CVE-2024-50125",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50125"
},
{
"name": "CVE-2024-50127",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50127"
},
{
"name": "CVE-2024-50128",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50128"
},
{
"name": "CVE-2024-50130",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50130"
},
{
"name": "CVE-2024-50131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50131"
},
{
"name": "CVE-2024-50134",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50134"
},
{
"name": "CVE-2024-50135",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50135"
},
{
"name": "CVE-2024-50136",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50136"
},
{
"name": "CVE-2024-50138",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50138"
},
{
"name": "CVE-2024-50139",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50139"
},
{
"name": "CVE-2024-50141",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50141"
},
{
"name": "CVE-2024-50145",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50145"
},
{
"name": "CVE-2024-50146",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50146"
},
{
"name": "CVE-2024-50147",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50147"
},
{
"name": "CVE-2024-50148",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50148"
},
{
"name": "CVE-2024-50150",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50150"
},
{
"name": "CVE-2024-50153",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50153"
},
{
"name": "CVE-2024-50154",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50154"
},
{
"name": "CVE-2024-50155",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50155"
},
{
"name": "CVE-2024-50156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50156"
},
{
"name": "CVE-2024-50157",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50157"
},
{
"name": "CVE-2024-50158",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50158"
},
{
"name": "CVE-2024-50159",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50159"
},
{
"name": "CVE-2024-50160",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50160"
},
{
"name": "CVE-2024-50166",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50166"
},
{
"name": "CVE-2024-50167",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50167"
},
{
"name": "CVE-2024-50169",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50169"
},
{
"name": "CVE-2024-50171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50171"
},
{
"name": "CVE-2024-50172",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50172"
},
{
"name": "CVE-2024-50176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50176"
},
{
"name": "CVE-2024-50177",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50177"
},
{
"name": "CVE-2024-50182",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50182"
},
{
"name": "CVE-2024-50183",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50183"
},
{
"name": "CVE-2024-50187",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50187"
},
{
"name": "CVE-2024-50194",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50194"
},
{
"name": "CVE-2024-50195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50195"
},
{
"name": "CVE-2024-50196",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50196"
},
{
"name": "CVE-2024-50198",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50198"
},
{
"name": "CVE-2024-50200",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50200"
},
{
"name": "CVE-2024-50201",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50201"
},
{
"name": "CVE-2024-50205",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50205"
},
{
"name": "CVE-2024-50209",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50209"
},
{
"name": "CVE-2024-50216",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50216"
},
{
"name": "CVE-2024-50221",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50221"
},
{
"name": "CVE-2024-50224",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50224"
},
{
"name": "CVE-2024-50225",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50225"
},
{
"name": "CVE-2024-50231",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50231"
},
{
"name": "CVE-2024-50240",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50240"
},
{
"name": "CVE-2024-50246",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50246"
},
{
"name": "CVE-2024-50248",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50248"
},
{
"name": "CVE-2024-50274",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50274"
},
{
"name": "CVE-2024-50275",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50275"
},
{
"name": "CVE-2024-50289",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50289"
},
{
"name": "CVE-2024-50298",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50298"
},
{
"name": "CVE-2024-53045",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53045"
},
{
"name": "CVE-2024-53048",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53048"
},
{
"name": "CVE-2024-53056",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53056"
},
{
"name": "CVE-2024-53068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53068"
},
{
"name": "CVE-2024-53074",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53074"
},
{
"name": "CVE-2024-53076",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53076"
},
{
"name": "CVE-2024-53079",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53079"
},
{
"name": "CVE-2024-53085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53085"
},
{
"name": "CVE-2024-53094",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53094"
},
{
"name": "CVE-2024-53095",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53095"
},
{
"name": "CVE-2024-53100",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53100"
},
{
"name": "CVE-2024-53101",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53101"
},
{
"name": "CVE-2024-53104",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53104"
},
{
"name": "CVE-2024-53106",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53106"
},
{
"name": "CVE-2024-53108",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53108"
},
{
"name": "CVE-2024-53110",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53110"
},
{
"name": "CVE-2024-53112",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53112"
},
{
"name": "CVE-2024-53114",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53114"
},
{
"name": "CVE-2024-53121",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53121"
},
{
"name": "CVE-2024-53138",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53138"
},
{
"name": "CVE-2024-53142",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53142"
},
{
"name": "CVE-2024-47678",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47678"
},
{
"name": "CVE-2024-49859",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49859"
},
{
"name": "CVE-2024-49978",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49978"
},
{
"name": "CVE-2024-49992",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49992"
},
{
"name": "CVE-2024-50010",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50010"
},
{
"name": "CVE-2024-50083",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50083"
},
{
"name": "CVE-2024-50085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50085"
},
{
"name": "CVE-2024-50086",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50086"
},
{
"name": "CVE-2024-50133",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50133"
},
{
"name": "CVE-2024-50143",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50143"
},
{
"name": "CVE-2024-50151",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50151"
},
{
"name": "CVE-2024-50162",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50162"
},
{
"name": "CVE-2024-50163",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50163"
},
{
"name": "CVE-2024-50168",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50168"
},
{
"name": "CVE-2024-50185",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50185"
},
{
"name": "CVE-2024-50193",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50193"
},
{
"name": "CVE-2024-50199",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50199"
},
{
"name": "CVE-2024-50202",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50202"
},
{
"name": "CVE-2024-53103",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53103"
},
{
"name": "CVE-2024-53113",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53113"
},
{
"name": "CVE-2024-53119",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53119"
},
{
"name": "CVE-2024-53120",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53120"
},
{
"name": "CVE-2024-53122",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53122"
},
{
"name": "CVE-2024-53123",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53123"
},
{
"name": "CVE-2024-53127",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53127"
},
{
"name": "CVE-2024-53129",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53129"
},
{
"name": "CVE-2024-53130",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53130"
},
{
"name": "CVE-2024-53131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53131"
},
{
"name": "CVE-2024-53135",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53135"
},
{
"name": "CVE-2024-53140",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53140"
},
{
"name": "CVE-2024-53144",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53144"
},
{
"name": "CVE-2024-50011",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50011"
},
{
"name": "CVE-2024-50016",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50016"
},
{
"name": "CVE-2024-50203",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50203"
},
{
"name": "CVE-2024-50211",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50211"
},
{
"name": "CVE-2024-53064",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53064"
},
{
"name": "CVE-2024-53090",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53090"
},
{
"name": "CVE-2024-53099",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53099"
},
{
"name": "CVE-2024-53105",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53105"
},
{
"name": "CVE-2024-53111",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53111"
},
{
"name": "CVE-2024-53117",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53117"
},
{
"name": "CVE-2024-53118",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53118"
},
{
"name": "CVE-2024-53125",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53125"
},
{
"name": "CVE-2024-53126",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53126"
},
{
"name": "CVE-2024-53133",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53133"
},
{
"name": "CVE-2024-53134",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53134"
},
{
"name": "CVE-2024-53141",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53141"
},
{
"name": "CVE-2024-53146",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53146"
},
{
"name": "CVE-2024-53148",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53148"
},
{
"name": "CVE-2024-53150",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53150"
},
{
"name": "CVE-2024-53151",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53151"
},
{
"name": "CVE-2024-53154",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53154"
},
{
"name": "CVE-2024-53155",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53155"
},
{
"name": "CVE-2024-53156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53156"
},
{
"name": "CVE-2024-53157",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53157"
},
{
"name": "CVE-2024-53158",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53158"
},
{
"name": "CVE-2024-53160",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53160"
},
{
"name": "CVE-2024-53161",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53161"
},
{
"name": "CVE-2024-53162",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53162"
},
{
"name": "CVE-2024-53166",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53166"
},
{
"name": "CVE-2024-53169",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53169"
},
{
"name": "CVE-2024-53171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53171"
},
{
"name": "CVE-2024-53173",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53173"
},
{
"name": "CVE-2024-53174",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53174"
},
{
"name": "CVE-2024-53180",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53180"
},
{
"name": "CVE-2024-53188",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53188"
},
{
"name": "CVE-2024-53190",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53190"
},
{
"name": "CVE-2024-53191",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53191"
},
{
"name": "CVE-2024-53200",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53200"
},
{
"name": "CVE-2024-53202",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53202"
},
{
"name": "CVE-2024-53208",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53208"
},
{
"name": "CVE-2024-53209",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53209"
},
{
"name": "CVE-2024-53210",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53210"
},
{
"name": "CVE-2024-53213",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53213"
},
{
"name": "CVE-2024-53214",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53214"
},
{
"name": "CVE-2024-53215",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53215"
},
{
"name": "CVE-2024-53216",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53216"
},
{
"name": "CVE-2024-53217",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53217"
},
{
"name": "CVE-2024-53224",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53224"
},
{
"name": "CVE-2024-53229",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53229"
},
{
"name": "CVE-2024-53234",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53234"
},
{
"name": "CVE-2024-53237",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53237"
},
{
"name": "CVE-2024-56536",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56536"
},
{
"name": "CVE-2024-56539",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56539"
},
{
"name": "CVE-2024-56549",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56549"
},
{
"name": "CVE-2024-56752",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56752"
},
{
"name": "CVE-2024-56754",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56754"
},
{
"name": "CVE-2024-56755",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56755"
},
{
"name": "CVE-2024-56756",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56756"
},
{
"name": "CVE-2024-53239",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53239"
},
{
"name": "CVE-2024-56548",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56548"
},
{
"name": "CVE-2024-56704",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56704"
},
{
"name": "CVE-2024-49951",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49951"
},
{
"name": "CVE-2024-49998",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49998"
},
{
"name": "CVE-2024-50106",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50106"
},
{
"name": "CVE-2024-53091",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53091"
},
{
"name": "CVE-2024-53168",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53168"
},
{
"name": "CVE-2024-53170",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53170"
},
{
"name": "CVE-2024-53172",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53172"
},
{
"name": "CVE-2024-53175",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53175"
},
{
"name": "CVE-2024-53194",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53194"
},
{
"name": "CVE-2024-53195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53195"
},
{
"name": "CVE-2024-53196",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53196"
},
{
"name": "CVE-2024-53197",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53197"
},
{
"name": "CVE-2024-53198",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53198"
},
{
"name": "CVE-2024-53227",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53227"
},
{
"name": "CVE-2024-53230",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53230"
},
{
"name": "CVE-2024-53231",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53231"
},
{
"name": "CVE-2024-53232",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53232"
},
{
"name": "CVE-2024-53233",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53233"
},
{
"name": "CVE-2024-53236",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53236"
},
{
"name": "CVE-2024-56531",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56531"
},
{
"name": "CVE-2024-56532",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56532"
},
{
"name": "CVE-2024-56533",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56533"
},
{
"name": "CVE-2024-56538",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56538"
},
{
"name": "CVE-2024-56543",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56543"
},
{
"name": "CVE-2024-56546",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56546"
},
{
"name": "CVE-2024-53238",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53238"
},
{
"name": "CVE-2024-56677",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56677"
},
{
"name": "CVE-2024-56678",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56678"
},
{
"name": "CVE-2024-56681",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56681"
},
{
"name": "CVE-2024-56683",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56683"
},
{
"name": "CVE-2024-56687",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56687"
},
{
"name": "CVE-2024-56688",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56688"
},
{
"name": "CVE-2024-56690",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56690"
},
{
"name": "CVE-2024-56691",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56691"
},
{
"name": "CVE-2024-56694",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56694"
},
{
"name": "CVE-2024-56698",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56698"
},
{
"name": "CVE-2024-56700",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56700"
},
{
"name": "CVE-2024-56701",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56701"
},
{
"name": "CVE-2024-56705",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56705"
},
{
"name": "CVE-2024-56708",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56708"
},
{
"name": "CVE-2024-56722",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56722"
},
{
"name": "CVE-2024-56723",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56723"
},
{
"name": "CVE-2024-56724",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56724"
},
{
"name": "CVE-2024-56729",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56729"
},
{
"name": "CVE-2024-56739",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56739"
},
{
"name": "CVE-2024-56741",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56741"
},
{
"name": "CVE-2024-56745",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56745"
},
{
"name": "CVE-2024-56746",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56746"
},
{
"name": "CVE-2024-56747",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56747"
},
{
"name": "CVE-2024-56748",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56748"
},
{
"name": "CVE-2024-53047",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53047"
},
{
"name": "CVE-2024-50258",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50258"
},
{
"name": "CVE-2024-50304",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50304"
},
{
"name": "CVE-2024-53187",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53187"
},
{
"name": "CVE-2024-53203",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53203"
},
{
"name": "CVE-2024-56679",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56679"
},
{
"name": "CVE-2024-56693",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56693"
},
{
"name": "CVE-2024-56707",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56707"
},
{
"name": "CVE-2024-56725",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56725"
},
{
"name": "CVE-2024-56726",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56726"
},
{
"name": "CVE-2024-56727",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56727"
},
{
"name": "CVE-2024-56728",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56728"
},
{
"name": "CVE-2024-49994",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49994"
},
{
"name": "CVE-2024-50164",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50164"
},
{
"name": "CVE-2024-53124",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53124"
},
{
"name": "CVE-2024-53128",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53128"
},
{
"name": "CVE-2024-56703",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56703"
},
{
"name": "CVE-2024-53177",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53177"
},
{
"name": "CVE-2022-49034",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49034"
},
{
"name": "CVE-2024-46869",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46869"
},
{
"name": "CVE-2024-47676",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47676"
},
{
"name": "CVE-2024-47677",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47677"
},
{
"name": "CVE-2024-47680",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47680"
},
{
"name": "CVE-2024-47689",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47689"
},
{
"name": "CVE-2024-47691",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47691"
},
{
"name": "CVE-2024-47694",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47694"
},
{
"name": "CVE-2024-47700",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47700"
},
{
"name": "CVE-2024-47708",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47708"
},
{
"name": "CVE-2024-47711",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47711"
},
{
"name": "CVE-2024-47716",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47716"
},
{
"name": "CVE-2024-47717",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47717"
},
{
"name": "CVE-2024-47721",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47721"
},
{
"name": "CVE-2024-47724",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47724"
},
{
"name": "CVE-2024-47726",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47726"
},
{
"name": "CVE-2024-47733",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47733"
},
{
"name": "CVE-2024-47736",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47736"
},
{
"name": "CVE-2024-47746",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47746"
},
{
"name": "CVE-2024-49857",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49857"
},
{
"name": "CVE-2024-49865",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49865"
},
{
"name": "CVE-2024-49869",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49869"
},
{
"name": "CVE-2024-49872",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49872"
},
{
"name": "CVE-2024-49873",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49873"
},
{
"name": "CVE-2024-49876",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49876"
},
{
"name": "CVE-2024-49880",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49880"
},
{
"name": "CVE-2024-49885",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49885"
},
{
"name": "CVE-2024-49887",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49887"
},
{
"name": "CVE-2024-49926",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49926"
},
{
"name": "CVE-2024-49932",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49932"
},
{
"name": "CVE-2024-49940",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49940"
},
{
"name": "CVE-2024-49941",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49941"
},
{
"name": "CVE-2024-49942",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49942"
},
{
"name": "CVE-2024-49943",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49943"
},
{
"name": "CVE-2024-49956",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49956"
},
{
"name": "CVE-2024-49964",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49964"
},
{
"name": "CVE-2024-49970",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49970"
},
{
"name": "CVE-2024-49971",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49971"
},
{
"name": "CVE-2024-49979",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49979"
},
{
"name": "CVE-2024-49980",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49980"
},
{
"name": "CVE-2024-49988",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49988"
},
{
"name": "CVE-2024-49999",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49999"
},
{
"name": "CVE-2024-50005",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50005"
},
{
"name": "CVE-2024-50029",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50029"
},
{
"name": "CVE-2024-50030",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50030"
},
{
"name": "CVE-2024-50034",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50034"
},
{
"name": "CVE-2024-50037",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50037"
},
{
"name": "CVE-2024-50043",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50043"
},
{
"name": "CVE-2024-50056",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50056"
},
{
"name": "CVE-2024-50057",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50057"
},
{
"name": "CVE-2024-50065",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50065"
},
{
"name": "CVE-2024-50066",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50066"
},
{
"name": "CVE-2024-50068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50068"
},
{
"name": "CVE-2024-50070",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50070"
},
{
"name": "CVE-2024-50071",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50071"
},
{
"name": "CVE-2024-50079",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50079"
},
{
"name": "CVE-2024-50090",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50090"
},
{
"name": "CVE-2024-50091",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50091"
},
{
"name": "CVE-2024-50092",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50092"
},
{
"name": "CVE-2024-50094",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50094"
},
{
"name": "CVE-2024-50104",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50104"
},
{
"name": "CVE-2024-50105",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50105"
},
{
"name": "CVE-2024-50107",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50107"
},
{
"name": "CVE-2024-50109",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50109"
},
{
"name": "CVE-2024-50111",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50111"
},
{
"name": "CVE-2024-50112",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50112"
},
{
"name": "CVE-2024-50113",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50113"
},
{
"name": "CVE-2024-50114",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50114"
},
{
"name": "CVE-2024-50118",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50118"
},
{
"name": "CVE-2024-50119",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50119"
},
{
"name": "CVE-2024-50120",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50120"
},
{
"name": "CVE-2024-50122",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50122"
},
{
"name": "CVE-2024-50123",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50123"
},
{
"name": "CVE-2024-50129",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50129"
},
{
"name": "CVE-2024-50132",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50132"
},
{
"name": "CVE-2024-50137",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50137"
},
{
"name": "CVE-2024-50140",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50140"
},
{
"name": "CVE-2024-50144",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50144"
},
{
"name": "CVE-2024-50149",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50149"
},
{
"name": "CVE-2024-50152",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50152"
},
{
"name": "CVE-2024-50161",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50161"
},
{
"name": "CVE-2024-50165",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50165"
},
{
"name": "CVE-2024-50170",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50170"
},
{
"name": "CVE-2024-50173",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50173"
},
{
"name": "CVE-2024-50174",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50174"
},
{
"name": "CVE-2024-50178",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50178"
},
{
"name": "CVE-2024-50190",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50190"
},
{
"name": "CVE-2024-50197",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50197"
},
{
"name": "CVE-2024-50204",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50204"
},
{
"name": "CVE-2024-50206",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50206"
},
{
"name": "CVE-2024-50207",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50207"
},
{
"name": "CVE-2024-50212",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50212"
},
{
"name": "CVE-2024-50213",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50213"
},
{
"name": "CVE-2024-50214",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50214"
},
{
"name": "CVE-2024-50217",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50217"
},
{
"name": "CVE-2024-50220",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50220"
},
{
"name": "CVE-2024-50222",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50222"
},
{
"name": "CVE-2024-50223",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50223"
},
{
"name": "CVE-2024-50227",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50227"
},
{
"name": "CVE-2024-50238",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50238"
},
{
"name": "CVE-2024-50239",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50239"
},
{
"name": "CVE-2024-50253",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50253"
},
{
"name": "CVE-2024-50254",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50254"
},
{
"name": "CVE-2024-50260",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50260"
},
{
"name": "CVE-2024-50263",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50263"
},
{
"name": "CVE-2024-50266",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50266"
},
{
"name": "CVE-2024-50270",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50270"
},
{
"name": "CVE-2024-50277",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50277"
},
{
"name": "CVE-2024-50281",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50281"
},
{
"name": "CVE-2024-50285",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50285"
},
{
"name": "CVE-2024-50288",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50288"
},
{
"name": "CVE-2024-50291",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50291"
},
{
"name": "CVE-2024-50293",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50293"
},
{
"name": "CVE-2024-50294",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50294"
},
{
"name": "CVE-2024-50297",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50297"
},
{
"name": "CVE-2024-50300",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50300"
},
{
"name": "CVE-2024-50303",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50303"
},
{
"name": "CVE-2024-53044",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53044"
},
{
"name": "CVE-2024-53046",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53046"
},
{
"name": "CVE-2024-53049",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53049"
},
{
"name": "CVE-2024-53053",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53053"
},
{
"name": "CVE-2024-53062",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53062"
},
{
"name": "CVE-2024-53065",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53065"
},
{
"name": "CVE-2024-53067",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53067"
},
{
"name": "CVE-2024-53069",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53069"
},
{
"name": "CVE-2024-53071",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53071"
},
{
"name": "CVE-2024-53075",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53075"
},
{
"name": "CVE-2024-53077",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53077"
},
{
"name": "CVE-2024-53078",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53078"
},
{
"name": "CVE-2024-53080",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53080"
},
{
"name": "CVE-2024-53083",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53083"
},
{
"name": "CVE-2024-53084",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53084"
},
{
"name": "CVE-2024-53086",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53086"
},
{
"name": "CVE-2024-53087",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53087"
},
{
"name": "CVE-2024-53089",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53089"
},
{
"name": "CVE-2024-53092",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53092"
},
{
"name": "CVE-2024-53098",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53098"
},
{
"name": "CVE-2024-53107",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53107"
},
{
"name": "CVE-2024-53109",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53109"
},
{
"name": "CVE-2024-53115",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53115"
},
{
"name": "CVE-2024-53116",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53116"
},
{
"name": "CVE-2024-53132",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53132"
},
{
"name": "CVE-2024-53137",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53137"
},
{
"name": "CVE-2024-53139",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53139"
},
{
"name": "CVE-2024-53143",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53143"
},
{
"name": "CVE-2024-53145",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53145"
},
{
"name": "CVE-2024-53147",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53147"
},
{
"name": "CVE-2024-53149",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53149"
},
{
"name": "CVE-2024-53152",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53152"
},
{
"name": "CVE-2024-53153",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53153"
},
{
"name": "CVE-2024-53163",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53163"
},
{
"name": "CVE-2024-53165",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53165"
},
{
"name": "CVE-2024-53167",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53167"
},
{
"name": "CVE-2024-53176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53176"
},
{
"name": "CVE-2024-53178",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53178"
},
{
"name": "CVE-2024-53181",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53181"
},
{
"name": "CVE-2024-53183",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53183"
},
{
"name": "CVE-2024-53184",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53184"
},
{
"name": "CVE-2024-53189",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53189"
},
{
"name": "CVE-2024-53192",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53192"
},
{
"name": "CVE-2024-53193",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53193"
},
{
"name": "CVE-2024-53199",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53199"
},
{
"name": "CVE-2024-53212",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53212"
},
{
"name": "CVE-2024-53218",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53218"
},
{
"name": "CVE-2024-53219",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53219"
},
{
"name": "CVE-2024-53220",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53220"
},
{
"name": "CVE-2024-53221",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53221"
},
{
"name": "CVE-2024-53223",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53223"
},
{
"name": "CVE-2024-53226",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53226"
},
{
"name": "CVE-2024-53228",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53228"
},
{
"name": "CVE-2024-56534",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56534"
},
{
"name": "CVE-2024-56535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56535"
},
{
"name": "CVE-2024-56537",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56537"
},
{
"name": "CVE-2024-56540",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56540"
},
{
"name": "CVE-2024-56541",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56541"
},
{
"name": "CVE-2024-56544",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56544"
},
{
"name": "CVE-2024-56545",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56545"
},
{
"name": "CVE-2024-56674",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56674"
},
{
"name": "CVE-2024-56680",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56680"
},
{
"name": "CVE-2024-56684",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56684"
},
{
"name": "CVE-2024-56685",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56685"
},
{
"name": "CVE-2024-56689",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56689"
},
{
"name": "CVE-2024-56692",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56692"
},
{
"name": "CVE-2024-56696",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56696"
},
{
"name": "CVE-2024-56697",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56697"
},
{
"name": "CVE-2024-56699",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56699"
},
{
"name": "CVE-2024-56702",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56702"
},
{
"name": "CVE-2024-56720",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56720"
},
{
"name": "CVE-2024-56721",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56721"
},
{
"name": "CVE-2024-56742",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56742"
},
{
"name": "CVE-2024-56744",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56744"
},
{
"name": "CVE-2024-56749",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56749"
},
{
"name": "CVE-2024-56751",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56751"
},
{
"name": "CVE-2025-0927",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0927"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0152",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-02-21T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux d\u0027Ubuntu. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux d\u0027Ubuntu",
"vendor_advisories": [
{
"published_at": "2025-02-20",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu LSN-0109-1",
"url": "https://ubuntu.com/security/notices/LSN-0109-1"
},
{
"published_at": "2025-02-19",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7277-1",
"url": "https://ubuntu.com/security/notices/USN-7277-1"
},
{
"published_at": "2025-02-19",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7276-1",
"url": "https://ubuntu.com/security/notices/USN-7276-1"
}
]
}
CERTFR-2025-AVI-0366
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans le noyau Linux d'Ubuntu. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Ubuntu 24.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 20.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-26928",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26928"
},
{
"name": "CVE-2024-35864",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35864"
},
{
"name": "CVE-2024-36899",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36899"
},
{
"name": "CVE-2024-26837",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26837"
},
{
"name": "CVE-2024-41014",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41014"
},
{
"name": "CVE-2024-41016",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41016"
},
{
"name": "CVE-2024-42122",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42122"
},
{
"name": "CVE-2024-42315",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42315"
},
{
"name": "CVE-2024-43900",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43900"
},
{
"name": "CVE-2024-44938",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44938"
},
{
"name": "CVE-2024-46784",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46784"
},
{
"name": "CVE-2024-46826",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46826"
},
{
"name": "CVE-2024-46809",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46809"
},
{
"name": "CVE-2024-46841",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46841"
},
{
"name": "CVE-2024-46871",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46871"
},
{
"name": "CVE-2024-47670",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47670"
},
{
"name": "CVE-2024-47671",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47671"
},
{
"name": "CVE-2024-47672",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47672"
},
{
"name": "CVE-2024-47673",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47673"
},
{
"name": "CVE-2024-47684",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47684"
},
{
"name": "CVE-2024-47685",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47685"
},
{
"name": "CVE-2024-47692",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47692"
},
{
"name": "CVE-2024-47693",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47693"
},
{
"name": "CVE-2024-47695",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47695"
},
{
"name": "CVE-2024-47696",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47696"
},
{
"name": "CVE-2024-47697",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47697"
},
{
"name": "CVE-2024-47698",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47698"
},
{
"name": "CVE-2024-47699",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47699"
},
{
"name": "CVE-2024-47704",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47704"
},
{
"name": "CVE-2024-47705",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47705"
},
{
"name": "CVE-2024-47706",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47706"
},
{
"name": "CVE-2024-47707",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47707"
},
{
"name": "CVE-2024-47709",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47709"
},
{
"name": "CVE-2024-47710",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47710"
},
{
"name": "CVE-2024-47712",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47712"
},
{
"name": "CVE-2024-47713",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47713"
},
{
"name": "CVE-2024-47718",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47718"
},
{
"name": "CVE-2024-47720",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47720"
},
{
"name": "CVE-2024-47723",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47723"
},
{
"name": "CVE-2024-47728",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47728"
},
{
"name": "CVE-2024-47730",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47730"
},
{
"name": "CVE-2024-47735",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47735"
},
{
"name": "CVE-2024-47737",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47737"
},
{
"name": "CVE-2024-47738",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47738"
},
{
"name": "CVE-2024-47739",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47739"
},
{
"name": "CVE-2024-47742",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47742"
},
{
"name": "CVE-2024-47745",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47745"
},
{
"name": "CVE-2024-47747",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47747"
},
{
"name": "CVE-2024-47748",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47748"
},
{
"name": "CVE-2024-47749",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47749"
},
{
"name": "CVE-2024-47756",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47756"
},
{
"name": "CVE-2024-47757",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47757"
},
{
"name": "CVE-2024-49851",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49851"
},
{
"name": "CVE-2024-49852",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49852"
},
{
"name": "CVE-2024-49855",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49855"
},
{
"name": "CVE-2024-49858",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49858"
},
{
"name": "CVE-2024-49860",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49860"
},
{
"name": "CVE-2024-49861",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49861"
},
{
"name": "CVE-2024-49863",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49863"
},
{
"name": "CVE-2024-49866",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49866"
},
{
"name": "CVE-2024-49867",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49867"
},
{
"name": "CVE-2024-49870",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49870"
},
{
"name": "CVE-2024-49871",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49871"
},
{
"name": "CVE-2024-49875",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49875"
},
{
"name": "CVE-2024-49877",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49877"
},
{
"name": "CVE-2024-49878",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49878"
},
{
"name": "CVE-2024-49879",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49879"
},
{
"name": "CVE-2024-49881",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49881"
},
{
"name": "CVE-2024-49882",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49882"
},
{
"name": "CVE-2024-49883",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49883"
},
{
"name": "CVE-2024-49886",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49886"
},
{
"name": "CVE-2024-49888",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49888"
},
{
"name": "CVE-2024-49890",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49890"
},
{
"name": "CVE-2024-49891",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49891"
},
{
"name": "CVE-2024-49892",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49892"
},
{
"name": "CVE-2024-49894",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49894"
},
{
"name": "CVE-2024-49895",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49895"
},
{
"name": "CVE-2024-49896",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49896"
},
{
"name": "CVE-2024-49898",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49898"
},
{
"name": "CVE-2024-49899",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49899"
},
{
"name": "CVE-2024-49900",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49900"
},
{
"name": "CVE-2024-49901",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49901"
},
{
"name": "CVE-2024-49902",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49902"
},
{
"name": "CVE-2024-49903",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49903"
},
{
"name": "CVE-2024-49906",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49906"
},
{
"name": "CVE-2024-49907",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49907"
},
{
"name": "CVE-2024-49909",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49909"
},
{
"name": "CVE-2024-49911",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49911"
},
{
"name": "CVE-2024-49912",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49912"
},
{
"name": "CVE-2024-49913",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49913"
},
{
"name": "CVE-2024-49914",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49914"
},
{
"name": "CVE-2024-49917",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49917"
},
{
"name": "CVE-2024-49918",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49918"
},
{
"name": "CVE-2024-49919",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49919"
},
{
"name": "CVE-2024-49920",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49920"
},
{
"name": "CVE-2024-49922",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49922"
},
{
"name": "CVE-2024-49923",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49923"
},
{
"name": "CVE-2024-49928",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49928"
},
{
"name": "CVE-2024-49929",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49929"
},
{
"name": "CVE-2024-49930",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49930"
},
{
"name": "CVE-2024-49931",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49931"
},
{
"name": "CVE-2024-49933",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49933"
},
{
"name": "CVE-2024-49935",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49935"
},
{
"name": "CVE-2024-49936",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49936"
},
{
"name": "CVE-2024-49937",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49937"
},
{
"name": "CVE-2024-49938",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49938"
},
{
"name": "CVE-2024-49939",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49939"
},
{
"name": "CVE-2024-49946",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49946"
},
{
"name": "CVE-2024-49949",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49949"
},
{
"name": "CVE-2024-49950",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49950"
},
{
"name": "CVE-2024-49954",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49954"
},
{
"name": "CVE-2024-49955",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49955"
},
{
"name": "CVE-2024-49957",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49957"
},
{
"name": "CVE-2024-49958",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49958"
},
{
"name": "CVE-2024-49959",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49959"
},
{
"name": "CVE-2024-49960",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49960"
},
{
"name": "CVE-2024-49961",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49961"
},
{
"name": "CVE-2024-49962",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49962"
},
{
"name": "CVE-2024-49963",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49963"
},
{
"name": "CVE-2024-49965",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49965"
},
{
"name": "CVE-2024-49966",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49966"
},
{
"name": "CVE-2024-49969",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49969"
},
{
"name": "CVE-2024-49972",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49972"
},
{
"name": "CVE-2024-49973",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49973"
},
{
"name": "CVE-2024-49974",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49974"
},
{
"name": "CVE-2024-49975",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49975"
},
{
"name": "CVE-2024-49981",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49981"
},
{
"name": "CVE-2024-49982",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49982"
},
{
"name": "CVE-2024-49985",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49985"
},
{
"name": "CVE-2024-49991",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49991"
},
{
"name": "CVE-2024-49996",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49996"
},
{
"name": "CVE-2024-50000",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50000"
},
{
"name": "CVE-2024-50001",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50001"
},
{
"name": "CVE-2024-50002",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50002"
},
{
"name": "CVE-2024-50006",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50006"
},
{
"name": "CVE-2024-50007",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50007"
},
{
"name": "CVE-2024-50008",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50008"
},
{
"name": "CVE-2024-50013",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50013"
},
{
"name": "CVE-2024-50014",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50014"
},
{
"name": "CVE-2024-50015",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50015"
},
{
"name": "CVE-2024-50017",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50017"
},
{
"name": "CVE-2024-50019",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50019"
},
{
"name": "CVE-2024-50020",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50020"
},
{
"name": "CVE-2024-50021",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50021"
},
{
"name": "CVE-2024-50022",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50022"
},
{
"name": "CVE-2024-50023",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50023"
},
{
"name": "CVE-2024-50024",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50024"
},
{
"name": "CVE-2024-50025",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50025"
},
{
"name": "CVE-2024-50027",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50027"
},
{
"name": "CVE-2024-50028",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50028"
},
{
"name": "CVE-2024-50031",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50031"
},
{
"name": "CVE-2024-50033",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50033"
},
{
"name": "CVE-2024-50035",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50035"
},
{
"name": "CVE-2024-50040",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50040"
},
{
"name": "CVE-2024-50041",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50041"
},
{
"name": "CVE-2024-50042",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50042"
},
{
"name": "CVE-2024-50044",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50044"
},
{
"name": "CVE-2024-50045",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50045"
},
{
"name": "CVE-2024-50046",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50046"
},
{
"name": "CVE-2024-50047",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50047"
},
{
"name": "CVE-2024-50048",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50048"
},
{
"name": "CVE-2024-50049",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50049"
},
{
"name": "CVE-2024-50055",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50055"
},
{
"name": "CVE-2024-50058",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50058"
},
{
"name": "CVE-2024-50059",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50059"
},
{
"name": "CVE-2024-50060",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50060"
},
{
"name": "CVE-2024-50061",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50061"
},
{
"name": "CVE-2024-50062",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50062"
},
{
"name": "CVE-2024-50063",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50063"
},
{
"name": "CVE-2024-50064",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50064"
},
{
"name": "CVE-2024-50069",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50069"
},
{
"name": "CVE-2024-50073",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50073"
},
{
"name": "CVE-2024-50074",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50074"
},
{
"name": "CVE-2024-50075",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50075"
},
{
"name": "CVE-2024-50076",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50076"
},
{
"name": "CVE-2024-50077",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50077"
},
{
"name": "CVE-2024-50078",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50078"
},
{
"name": "CVE-2024-50080",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50080"
},
{
"name": "CVE-2024-50012",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50012"
},
{
"name": "CVE-2024-50036",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50036"
},
{
"name": "CVE-2024-50067",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50067"
},
{
"name": "CVE-2024-50072",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50072"
},
{
"name": "CVE-2024-50126",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50126"
},
{
"name": "CVE-2024-50215",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50215"
},
{
"name": "CVE-2024-50218",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50218"
},
{
"name": "CVE-2024-50229",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50229"
},
{
"name": "CVE-2024-50230",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50230"
},
{
"name": "CVE-2024-50232",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50232"
},
{
"name": "CVE-2024-50233",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50233"
},
{
"name": "CVE-2024-50234",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50234"
},
{
"name": "CVE-2024-50235",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50235"
},
{
"name": "CVE-2024-50236",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50236"
},
{
"name": "CVE-2024-50237",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50237"
},
{
"name": "CVE-2024-50242",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50242"
},
{
"name": "CVE-2024-50243",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50243"
},
{
"name": "CVE-2024-50244",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50244"
},
{
"name": "CVE-2024-50245",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50245"
},
{
"name": "CVE-2024-50247",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50247"
},
{
"name": "CVE-2024-50250",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50250"
},
{
"name": "CVE-2024-50251",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50251"
},
{
"name": "CVE-2024-50252",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50252"
},
{
"name": "CVE-2024-50255",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50255"
},
{
"name": "CVE-2024-50256",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50256"
},
{
"name": "CVE-2024-50257",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50257"
},
{
"name": "CVE-2024-50259",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50259"
},
{
"name": "CVE-2024-50261",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50261"
},
{
"name": "CVE-2024-50262",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50262"
},
{
"name": "CVE-2024-50265",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50265"
},
{
"name": "CVE-2024-50267",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50267"
},
{
"name": "CVE-2024-50268",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50268"
},
{
"name": "CVE-2024-50269",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50269"
},
{
"name": "CVE-2024-50271",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50271"
},
{
"name": "CVE-2024-50272",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50272"
},
{
"name": "CVE-2024-50273",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50273"
},
{
"name": "CVE-2024-50276",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50276"
},
{
"name": "CVE-2024-50278",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50278"
},
{
"name": "CVE-2024-50279",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50279"
},
{
"name": "CVE-2024-50280",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50280"
},
{
"name": "CVE-2024-50282",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50282"
},
{
"name": "CVE-2024-50283",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50283"
},
{
"name": "CVE-2024-50284",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50284"
},
{
"name": "CVE-2024-50286",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50286"
},
{
"name": "CVE-2024-50287",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50287"
},
{
"name": "CVE-2024-50290",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50290"
},
{
"name": "CVE-2024-50292",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50292"
},
{
"name": "CVE-2024-50295",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50295"
},
{
"name": "CVE-2024-50296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50296"
},
{
"name": "CVE-2024-50299",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50299"
},
{
"name": "CVE-2024-50301",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50301"
},
{
"name": "CVE-2024-50302",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50302"
},
{
"name": "CVE-2024-53042",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53042"
},
{
"name": "CVE-2024-53043",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53043"
},
{
"name": "CVE-2024-53052",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53052"
},
{
"name": "CVE-2024-53055",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53055"
},
{
"name": "CVE-2024-53058",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53058"
},
{
"name": "CVE-2024-53059",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53059"
},
{
"name": "CVE-2024-53061",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53061"
},
{
"name": "CVE-2024-53063",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53063"
},
{
"name": "CVE-2024-53066",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53066"
},
{
"name": "CVE-2024-53072",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53072"
},
{
"name": "CVE-2024-53081",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53081"
},
{
"name": "CVE-2024-53082",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53082"
},
{
"name": "CVE-2024-53088",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53088"
},
{
"name": "CVE-2024-53093",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53093"
},
{
"name": "CVE-2024-50226",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50226"
},
{
"name": "CVE-2024-49925",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49925"
},
{
"name": "CVE-2024-49945",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49945"
},
{
"name": "CVE-2024-50208",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50208"
},
{
"name": "CVE-2024-50082",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50082"
},
{
"name": "CVE-2024-50099",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50099"
},
{
"name": "CVE-2024-50110",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50110"
},
{
"name": "CVE-2024-50142",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50142"
},
{
"name": "CVE-2024-50192",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50192"
},
{
"name": "CVE-2024-47679",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47679"
},
{
"name": "CVE-2024-47690",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47690"
},
{
"name": "CVE-2024-47701",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47701"
},
{
"name": "CVE-2024-47734",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47734"
},
{
"name": "CVE-2024-47740",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47740"
},
{
"name": "CVE-2024-49856",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49856"
},
{
"name": "CVE-2024-49868",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49868"
},
{
"name": "CVE-2024-49884",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49884"
},
{
"name": "CVE-2024-49889",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49889"
},
{
"name": "CVE-2024-49893",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49893"
},
{
"name": "CVE-2024-49905",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49905"
},
{
"name": "CVE-2024-49915",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49915"
},
{
"name": "CVE-2024-49921",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49921"
},
{
"name": "CVE-2024-49924",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49924"
},
{
"name": "CVE-2024-49927",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49927"
},
{
"name": "CVE-2024-49944",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49944"
},
{
"name": "CVE-2024-49948",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49948"
},
{
"name": "CVE-2024-49952",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49952"
},
{
"name": "CVE-2024-49977",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49977"
},
{
"name": "CVE-2024-49983",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49983"
},
{
"name": "CVE-2024-49997",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49997"
},
{
"name": "CVE-2024-50038",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50038"
},
{
"name": "CVE-2024-50039",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50039"
},
{
"name": "CVE-2024-50093",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50093"
},
{
"name": "CVE-2024-50095",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50095"
},
{
"name": "CVE-2024-50096",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50096"
},
{
"name": "CVE-2024-50179",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50179"
},
{
"name": "CVE-2024-50180",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50180"
},
{
"name": "CVE-2024-50184",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50184"
},
{
"name": "CVE-2024-50186",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50186"
},
{
"name": "CVE-2024-50188",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50188"
},
{
"name": "CVE-2024-50189",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50189"
},
{
"name": "CVE-2024-50191",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50191"
},
{
"name": "CVE-2024-47703",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47703"
},
{
"name": "CVE-2024-49934",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49934"
},
{
"name": "CVE-2024-49968",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49968"
},
{
"name": "CVE-2024-49987",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49987"
},
{
"name": "CVE-2024-49989",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49989"
},
{
"name": "CVE-2024-50009",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50009"
},
{
"name": "CVE-2024-50026",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50026"
},
{
"name": "CVE-2024-50084",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50084"
},
{
"name": "CVE-2024-50087",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50087"
},
{
"name": "CVE-2024-50088",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50088"
},
{
"name": "CVE-2024-50098",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50098"
},
{
"name": "CVE-2024-50101",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50101"
},
{
"name": "CVE-2024-50103",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50103"
},
{
"name": "CVE-2024-50108",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50108"
},
{
"name": "CVE-2024-50115",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50115"
},
{
"name": "CVE-2024-50116",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50116"
},
{
"name": "CVE-2024-50117",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50117"
},
{
"name": "CVE-2024-50121",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50121"
},
{
"name": "CVE-2024-50124",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50124"
},
{
"name": "CVE-2024-50125",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50125"
},
{
"name": "CVE-2024-50127",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50127"
},
{
"name": "CVE-2024-50128",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50128"
},
{
"name": "CVE-2024-50130",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50130"
},
{
"name": "CVE-2024-50131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50131"
},
{
"name": "CVE-2024-50134",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50134"
},
{
"name": "CVE-2024-50135",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50135"
},
{
"name": "CVE-2024-50136",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50136"
},
{
"name": "CVE-2024-50138",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50138"
},
{
"name": "CVE-2024-50139",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50139"
},
{
"name": "CVE-2024-50141",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50141"
},
{
"name": "CVE-2024-50145",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50145"
},
{
"name": "CVE-2024-50146",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50146"
},
{
"name": "CVE-2024-50147",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50147"
},
{
"name": "CVE-2024-50148",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50148"
},
{
"name": "CVE-2024-50150",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50150"
},
{
"name": "CVE-2024-50153",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50153"
},
{
"name": "CVE-2024-50154",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50154"
},
{
"name": "CVE-2024-50155",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50155"
},
{
"name": "CVE-2024-50156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50156"
},
{
"name": "CVE-2024-50158",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50158"
},
{
"name": "CVE-2024-50159",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50159"
},
{
"name": "CVE-2024-50160",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50160"
},
{
"name": "CVE-2024-50166",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50166"
},
{
"name": "CVE-2024-50167",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50167"
},
{
"name": "CVE-2024-50169",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50169"
},
{
"name": "CVE-2024-50171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50171"
},
{
"name": "CVE-2024-50172",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50172"
},
{
"name": "CVE-2024-50182",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50182"
},
{
"name": "CVE-2024-50183",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50183"
},
{
"name": "CVE-2024-50187",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50187"
},
{
"name": "CVE-2024-50194",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50194"
},
{
"name": "CVE-2024-50195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50195"
},
{
"name": "CVE-2024-50196",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50196"
},
{
"name": "CVE-2024-50198",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50198"
},
{
"name": "CVE-2024-50200",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50200"
},
{
"name": "CVE-2024-50201",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50201"
},
{
"name": "CVE-2024-50205",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50205"
},
{
"name": "CVE-2024-50209",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50209"
},
{
"name": "CVE-2024-50216",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50216"
},
{
"name": "CVE-2024-50221",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50221"
},
{
"name": "CVE-2024-50224",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50224"
},
{
"name": "CVE-2024-50225",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50225"
},
{
"name": "CVE-2024-50231",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50231"
},
{
"name": "CVE-2024-50240",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50240"
},
{
"name": "CVE-2024-50246",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50246"
},
{
"name": "CVE-2024-50248",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50248"
},
{
"name": "CVE-2024-50274",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50274"
},
{
"name": "CVE-2024-50275",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50275"
},
{
"name": "CVE-2024-50289",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50289"
},
{
"name": "CVE-2024-50298",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50298"
},
{
"name": "CVE-2024-53045",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53045"
},
{
"name": "CVE-2024-53048",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53048"
},
{
"name": "CVE-2024-53051",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53051"
},
{
"name": "CVE-2024-53068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53068"
},
{
"name": "CVE-2024-53076",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53076"
},
{
"name": "CVE-2024-53079",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53079"
},
{
"name": "CVE-2024-53085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53085"
},
{
"name": "CVE-2024-53094",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53094"
},
{
"name": "CVE-2024-53095",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53095"
},
{
"name": "CVE-2024-53096",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53096"
},
{
"name": "CVE-2024-53100",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53100"
},
{
"name": "CVE-2024-53101",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53101"
},
{
"name": "CVE-2024-53104",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53104"
},
{
"name": "CVE-2024-53106",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53106"
},
{
"name": "CVE-2024-53108",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53108"
},
{
"name": "CVE-2024-53110",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53110"
},
{
"name": "CVE-2024-53112",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53112"
},
{
"name": "CVE-2024-53114",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53114"
},
{
"name": "CVE-2024-53121",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53121"
},
{
"name": "CVE-2024-53138",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53138"
},
{
"name": "CVE-2024-53142",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53142"
},
{
"name": "CVE-2024-47678",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47678"
},
{
"name": "CVE-2024-49859",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49859"
},
{
"name": "CVE-2024-49978",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49978"
},
{
"name": "CVE-2024-49992",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49992"
},
{
"name": "CVE-2024-50010",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50010"
},
{
"name": "CVE-2024-50083",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50083"
},
{
"name": "CVE-2024-50085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50085"
},
{
"name": "CVE-2024-50086",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50086"
},
{
"name": "CVE-2024-50133",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50133"
},
{
"name": "CVE-2024-50143",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50143"
},
{
"name": "CVE-2024-50151",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50151"
},
{
"name": "CVE-2024-50162",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50162"
},
{
"name": "CVE-2024-50163",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50163"
},
{
"name": "CVE-2024-50168",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50168"
},
{
"name": "CVE-2024-50185",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50185"
},
{
"name": "CVE-2024-50193",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50193"
},
{
"name": "CVE-2024-50199",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50199"
},
{
"name": "CVE-2024-50202",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50202"
},
{
"name": "CVE-2024-53103",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53103"
},
{
"name": "CVE-2024-53113",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53113"
},
{
"name": "CVE-2024-53119",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53119"
},
{
"name": "CVE-2024-53120",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53120"
},
{
"name": "CVE-2024-53122",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53122"
},
{
"name": "CVE-2024-53123",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53123"
},
{
"name": "CVE-2024-53127",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53127"
},
{
"name": "CVE-2024-53129",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53129"
},
{
"name": "CVE-2024-53130",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53130"
},
{
"name": "CVE-2024-53131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53131"
},
{
"name": "CVE-2024-53135",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53135"
},
{
"name": "CVE-2024-53136",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53136"
},
{
"name": "CVE-2024-53140",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53140"
},
{
"name": "CVE-2024-53144",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53144"
},
{
"name": "CVE-2024-8805",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8805"
},
{
"name": "CVE-2024-50016",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50016"
},
{
"name": "CVE-2024-50203",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50203"
},
{
"name": "CVE-2024-50211",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50211"
},
{
"name": "CVE-2024-53050",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53050"
},
{
"name": "CVE-2024-53090",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53090"
},
{
"name": "CVE-2024-53099",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53099"
},
{
"name": "CVE-2024-53105",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53105"
},
{
"name": "CVE-2024-53111",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53111"
},
{
"name": "CVE-2024-53117",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53117"
},
{
"name": "CVE-2024-53118",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53118"
},
{
"name": "CVE-2024-53125",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53125"
},
{
"name": "CVE-2024-53126",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53126"
},
{
"name": "CVE-2024-53133",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53133"
},
{
"name": "CVE-2024-53134",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53134"
},
{
"name": "CVE-2024-53141",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53141"
},
{
"name": "CVE-2024-53146",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53146"
},
{
"name": "CVE-2024-53148",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53148"
},
{
"name": "CVE-2024-53150",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53150"
},
{
"name": "CVE-2024-53151",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53151"
},
{
"name": "CVE-2024-53154",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53154"
},
{
"name": "CVE-2024-53155",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53155"
},
{
"name": "CVE-2024-53156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53156"
},
{
"name": "CVE-2024-53157",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53157"
},
{
"name": "CVE-2024-53158",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53158"
},
{
"name": "CVE-2024-53160",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53160"
},
{
"name": "CVE-2024-53161",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53161"
},
{
"name": "CVE-2024-53162",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53162"
},
{
"name": "CVE-2024-53166",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53166"
},
{
"name": "CVE-2024-53169",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53169"
},
{
"name": "CVE-2024-53171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53171"
},
{
"name": "CVE-2024-53173",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53173"
},
{
"name": "CVE-2024-53174",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53174"
},
{
"name": "CVE-2024-53180",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53180"
},
{
"name": "CVE-2024-53188",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53188"
},
{
"name": "CVE-2024-53190",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53190"
},
{
"name": "CVE-2024-53191",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53191"
},
{
"name": "CVE-2024-53200",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53200"
},
{
"name": "CVE-2024-53202",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53202"
},
{
"name": "CVE-2024-53206",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53206"
},
{
"name": "CVE-2024-53208",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53208"
},
{
"name": "CVE-2024-53209",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53209"
},
{
"name": "CVE-2024-53210",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53210"
},
{
"name": "CVE-2024-53213",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53213"
},
{
"name": "CVE-2024-53214",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53214"
},
{
"name": "CVE-2024-53215",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53215"
},
{
"name": "CVE-2024-53217",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53217"
},
{
"name": "CVE-2024-53222",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53222"
},
{
"name": "CVE-2024-53224",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53224"
},
{
"name": "CVE-2024-53229",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53229"
},
{
"name": "CVE-2024-53234",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53234"
},
{
"name": "CVE-2024-53237",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53237"
},
{
"name": "CVE-2024-56539",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56539"
},
{
"name": "CVE-2024-56549",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56549"
},
{
"name": "CVE-2024-56551",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56551"
},
{
"name": "CVE-2024-56562",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56562"
},
{
"name": "CVE-2024-56566",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56566"
},
{
"name": "CVE-2024-56567",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56567"
},
{
"name": "CVE-2024-56576",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56576"
},
{
"name": "CVE-2024-56582",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56582"
},
{
"name": "CVE-2024-56599",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56599"
},
{
"name": "CVE-2024-56604",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56604"
},
{
"name": "CVE-2024-56605",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56605"
},
{
"name": "CVE-2024-56645",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56645"
},
{
"name": "CVE-2024-56752",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56752"
},
{
"name": "CVE-2024-56754",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56754"
},
{
"name": "CVE-2024-56755",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56755"
},
{
"name": "CVE-2024-56756",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56756"
},
{
"name": "CVE-2024-53239",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53239"
},
{
"name": "CVE-2024-56548",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56548"
},
{
"name": "CVE-2024-56570",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56570"
},
{
"name": "CVE-2024-56575",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56575"
},
{
"name": "CVE-2024-56598",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56598"
},
{
"name": "CVE-2024-56619",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56619"
},
{
"name": "CVE-2024-56631",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56631"
},
{
"name": "CVE-2024-56704",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56704"
},
{
"name": "CVE-2024-36476",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36476"
},
{
"name": "CVE-2024-45828",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45828"
},
{
"name": "CVE-2024-47141",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47141"
},
{
"name": "CVE-2024-47143",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47143"
},
{
"name": "CVE-2024-47809",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47809"
},
{
"name": "CVE-2024-48873",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48873"
},
{
"name": "CVE-2024-48881",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48881"
},
{
"name": "CVE-2024-49569",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49569"
},
{
"name": "CVE-2024-49998",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49998"
},
{
"name": "CVE-2024-50051",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50051"
},
{
"name": "CVE-2024-52332",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52332"
},
{
"name": "CVE-2024-53091",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53091"
},
{
"name": "CVE-2024-53168",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53168"
},
{
"name": "CVE-2024-53170",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53170"
},
{
"name": "CVE-2024-53172",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53172"
},
{
"name": "CVE-2024-53175",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53175"
},
{
"name": "CVE-2024-53194",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53194"
},
{
"name": "CVE-2024-53195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53195"
},
{
"name": "CVE-2024-53196",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53196"
},
{
"name": "CVE-2024-53197",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53197"
},
{
"name": "CVE-2024-53198",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53198"
},
{
"name": "CVE-2024-53227",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53227"
},
{
"name": "CVE-2024-53230",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53230"
},
{
"name": "CVE-2024-53231",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53231"
},
{
"name": "CVE-2024-53232",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53232"
},
{
"name": "CVE-2024-53233",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53233"
},
{
"name": "CVE-2024-53236",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53236"
},
{
"name": "CVE-2024-53685",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53685"
},
{
"name": "CVE-2024-53690",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53690"
},
{
"name": "CVE-2024-55881",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55881"
},
{
"name": "CVE-2024-55916",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55916"
},
{
"name": "CVE-2024-56369",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56369"
},
{
"name": "CVE-2024-56531",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56531"
},
{
"name": "CVE-2024-56532",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56532"
},
{
"name": "CVE-2024-56533",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56533"
},
{
"name": "CVE-2024-56538",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56538"
},
{
"name": "CVE-2024-56543",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56543"
},
{
"name": "CVE-2024-56546",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56546"
},
{
"name": "CVE-2024-56557",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56557"
},
{
"name": "CVE-2024-56558",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56558"
},
{
"name": "CVE-2024-56568",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56568"
},
{
"name": "CVE-2024-56569",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56569"
},
{
"name": "CVE-2024-56572",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56572"
},
{
"name": "CVE-2024-56573",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56573"
},
{
"name": "CVE-2024-56574",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56574"
},
{
"name": "CVE-2024-53164",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53164"
},
{
"name": "CVE-2024-56577",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56577"
},
{
"name": "CVE-2024-56578",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56578"
},
{
"name": "CVE-2024-56584",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56584"
},
{
"name": "CVE-2024-56587",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56587"
},
{
"name": "CVE-2024-56588",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56588"
},
{
"name": "CVE-2024-56589",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56589"
},
{
"name": "CVE-2024-56590",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56590"
},
{
"name": "CVE-2024-56593",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56593"
},
{
"name": "CVE-2024-56594",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56594"
},
{
"name": "CVE-2024-56595",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56595"
},
{
"name": "CVE-2024-56596",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56596"
},
{
"name": "CVE-2024-56597",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56597"
},
{
"name": "CVE-2024-56602",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56602"
},
{
"name": "CVE-2024-56603",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56603"
},
{
"name": "CVE-2024-56606",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56606"
},
{
"name": "CVE-2024-56607",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56607"
},
{
"name": "CVE-2024-56609",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56609"
},
{
"name": "CVE-2024-56611",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56611"
},
{
"name": "CVE-2024-56614",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56614"
},
{
"name": "CVE-2024-56615",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56615"
},
{
"name": "CVE-2024-56616",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56616"
},
{
"name": "CVE-2024-56620",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56620"
},
{
"name": "CVE-2024-56622",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56622"
},
{
"name": "CVE-2024-56623",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56623"
},
{
"name": "CVE-2024-56625",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56625"
},
{
"name": "CVE-2024-56629",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56629"
},
{
"name": "CVE-2024-56630",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56630"
},
{
"name": "CVE-2024-56632",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56632"
},
{
"name": "CVE-2024-56634",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56634"
},
{
"name": "CVE-2024-56635",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56635"
},
{
"name": "CVE-2024-56636",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56636"
},
{
"name": "CVE-2024-56637",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56637"
},
{
"name": "CVE-2024-56641",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56641"
},
{
"name": "CVE-2024-56642",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56642"
},
{
"name": "CVE-2024-56643",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56643"
},
{
"name": "CVE-2024-56644",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56644"
},
{
"name": "CVE-2024-56648",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56648"
},
{
"name": "CVE-2024-56649",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56649"
},
{
"name": "CVE-2024-56651",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56651"
},
{
"name": "CVE-2024-56659",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56659"
},
{
"name": "CVE-2024-56662",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56662"
},
{
"name": "CVE-2024-56663",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56663"
},
{
"name": "CVE-2024-56670",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56670"
},
{
"name": "CVE-2024-56672",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56672"
},
{
"name": "CVE-2024-56677",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56677"
},
{
"name": "CVE-2024-56678",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56678"
},
{
"name": "CVE-2024-56681",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56681"
},
{
"name": "CVE-2024-56683",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56683"
},
{
"name": "CVE-2024-56687",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56687"
},
{
"name": "CVE-2024-56688",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56688"
},
{
"name": "CVE-2024-56690",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56690"
},
{
"name": "CVE-2024-56691",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56691"
},
{
"name": "CVE-2024-56694",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56694"
},
{
"name": "CVE-2024-56698",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56698"
},
{
"name": "CVE-2024-56700",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56700"
},
{
"name": "CVE-2024-56701",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56701"
},
{
"name": "CVE-2024-56705",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56705"
},
{
"name": "CVE-2024-56708",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56708"
},
{
"name": "CVE-2024-56716",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56716"
},
{
"name": "CVE-2024-56722",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56722"
},
{
"name": "CVE-2024-56723",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56723"
},
{
"name": "CVE-2024-56724",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56724"
},
{
"name": "CVE-2024-56729",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56729"
},
{
"name": "CVE-2024-56739",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56739"
},
{
"name": "CVE-2024-56745",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56745"
},
{
"name": "CVE-2024-56746",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56746"
},
{
"name": "CVE-2024-56747",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56747"
},
{
"name": "CVE-2024-56748",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56748"
},
{
"name": "CVE-2024-56759",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56759"
},
{
"name": "CVE-2024-56765",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56765"
},
{
"name": "CVE-2024-56767",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56767"
},
{
"name": "CVE-2024-56769",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56769"
},
{
"name": "CVE-2024-56774",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56774"
},
{
"name": "CVE-2024-56775",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56775"
},
{
"name": "CVE-2024-56776",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56776"
},
{
"name": "CVE-2024-56777",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56777"
},
{
"name": "CVE-2024-56778",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56778"
},
{
"name": "CVE-2024-56779",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56779"
},
{
"name": "CVE-2024-56780",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56780"
},
{
"name": "CVE-2024-56787",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56787"
},
{
"name": "CVE-2024-57791",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57791"
},
{
"name": "CVE-2024-57792",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57792"
},
{
"name": "CVE-2024-57798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57798"
},
{
"name": "CVE-2024-57838",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57838"
},
{
"name": "CVE-2024-57849",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57849"
},
{
"name": "CVE-2024-57850",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57850"
},
{
"name": "CVE-2024-57874",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57874"
},
{
"name": "CVE-2024-57876",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57876"
},
{
"name": "CVE-2024-57890",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57890"
},
{
"name": "CVE-2024-57892",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57892"
},
{
"name": "CVE-2024-57896",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57896"
},
{
"name": "CVE-2024-57897",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57897"
},
{
"name": "CVE-2024-57903",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57903"
},
{
"name": "CVE-2024-57904",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57904"
},
{
"name": "CVE-2024-57906",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57906"
},
{
"name": "CVE-2024-57907",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57907"
},
{
"name": "CVE-2024-57908",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57908"
},
{
"name": "CVE-2024-57910",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57910"
},
{
"name": "CVE-2024-57911",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57911"
},
{
"name": "CVE-2024-57912",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57912"
},
{
"name": "CVE-2024-57913",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57913"
},
{
"name": "CVE-2024-57922",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57922"
},
{
"name": "CVE-2024-57929",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57929"
},
{
"name": "CVE-2024-57940",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57940"
},
{
"name": "CVE-2025-21646",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21646"
},
{
"name": "CVE-2024-53047",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53047"
},
{
"name": "CVE-2024-50258",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50258"
},
{
"name": "CVE-2024-50304",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50304"
},
{
"name": "CVE-2024-53187",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53187"
},
{
"name": "CVE-2024-53203",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53203"
},
{
"name": "CVE-2024-56592",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56592"
},
{
"name": "CVE-2024-56600",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56600"
},
{
"name": "CVE-2024-56601",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56601"
},
{
"name": "CVE-2024-56608",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56608"
},
{
"name": "CVE-2024-56610",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56610"
},
{
"name": "CVE-2024-56650",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56650"
},
{
"name": "CVE-2024-56658",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56658"
},
{
"name": "CVE-2024-56679",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56679"
},
{
"name": "CVE-2024-56693",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56693"
},
{
"name": "CVE-2024-56707",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56707"
},
{
"name": "CVE-2024-56715",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56715"
},
{
"name": "CVE-2024-56725",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56725"
},
{
"name": "CVE-2024-56726",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56726"
},
{
"name": "CVE-2024-56727",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56727"
},
{
"name": "CVE-2024-56728",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56728"
},
{
"name": "CVE-2024-56763",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56763"
},
{
"name": "CVE-2024-57802",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57802"
},
{
"name": "CVE-2024-57882",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57882"
},
{
"name": "CVE-2024-57884",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57884"
},
{
"name": "CVE-2024-57917",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57917"
},
{
"name": "CVE-2024-57931",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57931"
},
{
"name": "CVE-2024-57938",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57938"
},
{
"name": "CVE-2024-57946",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57946"
},
{
"name": "CVE-2025-21653",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21653"
},
{
"name": "CVE-2025-21664",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21664"
},
{
"name": "CVE-2025-21666",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21666"
},
{
"name": "CVE-2025-21669",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21669"
},
{
"name": "CVE-2025-21678",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21678"
},
{
"name": "CVE-2024-49994",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49994"
},
{
"name": "CVE-2024-50164",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50164"
},
{
"name": "CVE-2024-53124",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53124"
},
{
"name": "CVE-2024-53128",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53128"
},
{
"name": "CVE-2024-56703",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56703"
},
{
"name": "CVE-2024-57925",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57925"
},
{
"name": "CVE-2024-57939",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57939"
},
{
"name": "CVE-2024-57948",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57948"
},
{
"name": "CVE-2025-21631",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21631"
},
{
"name": "CVE-2025-21636",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21636"
},
{
"name": "CVE-2025-21637",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21637"
},
{
"name": "CVE-2025-21638",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21638"
},
{
"name": "CVE-2025-21639",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21639"
},
{
"name": "CVE-2025-21640",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21640"
},
{
"name": "CVE-2025-21648",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21648"
},
{
"name": "CVE-2025-21665",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21665"
},
{
"name": "CVE-2025-21680",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21680"
},
{
"name": "CVE-2025-21683",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21683"
},
{
"name": "CVE-2024-53177",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53177"
},
{
"name": "CVE-2024-56633",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56633"
},
{
"name": "CVE-2022-49034",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49034"
},
{
"name": "CVE-2024-47689",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47689"
},
{
"name": "CVE-2024-47691",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47691"
},
{
"name": "CVE-2024-47711",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47711"
},
{
"name": "CVE-2024-47726",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47726"
},
{
"name": "CVE-2024-49865",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49865"
},
{
"name": "CVE-2024-49880",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49880"
},
{
"name": "CVE-2024-49926",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49926"
},
{
"name": "CVE-2024-49988",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49988"
},
{
"name": "CVE-2024-50029",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50029"
},
{
"name": "CVE-2024-50030",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50030"
},
{
"name": "CVE-2024-50056",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50056"
},
{
"name": "CVE-2024-50057",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50057"
},
{
"name": "CVE-2024-50065",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50065"
},
{
"name": "CVE-2024-50066",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50066"
},
{
"name": "CVE-2024-50068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50068"
},
{
"name": "CVE-2024-50070",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50070"
},
{
"name": "CVE-2024-50090",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50090"
},
{
"name": "CVE-2024-50104",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50104"
},
{
"name": "CVE-2024-50105",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50105"
},
{
"name": "CVE-2024-50107",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50107"
},
{
"name": "CVE-2024-50111",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50111"
},
{
"name": "CVE-2024-50112",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50112"
},
{
"name": "CVE-2024-50118",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50118"
},
{
"name": "CVE-2024-50120",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50120"
},
{
"name": "CVE-2024-50137",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50137"
},
{
"name": "CVE-2024-50140",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50140"
},
{
"name": "CVE-2024-50152",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50152"
},
{
"name": "CVE-2024-50170",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50170"
},
{
"name": "CVE-2024-50197",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50197"
},
{
"name": "CVE-2024-50206",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50206"
},
{
"name": "CVE-2024-50207",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50207"
},
{
"name": "CVE-2024-50220",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50220"
},
{
"name": "CVE-2024-50222",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50222"
},
{
"name": "CVE-2024-50223",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50223"
},
{
"name": "CVE-2024-50238",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50238"
},
{
"name": "CVE-2024-50239",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50239"
},
{
"name": "CVE-2024-50263",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50263"
},
{
"name": "CVE-2024-50270",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50270"
},
{
"name": "CVE-2024-50285",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50285"
},
{
"name": "CVE-2024-50288",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50288"
},
{
"name": "CVE-2024-50291",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50291"
},
{
"name": "CVE-2024-50294",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50294"
},
{
"name": "CVE-2024-50297",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50297"
},
{
"name": "CVE-2024-50300",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50300"
},
{
"name": "CVE-2024-50303",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50303"
},
{
"name": "CVE-2024-53044",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53044"
},
{
"name": "CVE-2024-53046",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53046"
},
{
"name": "CVE-2024-53053",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53053"
},
{
"name": "CVE-2024-53062",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53062"
},
{
"name": "CVE-2024-53067",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53067"
},
{
"name": "CVE-2024-53083",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53083"
},
{
"name": "CVE-2024-53084",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53084"
},
{
"name": "CVE-2024-53086",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53086"
},
{
"name": "CVE-2024-53087",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53087"
},
{
"name": "CVE-2024-53089",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53089"
},
{
"name": "CVE-2024-53107",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53107"
},
{
"name": "CVE-2024-53109",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53109"
},
{
"name": "CVE-2024-53115",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53115"
},
{
"name": "CVE-2024-53139",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53139"
},
{
"name": "CVE-2024-53145",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53145"
},
{
"name": "CVE-2024-53147",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53147"
},
{
"name": "CVE-2024-53163",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53163"
},
{
"name": "CVE-2024-53165",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53165"
},
{
"name": "CVE-2024-53176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53176"
},
{
"name": "CVE-2024-53178",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53178"
},
{
"name": "CVE-2024-53181",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53181"
},
{
"name": "CVE-2024-53183",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53183"
},
{
"name": "CVE-2024-53184",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53184"
},
{
"name": "CVE-2024-53218",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53218"
},
{
"name": "CVE-2024-53219",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53219"
},
{
"name": "CVE-2024-53220",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53220"
},
{
"name": "CVE-2024-53221",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53221"
},
{
"name": "CVE-2024-53223",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53223"
},
{
"name": "CVE-2024-53226",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53226"
},
{
"name": "CVE-2024-53228",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53228"
},
{
"name": "CVE-2024-56540",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56540"
},
{
"name": "CVE-2024-56545",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56545"
},
{
"name": "CVE-2024-56685",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56685"
},
{
"name": "CVE-2024-56689",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56689"
},
{
"name": "CVE-2024-56692",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56692"
},
{
"name": "CVE-2024-56720",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56720"
},
{
"name": "CVE-2024-56721",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56721"
},
{
"name": "CVE-2024-56742",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56742"
},
{
"name": "CVE-2024-56744",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56744"
},
{
"name": "CVE-2024-56751",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56751"
},
{
"name": "CVE-2025-0927",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0927"
},
{
"name": "CVE-2024-56579",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56579"
},
{
"name": "CVE-2024-56647",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56647"
},
{
"name": "CVE-2024-57889",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57889"
},
{
"name": "CVE-2025-21687",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21687"
},
{
"name": "CVE-2025-21689",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21689"
},
{
"name": "CVE-2025-21690",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21690"
},
{
"name": "CVE-2025-21692",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21692"
},
{
"name": "CVE-2025-21697",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21697"
},
{
"name": "CVE-2025-21699",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21699"
},
{
"name": "CVE-2025-21700",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21700"
},
{
"name": "CVE-2024-43098",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43098"
},
{
"name": "CVE-2024-47408",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47408"
},
{
"name": "CVE-2024-49571",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49571"
},
{
"name": "CVE-2024-53680",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53680"
},
{
"name": "CVE-2024-56581",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56581"
},
{
"name": "CVE-2024-56586",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56586"
},
{
"name": "CVE-2024-56626",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56626"
},
{
"name": "CVE-2024-56627",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56627"
},
{
"name": "CVE-2024-56640",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56640"
},
{
"name": "CVE-2024-56770",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56770"
},
{
"name": "CVE-2024-56781",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56781"
},
{
"name": "CVE-2024-56785",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56785"
},
{
"name": "CVE-2024-57807",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57807"
},
{
"name": "CVE-2024-57841",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57841"
},
{
"name": "CVE-2024-57900",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57900"
},
{
"name": "CVE-2024-57901",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57901"
},
{
"name": "CVE-2024-57902",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57902"
},
{
"name": "CVE-2024-57951",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57951"
},
{
"name": "CVE-2025-21694",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21694"
},
{
"name": "CVE-2022-0995",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0995"
},
{
"name": "CVE-2024-41932",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41932"
},
{
"name": "CVE-2024-41935",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41935"
},
{
"name": "CVE-2024-47794",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47794"
},
{
"name": "CVE-2024-48875",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48875"
},
{
"name": "CVE-2024-48876",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48876"
},
{
"name": "CVE-2024-56550",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56550"
},
{
"name": "CVE-2024-56565",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56565"
},
{
"name": "CVE-2024-56580",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56580"
},
{
"name": "CVE-2024-56583",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56583"
},
{
"name": "CVE-2024-56613",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56613"
},
{
"name": "CVE-2024-56621",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56621"
},
{
"name": "CVE-2024-56638",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56638"
},
{
"name": "CVE-2024-56771",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56771"
},
{
"name": "CVE-2024-56772",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56772"
},
{
"name": "CVE-2024-56773",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56773"
},
{
"name": "CVE-2024-56782",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56782"
},
{
"name": "CVE-2024-56786",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56786"
},
{
"name": "CVE-2024-57843",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57843"
},
{
"name": "CVE-2024-57872",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57872"
},
{
"name": "CVE-2024-58087",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58087"
},
{
"name": "CVE-2025-21701",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21701"
},
{
"name": "CVE-2025-21703",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21703"
},
{
"name": "CVE-2025-21756",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21756"
},
{
"name": "CVE-2025-21831",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21831"
},
{
"name": "CVE-2025-21702",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21702"
},
{
"name": "CVE-2025-21993",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21993"
},
{
"name": "CVE-2024-44955",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44955"
},
{
"name": "CVE-2025-2312",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2312"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0366",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-05-02T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux d\u0027Ubuntu. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux d\u0027Ubuntu",
"vendor_advisories": [
{
"published_at": "2025-04-25",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7455-4",
"url": "https://ubuntu.com/security/notices/USN-7455-4"
},
{
"published_at": "2025-04-28",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7459-2",
"url": "https://ubuntu.com/security/notices/USN-7459-2"
},
{
"published_at": "2025-04-28",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7468-1",
"url": "https://ubuntu.com/security/notices/USN-7468-1"
},
{
"published_at": "2025-04-29",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7455-5",
"url": "https://ubuntu.com/security/notices/USN-7455-5"
}
]
}
CERTFR-2024-AVI-1031
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans le noyau Linux de Debian. Elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à la confidentialité des données et un déni de service.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Debian bookworm versions ant\u00e9rieures \u00e0 6.1.119-1",
"product": {
"name": "N/A",
"vendor": {
"name": "Debian",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-53061",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53061"
},
{
"name": "CVE-2024-53052",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53052"
},
{
"name": "CVE-2024-53042",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53042"
},
{
"name": "CVE-2024-50262",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50262"
},
{
"name": "CVE-2024-50268",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50268"
},
{
"name": "CVE-2024-50243",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50243"
},
{
"name": "CVE-2024-53054",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53054"
},
{
"name": "CVE-2024-53055",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53055"
},
{
"name": "CVE-2024-43868",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43868"
},
{
"name": "CVE-2024-49950",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49950"
},
{
"name": "CVE-2024-50286",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50286"
},
{
"name": "CVE-2024-50302",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50302"
},
{
"name": "CVE-2024-50267",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50267"
},
{
"name": "CVE-2024-50228",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50228"
},
{
"name": "CVE-2024-50269",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50269"
},
{
"name": "CVE-2024-53057",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53057"
},
{
"name": "CVE-2024-50257",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50257"
},
{
"name": "CVE-2024-53066",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53066"
},
{
"name": "CVE-2024-50295",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50295"
},
{
"name": "CVE-2024-53063",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53063"
},
{
"name": "CVE-2024-50249",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50249"
},
{
"name": "CVE-2024-49974",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49974"
},
{
"name": "CVE-2024-50233",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50233"
},
{
"name": "CVE-2024-49960",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49960"
},
{
"name": "CVE-2024-50292",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50292"
},
{
"name": "CVE-2024-50012",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50012"
},
{
"name": "CVE-2024-50244",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50244"
},
{
"name": "CVE-2024-50072",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50072"
},
{
"name": "CVE-2024-50283",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50283"
},
{
"name": "CVE-2024-50247",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50247"
},
{
"name": "CVE-2024-50296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50296"
},
{
"name": "CVE-2024-50284",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50284"
},
{
"name": "CVE-2024-36915",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36915"
},
{
"name": "CVE-2024-50237",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50237"
},
{
"name": "CVE-2024-50264",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50264"
},
{
"name": "CVE-2024-50230",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50230"
},
{
"name": "CVE-2024-50276",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50276"
},
{
"name": "CVE-2024-53058",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53058"
},
{
"name": "CVE-2024-50272",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50272"
},
{
"name": "CVE-2024-50261",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50261"
},
{
"name": "CVE-2024-53088",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53088"
},
{
"name": "CVE-2024-49986",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49986"
},
{
"name": "CVE-2024-50290",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50290"
},
{
"name": "CVE-2024-50242",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50242"
},
{
"name": "CVE-2024-50265",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50265"
},
{
"name": "CVE-2024-53082",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53082"
},
{
"name": "CVE-2024-50282",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50282"
},
{
"name": "CVE-2024-50273",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50273"
},
{
"name": "CVE-2024-35964",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35964"
},
{
"name": "CVE-2024-50280",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50280"
},
{
"name": "CVE-2024-53081",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53081"
},
{
"name": "CVE-2024-50259",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50259"
},
{
"name": "CVE-2024-50215",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50215"
},
{
"name": "CVE-2024-50235",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50235"
},
{
"name": "CVE-2024-26952",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26952"
},
{
"name": "CVE-2024-50287",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50287"
},
{
"name": "CVE-2022-45888",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45888"
},
{
"name": "CVE-2024-36244",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36244"
},
{
"name": "CVE-2024-50278",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50278"
},
{
"name": "CVE-2024-53072",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53072"
},
{
"name": "CVE-2024-38553",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38553"
},
{
"name": "CVE-2024-53043",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53043"
},
{
"name": "CVE-2024-50036",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50036"
},
{
"name": "CVE-2024-50256",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50256"
},
{
"name": "CVE-2024-50232",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50232"
},
{
"name": "CVE-2024-50252",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50252"
},
{
"name": "CVE-2024-50251",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50251"
},
{
"name": "CVE-2024-36923",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36923"
},
{
"name": "CVE-2024-41080",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41080"
},
{
"name": "CVE-2024-50236",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50236"
},
{
"name": "CVE-2024-42322",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42322"
},
{
"name": "CVE-2024-36478",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36478"
},
{
"name": "CVE-2024-50271",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50271"
},
{
"name": "CVE-2024-53070",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53070"
},
{
"name": "CVE-2024-50234",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50234"
},
{
"name": "CVE-2024-38540",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38540"
},
{
"name": "CVE-2024-50229",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50229"
},
{
"name": "CVE-2024-36914",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36914"
},
{
"name": "CVE-2024-50301",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50301"
},
{
"name": "CVE-2024-49991",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49991"
},
{
"name": "CVE-2024-43904",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43904"
},
{
"name": "CVE-2024-50126",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50126"
},
{
"name": "CVE-2024-50067",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50067"
},
{
"name": "CVE-2024-53060",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53060"
},
{
"name": "CVE-2024-50250",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50250"
},
{
"name": "CVE-2024-26954",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26954"
},
{
"name": "CVE-2024-43911",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43911"
},
{
"name": "CVE-2024-53059",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53059"
},
{
"name": "CVE-2024-50299",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50299"
},
{
"name": "CVE-2024-50218",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50218"
},
{
"name": "CVE-2024-50279",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50279"
},
{
"name": "CVE-2024-50245",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50245"
},
{
"name": "CVE-2024-44949",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44949"
},
{
"name": "CVE-2023-52812",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52812"
},
{
"name": "CVE-2024-50255",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50255"
},
{
"name": "CVE-2024-53093",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53093"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-1031",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-11-29T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de Debian. Elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un d\u00e9ni de service.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de Debian",
"vendor_advisories": [
{
"published_at": "2024-11-24",
"title": "Bulletin de s\u00e9curit\u00e9 Debian DSA-5818-1",
"url": "https://lists.debian.org/debian-security-announce/2024/msg00233.html"
}
]
}
CERTFR-2025-AVI-0133
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, un contournement de la politique de sécurité et un déni de service.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SUSE | N/A | SUSE Linux Enterprise High Performance Computing 15 SP5 | ||
| SUSE | N/A | SUSE Manager Proxy 4.2 | ||
| SUSE | N/A | SUSE Linux Enterprise Desktop 15 SP6 | ||
| SUSE | N/A | SUSE Linux Enterprise Micro 5.3 | ||
| SUSE | N/A | Basesystem Module 15-SP6 | ||
| SUSE | N/A | SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 | ||
| SUSE | N/A | SUSE Linux Enterprise Micro for Rancher 5.2 | ||
| SUSE | N/A | SUSE Linux Enterprise High Performance Computing 12 SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Server 12 SP5 | ||
| SUSE | N/A | Public Cloud Module 15-SP6 | ||
| SUSE | N/A | SUSE Linux Enterprise Live Patching 15-SP4 | ||
| SUSE | N/A | SUSE Linux Enterprise Live Patching 15-SP3 | ||
| SUSE | N/A | openSUSE Leap 15.4 | ||
| SUSE | N/A | SUSE Linux Enterprise Server for SAP Applications 15 SP4 | ||
| SUSE | N/A | openSUSE Leap 15.5 | ||
| SUSE | N/A | SUSE Linux Enterprise High Performance Computing 15 SP4 | ||
| SUSE | N/A | SUSE Linux Enterprise High Availability Extension 15 SP3 | ||
| SUSE | N/A | SUSE Linux Enterprise Live Patching 15-SP6 | ||
| SUSE | N/A | SUSE Linux Enterprise Server 15 SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Server 15 SP3 Business Critical Linux | ||
| SUSE | N/A | SUSE Linux Enterprise Server for SAP Applications 15 SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Real Time 15 SP5 | ||
| SUSE | N/A | Legacy Module 15-SP6 | ||
| SUSE | N/A | SUSE Linux Enterprise Live Patching 12-SP5 | ||
| SUSE | N/A | SUSE Manager Retail Branch Server 4.2 | ||
| SUSE | N/A | SUSE Linux Enterprise Live Patching 15-SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Server 15 SP3 | ||
| SUSE | N/A | SUSE Linux Enterprise Micro 5.2 | ||
| SUSE | N/A | SUSE Linux Enterprise Real Time 15 SP6 | ||
| SUSE | N/A | openSUSE Leap 15.6 | ||
| SUSE | N/A | SUSE Enterprise Storage 7.1 | ||
| SUSE | N/A | SUSE Linux Enterprise Server 15 SP4 | ||
| SUSE | N/A | SUSE Linux Enterprise Real Time 15 SP4 | ||
| SUSE | N/A | SUSE Manager Server 4.2 | ||
| SUSE | N/A | SUSE Linux Enterprise Workstation Extension 15 SP6 | ||
| SUSE | N/A | SUSE Linux Enterprise High Performance Computing 15 SP3 | ||
| SUSE | N/A | SUSE Linux Enterprise Server for SAP Applications 15 SP3 | ||
| SUSE | N/A | SUSE Linux Enterprise Server for SAP Applications 12 SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Server 15 SP3 LTSS | ||
| SUSE | N/A | SUSE Linux Enterprise Micro 5.1 | ||
| SUSE | N/A | SUSE Linux Enterprise Micro 5.4 | ||
| SUSE | N/A | openSUSE Leap 15.3 | ||
| SUSE | N/A | SUSE Linux Enterprise High Availability Extension 15 SP6 | ||
| SUSE | N/A | SUSE Linux Enterprise Server for SAP Applications 15 SP6 | ||
| SUSE | N/A | Development Tools Module 15-SP6 | ||
| SUSE | N/A | SUSE Linux Enterprise Server 15 SP6 | ||
| SUSE | N/A | SUSE Linux Enterprise Micro 5.5 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SUSE Linux Enterprise High Performance Computing 15 SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Proxy 4.2",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Desktop 15 SP6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro 5.3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "Basesystem Module 15-SP6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing LTSS 15 SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro for Rancher 5.2",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 12 SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 12 SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "Public Cloud Module 15-SP6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 15-SP4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 15-SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "openSUSE Leap 15.4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "openSUSE Leap 15.5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 15 SP4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Availability Extension 15 SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 15-SP6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15 SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15 SP3 Business Critical Linux",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Real Time 15 SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "Legacy Module 15-SP6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 12-SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Retail Branch Server 4.2",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 15-SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15 SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro 5.2",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Real Time 15 SP6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "openSUSE Leap 15.6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Enterprise Storage 7.1",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15 SP4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Real Time 15 SP4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Server 4.2",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Workstation Extension 15 SP6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 15 SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15 SP3 LTSS",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro 5.1",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro 5.4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "openSUSE Leap 15.3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Availability Extension 15 SP6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "Development Tools Module 15-SP6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15 SP6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro 5.5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2023-4244",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4244"
},
{
"name": "CVE-2024-26810",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26810"
},
{
"name": "CVE-2023-52489",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52489"
},
{
"name": "CVE-2024-35863",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35863"
},
{
"name": "CVE-2022-48912",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48912"
},
{
"name": "CVE-2022-48923",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48923"
},
{
"name": "CVE-2024-45016",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45016"
},
{
"name": "CVE-2024-46858",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46858"
},
{
"name": "CVE-2024-47684",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47684"
},
{
"name": "CVE-2024-50251",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50251"
},
{
"name": "CVE-2024-50299",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50299"
},
{
"name": "CVE-2024-43913",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43913"
},
{
"name": "CVE-2024-49948",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49948"
},
{
"name": "CVE-2024-53095",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53095"
},
{
"name": "CVE-2024-53104",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53104"
},
{
"name": "CVE-2024-49978",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49978"
},
{
"name": "CVE-2024-50151",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50151"
},
{
"name": "CVE-2024-50199",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50199"
},
{
"name": "CVE-2024-56605",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56605"
},
{
"name": "CVE-2024-53239",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53239"
},
{
"name": "CVE-2024-56548",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56548"
},
{
"name": "CVE-2024-56570",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56570"
},
{
"name": "CVE-2024-56571",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56571"
},
{
"name": "CVE-2024-56575",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56575"
},
{
"name": "CVE-2024-56598",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56598"
},
{
"name": "CVE-2024-56619",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56619"
},
{
"name": "CVE-2024-56631",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56631"
},
{
"name": "CVE-2024-56704",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56704"
},
{
"name": "CVE-2023-52923",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52923"
},
{
"name": "CVE-2024-36476",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36476"
},
{
"name": "CVE-2024-39282",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39282"
},
{
"name": "CVE-2024-45828",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45828"
},
{
"name": "CVE-2024-46896",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46896"
},
{
"name": "CVE-2024-47141",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47141"
},
{
"name": "CVE-2024-47143",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47143"
},
{
"name": "CVE-2024-47809",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47809"
},
{
"name": "CVE-2024-48873",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48873"
},
{
"name": "CVE-2024-48881",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48881"
},
{
"name": "CVE-2024-49569",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49569"
},
{
"name": "CVE-2024-49951",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49951"
},
{
"name": "CVE-2024-49998",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49998"
},
{
"name": "CVE-2024-50051",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50051"
},
{
"name": "CVE-2024-50106",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50106"
},
{
"name": "CVE-2024-52332",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52332"
},
{
"name": "CVE-2024-53091",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53091"
},
{
"name": "CVE-2024-53168",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53168"
},
{
"name": "CVE-2024-53170",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53170"
},
{
"name": "CVE-2024-53172",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53172"
},
{
"name": "CVE-2024-53175",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53175"
},
{
"name": "CVE-2024-53185",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53185"
},
{
"name": "CVE-2024-53194",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53194"
},
{
"name": "CVE-2024-53195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53195"
},
{
"name": "CVE-2024-53196",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53196"
},
{
"name": "CVE-2024-53197",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53197"
},
{
"name": "CVE-2024-53198",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53198"
},
{
"name": "CVE-2024-53227",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53227"
},
{
"name": "CVE-2024-53230",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53230"
},
{
"name": "CVE-2024-53231",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53231"
},
{
"name": "CVE-2024-53232",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53232"
},
{
"name": "CVE-2024-53233",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53233"
},
{
"name": "CVE-2024-53236",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53236"
},
{
"name": "CVE-2024-53685",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53685"
},
{
"name": "CVE-2024-53690",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53690"
},
{
"name": "CVE-2024-54680",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54680"
},
{
"name": "CVE-2024-55639",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55639"
},
{
"name": "CVE-2024-55881",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55881"
},
{
"name": "CVE-2024-55916",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55916"
},
{
"name": "CVE-2024-56369",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56369"
},
{
"name": "CVE-2024-56372",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56372"
},
{
"name": "CVE-2024-56531",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56531"
},
{
"name": "CVE-2024-56532",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56532"
},
{
"name": "CVE-2024-56533",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56533"
},
{
"name": "CVE-2024-56538",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56538"
},
{
"name": "CVE-2024-56543",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56543"
},
{
"name": "CVE-2024-56546",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56546"
},
{
"name": "CVE-2024-56557",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56557"
},
{
"name": "CVE-2024-56558",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56558"
},
{
"name": "CVE-2024-56568",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56568"
},
{
"name": "CVE-2024-56569",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56569"
},
{
"name": "CVE-2024-56572",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56572"
},
{
"name": "CVE-2024-56573",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56573"
},
{
"name": "CVE-2024-56574",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56574"
},
{
"name": "CVE-2024-53164",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53164"
},
{
"name": "CVE-2024-56577",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56577"
},
{
"name": "CVE-2024-56578",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56578"
},
{
"name": "CVE-2024-56584",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56584"
},
{
"name": "CVE-2024-56587",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56587"
},
{
"name": "CVE-2024-56588",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56588"
},
{
"name": "CVE-2024-56589",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56589"
},
{
"name": "CVE-2024-56590",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56590"
},
{
"name": "CVE-2024-56593",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56593"
},
{
"name": "CVE-2024-56594",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56594"
},
{
"name": "CVE-2024-56595",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56595"
},
{
"name": "CVE-2024-56596",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56596"
},
{
"name": "CVE-2024-56597",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56597"
},
{
"name": "CVE-2024-56602",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56602"
},
{
"name": "CVE-2024-56603",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56603"
},
{
"name": "CVE-2024-56606",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56606"
},
{
"name": "CVE-2024-56607",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56607"
},
{
"name": "CVE-2024-56609",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56609"
},
{
"name": "CVE-2024-56611",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56611"
},
{
"name": "CVE-2024-56614",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56614"
},
{
"name": "CVE-2024-56615",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56615"
},
{
"name": "CVE-2024-56616",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56616"
},
{
"name": "CVE-2024-56617",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56617"
},
{
"name": "CVE-2024-56620",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56620"
},
{
"name": "CVE-2024-56622",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56622"
},
{
"name": "CVE-2024-56623",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56623"
},
{
"name": "CVE-2024-56625",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56625"
},
{
"name": "CVE-2024-56629",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56629"
},
{
"name": "CVE-2024-56630",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56630"
},
{
"name": "CVE-2024-56632",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56632"
},
{
"name": "CVE-2024-56634",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56634"
},
{
"name": "CVE-2024-56635",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56635"
},
{
"name": "CVE-2024-56636",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56636"
},
{
"name": "CVE-2024-56637",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56637"
},
{
"name": "CVE-2024-56641",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56641"
},
{
"name": "CVE-2024-56642",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56642"
},
{
"name": "CVE-2024-56643",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56643"
},
{
"name": "CVE-2024-56644",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56644"
},
{
"name": "CVE-2024-56648",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56648"
},
{
"name": "CVE-2024-56649",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56649"
},
{
"name": "CVE-2024-56651",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56651"
},
{
"name": "CVE-2024-56654",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56654"
},
{
"name": "CVE-2024-56656",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56656"
},
{
"name": "CVE-2024-56659",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56659"
},
{
"name": "CVE-2024-56660",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56660"
},
{
"name": "CVE-2024-56661",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56661"
},
{
"name": "CVE-2024-56662",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56662"
},
{
"name": "CVE-2024-56663",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56663"
},
{
"name": "CVE-2024-56664",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56664"
},
{
"name": "CVE-2024-56670",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56670"
},
{
"name": "CVE-2024-56672",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56672"
},
{
"name": "CVE-2024-56675",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56675"
},
{
"name": "CVE-2024-56677",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56677"
},
{
"name": "CVE-2024-56678",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56678"
},
{
"name": "CVE-2024-56681",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56681"
},
{
"name": "CVE-2024-56683",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56683"
},
{
"name": "CVE-2024-56687",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56687"
},
{
"name": "CVE-2024-56688",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56688"
},
{
"name": "CVE-2024-56690",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56690"
},
{
"name": "CVE-2024-56691",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56691"
},
{
"name": "CVE-2024-56694",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56694"
},
{
"name": "CVE-2024-56698",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56698"
},
{
"name": "CVE-2024-56700",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56700"
},
{
"name": "CVE-2024-56701",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56701"
},
{
"name": "CVE-2024-56705",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56705"
},
{
"name": "CVE-2024-56708",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56708"
},
{
"name": "CVE-2024-56709",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56709"
},
{
"name": "CVE-2024-56712",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56712"
},
{
"name": "CVE-2024-56716",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56716"
},
{
"name": "CVE-2024-56722",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56722"
},
{
"name": "CVE-2024-56723",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56723"
},
{
"name": "CVE-2024-56724",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56724"
},
{
"name": "CVE-2024-56729",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56729"
},
{
"name": "CVE-2024-56739",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56739"
},
{
"name": "CVE-2024-56741",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56741"
},
{
"name": "CVE-2024-56745",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56745"
},
{
"name": "CVE-2024-56746",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56746"
},
{
"name": "CVE-2024-56747",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56747"
},
{
"name": "CVE-2024-56748",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56748"
},
{
"name": "CVE-2024-56759",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56759"
},
{
"name": "CVE-2024-56760",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56760"
},
{
"name": "CVE-2024-56765",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56765"
},
{
"name": "CVE-2024-56766",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56766"
},
{
"name": "CVE-2024-56767",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56767"
},
{
"name": "CVE-2024-56769",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56769"
},
{
"name": "CVE-2024-56774",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56774"
},
{
"name": "CVE-2024-56775",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56775"
},
{
"name": "CVE-2024-56776",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56776"
},
{
"name": "CVE-2024-56777",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56777"
},
{
"name": "CVE-2024-56778",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56778"
},
{
"name": "CVE-2024-56779",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56779"
},
{
"name": "CVE-2024-56780",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56780"
},
{
"name": "CVE-2024-56787",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56787"
},
{
"name": "CVE-2024-57791",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57791"
},
{
"name": "CVE-2024-57792",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57792"
},
{
"name": "CVE-2024-57793",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57793"
},
{
"name": "CVE-2024-57795",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57795"
},
{
"name": "CVE-2024-57798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57798"
},
{
"name": "CVE-2024-57801",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57801"
},
{
"name": "CVE-2024-57804",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57804"
},
{
"name": "CVE-2024-57809",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57809"
},
{
"name": "CVE-2024-57838",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57838"
},
{
"name": "CVE-2024-57849",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57849"
},
{
"name": "CVE-2024-57850",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57850"
},
{
"name": "CVE-2024-57857",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57857"
},
{
"name": "CVE-2024-57874",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57874"
},
{
"name": "CVE-2024-57876",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57876"
},
{
"name": "CVE-2024-57887",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57887"
},
{
"name": "CVE-2024-57888",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57888"
},
{
"name": "CVE-2024-57890",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57890"
},
{
"name": "CVE-2024-57892",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57892"
},
{
"name": "CVE-2024-57893",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57893"
},
{
"name": "CVE-2024-57896",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57896"
},
{
"name": "CVE-2024-57897",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57897"
},
{
"name": "CVE-2024-57899",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57899"
},
{
"name": "CVE-2024-57903",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57903"
},
{
"name": "CVE-2024-57904",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57904"
},
{
"name": "CVE-2024-57906",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57906"
},
{
"name": "CVE-2024-57907",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57907"
},
{
"name": "CVE-2024-57908",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57908"
},
{
"name": "CVE-2024-57910",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57910"
},
{
"name": "CVE-2024-57911",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57911"
},
{
"name": "CVE-2024-57912",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57912"
},
{
"name": "CVE-2024-57913",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57913"
},
{
"name": "CVE-2024-57915",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57915"
},
{
"name": "CVE-2024-57916",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57916"
},
{
"name": "CVE-2024-57922",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57922"
},
{
"name": "CVE-2024-57926",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57926"
},
{
"name": "CVE-2024-57929",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57929"
},
{
"name": "CVE-2024-57932",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57932"
},
{
"name": "CVE-2024-57933",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57933"
},
{
"name": "CVE-2024-57935",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57935"
},
{
"name": "CVE-2024-57936",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57936"
},
{
"name": "CVE-2024-57940",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57940"
},
{
"name": "CVE-2025-21632",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21632"
},
{
"name": "CVE-2025-21645",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21645"
},
{
"name": "CVE-2025-21646",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21646"
},
{
"name": "CVE-2025-21649",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21649"
},
{
"name": "CVE-2025-21650",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21650"
},
{
"name": "CVE-2025-21651",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21651"
},
{
"name": "CVE-2025-21656",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21656"
},
{
"name": "CVE-2025-21662",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21662"
},
{
"name": "CVE-2024-50258",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50258"
},
{
"name": "CVE-2024-50304",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50304"
},
{
"name": "CVE-2024-53187",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53187"
},
{
"name": "CVE-2024-53203",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53203"
},
{
"name": "CVE-2024-56592",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56592"
},
{
"name": "CVE-2024-56600",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56600"
},
{
"name": "CVE-2024-56601",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56601"
},
{
"name": "CVE-2024-56608",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56608"
},
{
"name": "CVE-2024-56610",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56610"
},
{
"name": "CVE-2024-56650",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56650"
},
{
"name": "CVE-2024-56658",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56658"
},
{
"name": "CVE-2024-56665",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56665"
},
{
"name": "CVE-2024-56679",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56679"
},
{
"name": "CVE-2024-56693",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56693"
},
{
"name": "CVE-2024-56707",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56707"
},
{
"name": "CVE-2024-56715",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56715"
},
{
"name": "CVE-2024-56725",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56725"
},
{
"name": "CVE-2024-56726",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56726"
},
{
"name": "CVE-2024-56727",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56727"
},
{
"name": "CVE-2024-56728",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56728"
},
{
"name": "CVE-2024-56763",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56763"
},
{
"name": "CVE-2024-57802",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57802"
},
{
"name": "CVE-2024-57882",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57882"
},
{
"name": "CVE-2024-57884",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57884"
},
{
"name": "CVE-2024-57917",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57917"
},
{
"name": "CVE-2024-57931",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57931"
},
{
"name": "CVE-2024-57938",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57938"
},
{
"name": "CVE-2024-57946",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57946"
},
{
"name": "CVE-2025-21652",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21652"
},
{
"name": "CVE-2025-21653",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21653"
},
{
"name": "CVE-2025-21655",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21655"
},
{
"name": "CVE-2025-21663",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21663"
},
{
"name": "CVE-2025-21664",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21664"
},
{
"name": "CVE-2025-21666",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21666"
},
{
"name": "CVE-2025-21669",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21669"
},
{
"name": "CVE-2025-21670",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21670"
},
{
"name": "CVE-2025-21674",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21674"
},
{
"name": "CVE-2025-21675",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21675"
},
{
"name": "CVE-2025-21676",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21676"
},
{
"name": "CVE-2025-21678",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21678"
},
{
"name": "CVE-2025-21682",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21682"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0133",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-02-14T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de SUSE. Elles permettent \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es, un contournement de la politique de s\u00e9curit\u00e9 et un d\u00e9ni de service.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de SUSE",
"vendor_advisories": [
{
"published_at": "2025-02-10",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2025:0414-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250414-1"
},
{
"published_at": "2025-02-10",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2025:0426-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250426-1"
},
{
"published_at": "2025-02-13",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2025:0517-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250517-1"
},
{
"published_at": "2025-02-12",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2025:0494-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250494-1"
},
{
"published_at": "2025-02-12",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2025:0486-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250486-1"
},
{
"published_at": "2025-02-12",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2025:0455-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250455-1"
},
{
"published_at": "2025-02-12",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2025:0462-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250462-1"
},
{
"published_at": "2025-02-12",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2025:0452-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250452-1"
},
{
"published_at": "2025-02-12",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2025:0487-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250487-1"
},
{
"published_at": "2025-02-12",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2025:0449-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250449-1"
},
{
"published_at": "2025-02-10",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2025:0428-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250428-1"
},
{
"published_at": "2025-02-12",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2025:0489-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250489-1"
},
{
"published_at": "2025-02-13",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2025:0499-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250499-1"
},
{
"published_at": "2025-02-12",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2025:0465-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250465-1"
},
{
"published_at": "2025-02-12",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2025:0476-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250476-1"
},
{
"published_at": "2025-02-09",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2025:0410-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250410-1"
},
{
"published_at": "2025-02-11",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2025:0440-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250440-1"
}
]
}
CERTFR-2025-AVI-0276
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans le noyau Linux d'Ubuntu. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Ubuntu 24.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 18.04 ESM",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 20.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 14.04 ESM",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 22.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2022-38096",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38096"
},
{
"name": "CVE-2023-21400",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21400"
},
{
"name": "CVE-2023-52458",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52458"
},
{
"name": "CVE-2021-47101",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47101"
},
{
"name": "CVE-2024-26718",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26718"
},
{
"name": "CVE-2021-47119",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47119"
},
{
"name": "CVE-2021-47001",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47001"
},
{
"name": "CVE-2021-47219",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47219"
},
{
"name": "CVE-2024-23848",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23848"
},
{
"name": "CVE-2021-47469",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47469"
},
{
"name": "CVE-2021-47483",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47483"
},
{
"name": "CVE-2023-52821",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52821"
},
{
"name": "CVE-2024-26928",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26928"
},
{
"name": "CVE-2024-35864",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35864"
},
{
"name": "CVE-2024-35887",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35887"
},
{
"name": "CVE-2024-35963",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35963"
},
{
"name": "CVE-2024-35965",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35965"
},
{
"name": "CVE-2024-35966",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35966"
},
{
"name": "CVE-2024-35967",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35967"
},
{
"name": "CVE-2024-36952",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36952"
},
{
"name": "CVE-2024-35896",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35896"
},
{
"name": "CVE-2024-36899",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36899"
},
{
"name": "CVE-2024-38544",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38544"
},
{
"name": "CVE-2024-38553",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38553"
},
{
"name": "CVE-2024-38597",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38597"
},
{
"name": "CVE-2024-40910",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40910"
},
{
"name": "CVE-2024-40911",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40911"
},
{
"name": "CVE-2024-40953",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40953"
},
{
"name": "CVE-2024-40967",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40967"
},
{
"name": "CVE-2024-38588",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38588"
},
{
"name": "CVE-2024-39497",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39497"
},
{
"name": "CVE-2024-41016",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41016"
},
{
"name": "CVE-2024-41066",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41066"
},
{
"name": "CVE-2024-40965",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40965"
},
{
"name": "CVE-2023-52913",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52913"
},
{
"name": "CVE-2024-41080",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41080"
},
{
"name": "CVE-2024-42291",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42291"
},
{
"name": "CVE-2024-42315",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42315"
},
{
"name": "CVE-2024-43863",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43863"
},
{
"name": "CVE-2024-43892",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43892"
},
{
"name": "CVE-2024-43900",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43900"
},
{
"name": "CVE-2024-44931",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44931"
},
{
"name": "CVE-2024-44938",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44938"
},
{
"name": "CVE-2024-46731",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46731"
},
{
"name": "CVE-2024-46784",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46784"
},
{
"name": "CVE-2024-46849",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46849"
},
{
"name": "CVE-2024-46853",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46853"
},
{
"name": "CVE-2024-46854",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46854"
},
{
"name": "CVE-2024-42252",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42252"
},
{
"name": "CVE-2024-46809",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46809"
},
{
"name": "CVE-2024-46841",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46841"
},
{
"name": "CVE-2024-46871",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46871"
},
{
"name": "CVE-2024-47670",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47670"
},
{
"name": "CVE-2024-47671",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47671"
},
{
"name": "CVE-2024-47672",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47672"
},
{
"name": "CVE-2024-47673",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47673"
},
{
"name": "CVE-2024-47674",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47674"
},
{
"name": "CVE-2024-47675",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47675"
},
{
"name": "CVE-2024-47681",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47681"
},
{
"name": "CVE-2024-47682",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47682"
},
{
"name": "CVE-2024-47684",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47684"
},
{
"name": "CVE-2024-47685",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47685"
},
{
"name": "CVE-2024-47686",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47686"
},
{
"name": "CVE-2024-47687",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47687"
},
{
"name": "CVE-2024-47688",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47688"
},
{
"name": "CVE-2024-47692",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47692"
},
{
"name": "CVE-2024-47693",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47693"
},
{
"name": "CVE-2024-47695",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47695"
},
{
"name": "CVE-2024-47696",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47696"
},
{
"name": "CVE-2024-47697",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47697"
},
{
"name": "CVE-2024-47698",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47698"
},
{
"name": "CVE-2024-47699",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47699"
},
{
"name": "CVE-2024-47702",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47702"
},
{
"name": "CVE-2024-47704",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47704"
},
{
"name": "CVE-2024-47705",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47705"
},
{
"name": "CVE-2024-47706",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47706"
},
{
"name": "CVE-2024-47707",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47707"
},
{
"name": "CVE-2024-47709",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47709"
},
{
"name": "CVE-2024-47710",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47710"
},
{
"name": "CVE-2024-47712",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47712"
},
{
"name": "CVE-2024-47713",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47713"
},
{
"name": "CVE-2024-47714",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47714"
},
{
"name": "CVE-2024-47715",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47715"
},
{
"name": "CVE-2024-47718",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47718"
},
{
"name": "CVE-2024-47719",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47719"
},
{
"name": "CVE-2024-47720",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47720"
},
{
"name": "CVE-2024-47723",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47723"
},
{
"name": "CVE-2024-47727",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47727"
},
{
"name": "CVE-2024-47728",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47728"
},
{
"name": "CVE-2024-47730",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47730"
},
{
"name": "CVE-2024-47731",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47731"
},
{
"name": "CVE-2024-47732",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47732"
},
{
"name": "CVE-2024-47735",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47735"
},
{
"name": "CVE-2024-47737",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47737"
},
{
"name": "CVE-2024-47738",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47738"
},
{
"name": "CVE-2024-47739",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47739"
},
{
"name": "CVE-2024-47741",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47741"
},
{
"name": "CVE-2024-47742",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47742"
},
{
"name": "CVE-2024-47743",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47743"
},
{
"name": "CVE-2024-47744",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47744"
},
{
"name": "CVE-2024-47745",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47745"
},
{
"name": "CVE-2024-47747",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47747"
},
{
"name": "CVE-2024-47748",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47748"
},
{
"name": "CVE-2024-47749",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47749"
},
{
"name": "CVE-2024-47750",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47750"
},
{
"name": "CVE-2024-47751",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47751"
},
{
"name": "CVE-2024-47752",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47752"
},
{
"name": "CVE-2024-47753",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47753"
},
{
"name": "CVE-2024-47754",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47754"
},
{
"name": "CVE-2024-47756",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47756"
},
{
"name": "CVE-2024-47757",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47757"
},
{
"name": "CVE-2024-49850",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49850"
},
{
"name": "CVE-2024-49851",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49851"
},
{
"name": "CVE-2024-49852",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49852"
},
{
"name": "CVE-2024-49853",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49853"
},
{
"name": "CVE-2024-49855",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49855"
},
{
"name": "CVE-2024-49858",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49858"
},
{
"name": "CVE-2024-49860",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49860"
},
{
"name": "CVE-2024-49861",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49861"
},
{
"name": "CVE-2024-49862",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49862"
},
{
"name": "CVE-2024-49863",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49863"
},
{
"name": "CVE-2024-49864",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49864"
},
{
"name": "CVE-2024-49866",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49866"
},
{
"name": "CVE-2024-49867",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49867"
},
{
"name": "CVE-2024-49870",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49870"
},
{
"name": "CVE-2024-49871",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49871"
},
{
"name": "CVE-2024-49874",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49874"
},
{
"name": "CVE-2024-49875",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49875"
},
{
"name": "CVE-2024-49877",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49877"
},
{
"name": "CVE-2024-49878",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49878"
},
{
"name": "CVE-2024-49879",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49879"
},
{
"name": "CVE-2024-49881",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49881"
},
{
"name": "CVE-2024-49882",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49882"
},
{
"name": "CVE-2024-49883",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49883"
},
{
"name": "CVE-2024-49886",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49886"
},
{
"name": "CVE-2024-49888",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49888"
},
{
"name": "CVE-2024-49890",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49890"
},
{
"name": "CVE-2024-49891",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49891"
},
{
"name": "CVE-2024-49892",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49892"
},
{
"name": "CVE-2024-49894",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49894"
},
{
"name": "CVE-2024-49895",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49895"
},
{
"name": "CVE-2024-49896",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49896"
},
{
"name": "CVE-2024-49897",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49897"
},
{
"name": "CVE-2024-49898",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49898"
},
{
"name": "CVE-2024-49900",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49900"
},
{
"name": "CVE-2024-49901",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49901"
},
{
"name": "CVE-2024-49902",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49902"
},
{
"name": "CVE-2024-49903",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49903"
},
{
"name": "CVE-2024-49907",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49907"
},
{
"name": "CVE-2024-49909",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49909"
},
{
"name": "CVE-2024-49911",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49911"
},
{
"name": "CVE-2024-49912",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49912"
},
{
"name": "CVE-2024-49913",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49913"
},
{
"name": "CVE-2024-49914",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49914"
},
{
"name": "CVE-2024-49917",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49917"
},
{
"name": "CVE-2024-49918",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49918"
},
{
"name": "CVE-2024-49919",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49919"
},
{
"name": "CVE-2024-49920",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49920"
},
{
"name": "CVE-2024-49922",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49922"
},
{
"name": "CVE-2024-49923",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49923"
},
{
"name": "CVE-2024-49928",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49928"
},
{
"name": "CVE-2024-49929",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49929"
},
{
"name": "CVE-2024-49930",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49930"
},
{
"name": "CVE-2024-49931",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49931"
},
{
"name": "CVE-2024-49933",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49933"
},
{
"name": "CVE-2024-49935",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49935"
},
{
"name": "CVE-2024-49936",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49936"
},
{
"name": "CVE-2024-49937",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49937"
},
{
"name": "CVE-2024-49938",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49938"
},
{
"name": "CVE-2024-49939",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49939"
},
{
"name": "CVE-2024-49946",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49946"
},
{
"name": "CVE-2024-49947",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49947"
},
{
"name": "CVE-2024-49949",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49949"
},
{
"name": "CVE-2024-49950",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49950"
},
{
"name": "CVE-2024-49953",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49953"
},
{
"name": "CVE-2024-49954",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49954"
},
{
"name": "CVE-2024-49955",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49955"
},
{
"name": "CVE-2024-49957",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49957"
},
{
"name": "CVE-2024-49958",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49958"
},
{
"name": "CVE-2024-49959",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49959"
},
{
"name": "CVE-2024-49960",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49960"
},
{
"name": "CVE-2024-49961",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49961"
},
{
"name": "CVE-2024-49962",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49962"
},
{
"name": "CVE-2024-49963",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49963"
},
{
"name": "CVE-2024-49965",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49965"
},
{
"name": "CVE-2024-49966",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49966"
},
{
"name": "CVE-2024-49969",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49969"
},
{
"name": "CVE-2024-49972",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49972"
},
{
"name": "CVE-2024-49973",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49973"
},
{
"name": "CVE-2024-49974",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49974"
},
{
"name": "CVE-2024-49975",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49975"
},
{
"name": "CVE-2024-49981",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49981"
},
{
"name": "CVE-2024-49982",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49982"
},
{
"name": "CVE-2024-49985",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49985"
},
{
"name": "CVE-2024-49986",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49986"
},
{
"name": "CVE-2024-49991",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49991"
},
{
"name": "CVE-2024-49995",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49995"
},
{
"name": "CVE-2024-49996",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49996"
},
{
"name": "CVE-2024-50000",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50000"
},
{
"name": "CVE-2024-50001",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50001"
},
{
"name": "CVE-2024-50002",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50002"
},
{
"name": "CVE-2024-50006",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50006"
},
{
"name": "CVE-2024-50007",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50007"
},
{
"name": "CVE-2024-50008",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50008"
},
{
"name": "CVE-2024-50013",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50013"
},
{
"name": "CVE-2024-50014",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50014"
},
{
"name": "CVE-2024-50015",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50015"
},
{
"name": "CVE-2024-50017",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50017"
},
{
"name": "CVE-2024-50019",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50019"
},
{
"name": "CVE-2024-50020",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50020"
},
{
"name": "CVE-2024-50021",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50021"
},
{
"name": "CVE-2024-50022",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50022"
},
{
"name": "CVE-2024-50023",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50023"
},
{
"name": "CVE-2024-50024",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50024"
},
{
"name": "CVE-2024-50025",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50025"
},
{
"name": "CVE-2024-50027",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50027"
},
{
"name": "CVE-2024-50028",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50028"
},
{
"name": "CVE-2024-50031",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50031"
},
{
"name": "CVE-2024-50033",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50033"
},
{
"name": "CVE-2024-50035",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50035"
},
{
"name": "CVE-2024-50040",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50040"
},
{
"name": "CVE-2024-50041",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50041"
},
{
"name": "CVE-2024-50042",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50042"
},
{
"name": "CVE-2024-50044",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50044"
},
{
"name": "CVE-2024-50045",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50045"
},
{
"name": "CVE-2024-50046",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50046"
},
{
"name": "CVE-2024-50047",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50047"
},
{
"name": "CVE-2024-50048",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50048"
},
{
"name": "CVE-2024-50049",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50049"
},
{
"name": "CVE-2024-50055",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50055"
},
{
"name": "CVE-2024-50058",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50058"
},
{
"name": "CVE-2024-50059",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50059"
},
{
"name": "CVE-2024-50060",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50060"
},
{
"name": "CVE-2024-50061",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50061"
},
{
"name": "CVE-2024-50062",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50062"
},
{
"name": "CVE-2024-50063",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50063"
},
{
"name": "CVE-2024-50064",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50064"
},
{
"name": "CVE-2024-50069",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50069"
},
{
"name": "CVE-2024-50073",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50073"
},
{
"name": "CVE-2024-50074",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50074"
},
{
"name": "CVE-2024-50075",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50075"
},
{
"name": "CVE-2024-50076",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50076"
},
{
"name": "CVE-2024-50077",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50077"
},
{
"name": "CVE-2024-50078",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50078"
},
{
"name": "CVE-2024-50080",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50080"
},
{
"name": "CVE-2024-50012",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50012"
},
{
"name": "CVE-2024-50036",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50036"
},
{
"name": "CVE-2024-50072",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50072"
},
{
"name": "CVE-2024-50218",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50218"
},
{
"name": "CVE-2024-50229",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50229"
},
{
"name": "CVE-2024-50230",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50230"
},
{
"name": "CVE-2024-50232",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50232"
},
{
"name": "CVE-2024-50233",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50233"
},
{
"name": "CVE-2024-50234",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50234"
},
{
"name": "CVE-2024-50236",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50236"
},
{
"name": "CVE-2024-50237",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50237"
},
{
"name": "CVE-2024-50242",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50242"
},
{
"name": "CVE-2024-50244",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50244"
},
{
"name": "CVE-2024-50245",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50245"
},
{
"name": "CVE-2024-50247",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50247"
},
{
"name": "CVE-2024-50249",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50249"
},
{
"name": "CVE-2024-50251",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50251"
},
{
"name": "CVE-2024-50257",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50257"
},
{
"name": "CVE-2024-50259",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50259"
},
{
"name": "CVE-2024-50262",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50262"
},
{
"name": "CVE-2024-50264",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50264"
},
{
"name": "CVE-2024-50265",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50265"
},
{
"name": "CVE-2024-50267",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50267"
},
{
"name": "CVE-2024-50268",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50268"
},
{
"name": "CVE-2024-50269",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50269"
},
{
"name": "CVE-2024-50273",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50273"
},
{
"name": "CVE-2024-50278",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50278"
},
{
"name": "CVE-2024-50279",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50279"
},
{
"name": "CVE-2024-50282",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50282"
},
{
"name": "CVE-2024-50283",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50283"
},
{
"name": "CVE-2024-50287",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50287"
},
{
"name": "CVE-2024-50290",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50290"
},
{
"name": "CVE-2024-50292",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50292"
},
{
"name": "CVE-2024-50295",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50295"
},
{
"name": "CVE-2024-50296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50296"
},
{
"name": "CVE-2024-50299",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50299"
},
{
"name": "CVE-2024-50301",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50301"
},
{
"name": "CVE-2024-50302",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50302"
},
{
"name": "CVE-2024-53042",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53042"
},
{
"name": "CVE-2024-53052",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53052"
},
{
"name": "CVE-2024-53055",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53055"
},
{
"name": "CVE-2024-53057",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53057"
},
{
"name": "CVE-2024-53058",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53058"
},
{
"name": "CVE-2024-53059",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53059"
},
{
"name": "CVE-2024-53061",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53061"
},
{
"name": "CVE-2024-53063",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53063"
},
{
"name": "CVE-2024-53066",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53066"
},
{
"name": "CVE-2024-53088",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53088"
},
{
"name": "CVE-2024-49925",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49925"
},
{
"name": "CVE-2024-49945",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49945"
},
{
"name": "CVE-2024-50208",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50208"
},
{
"name": "CVE-2024-50082",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50082"
},
{
"name": "CVE-2024-50099",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50099"
},
{
"name": "CVE-2024-50110",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50110"
},
{
"name": "CVE-2024-50142",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50142"
},
{
"name": "CVE-2024-50192",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50192"
},
{
"name": "CVE-2024-47679",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47679"
},
{
"name": "CVE-2024-47690",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47690"
},
{
"name": "CVE-2024-47701",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47701"
},
{
"name": "CVE-2024-47734",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47734"
},
{
"name": "CVE-2024-47740",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47740"
},
{
"name": "CVE-2024-49856",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49856"
},
{
"name": "CVE-2024-49868",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49868"
},
{
"name": "CVE-2024-49884",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49884"
},
{
"name": "CVE-2024-49889",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49889"
},
{
"name": "CVE-2024-49893",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49893"
},
{
"name": "CVE-2024-49905",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49905"
},
{
"name": "CVE-2024-49915",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49915"
},
{
"name": "CVE-2024-49921",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49921"
},
{
"name": "CVE-2024-49924",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49924"
},
{
"name": "CVE-2024-49927",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49927"
},
{
"name": "CVE-2024-49944",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49944"
},
{
"name": "CVE-2024-49948",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49948"
},
{
"name": "CVE-2024-49952",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49952"
},
{
"name": "CVE-2024-49977",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49977"
},
{
"name": "CVE-2024-49983",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49983"
},
{
"name": "CVE-2024-49997",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49997"
},
{
"name": "CVE-2024-50038",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50038"
},
{
"name": "CVE-2024-50039",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50039"
},
{
"name": "CVE-2024-50093",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50093"
},
{
"name": "CVE-2024-50095",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50095"
},
{
"name": "CVE-2024-50096",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50096"
},
{
"name": "CVE-2024-50179",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50179"
},
{
"name": "CVE-2024-50180",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50180"
},
{
"name": "CVE-2024-50184",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50184"
},
{
"name": "CVE-2024-50186",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50186"
},
{
"name": "CVE-2024-50188",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50188"
},
{
"name": "CVE-2024-50189",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50189"
},
{
"name": "CVE-2024-50191",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50191"
},
{
"name": "CVE-2024-47703",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47703"
},
{
"name": "CVE-2024-49934",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49934"
},
{
"name": "CVE-2024-49968",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49968"
},
{
"name": "CVE-2024-49976",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49976"
},
{
"name": "CVE-2024-49987",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49987"
},
{
"name": "CVE-2024-49989",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49989"
},
{
"name": "CVE-2024-50009",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50009"
},
{
"name": "CVE-2024-50026",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50026"
},
{
"name": "CVE-2024-50084",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50084"
},
{
"name": "CVE-2024-50087",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50087"
},
{
"name": "CVE-2024-50088",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50088"
},
{
"name": "CVE-2024-50098",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50098"
},
{
"name": "CVE-2024-50101",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50101"
},
{
"name": "CVE-2024-50103",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50103"
},
{
"name": "CVE-2024-50115",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50115"
},
{
"name": "CVE-2024-50116",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50116"
},
{
"name": "CVE-2024-50117",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50117"
},
{
"name": "CVE-2024-50121",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50121"
},
{
"name": "CVE-2024-50127",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50127"
},
{
"name": "CVE-2024-50128",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50128"
},
{
"name": "CVE-2024-50131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50131"
},
{
"name": "CVE-2024-50134",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50134"
},
{
"name": "CVE-2024-50141",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50141"
},
{
"name": "CVE-2024-50148",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50148"
},
{
"name": "CVE-2024-50150",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50150"
},
{
"name": "CVE-2024-50153",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50153"
},
{
"name": "CVE-2024-50154",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50154"
},
{
"name": "CVE-2024-50156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50156"
},
{
"name": "CVE-2024-50160",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50160"
},
{
"name": "CVE-2024-50167",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50167"
},
{
"name": "CVE-2024-50171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50171"
},
{
"name": "CVE-2024-50175",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50175"
},
{
"name": "CVE-2024-50176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50176"
},
{
"name": "CVE-2024-50182",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50182"
},
{
"name": "CVE-2024-50183",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50183"
},
{
"name": "CVE-2024-50187",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50187"
},
{
"name": "CVE-2024-50194",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50194"
},
{
"name": "CVE-2024-50195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50195"
},
{
"name": "CVE-2024-50196",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50196"
},
{
"name": "CVE-2024-50198",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50198"
},
{
"name": "CVE-2024-50200",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50200"
},
{
"name": "CVE-2024-50201",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50201"
},
{
"name": "CVE-2024-50205",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50205"
},
{
"name": "CVE-2024-50209",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50209"
},
{
"name": "CVE-2024-50275",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50275"
},
{
"name": "CVE-2024-53096",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53096"
},
{
"name": "CVE-2024-53101",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53101"
},
{
"name": "CVE-2024-53104",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53104"
},
{
"name": "CVE-2024-53112",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53112"
},
{
"name": "CVE-2024-53121",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53121"
},
{
"name": "CVE-2024-53138",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53138"
},
{
"name": "CVE-2024-53142",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53142"
},
{
"name": "CVE-2024-47678",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47678"
},
{
"name": "CVE-2024-49859",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49859"
},
{
"name": "CVE-2024-49978",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49978"
},
{
"name": "CVE-2024-49992",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49992"
},
{
"name": "CVE-2024-50010",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50010"
},
{
"name": "CVE-2024-50083",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50083"
},
{
"name": "CVE-2024-50085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50085"
},
{
"name": "CVE-2024-50086",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50086"
},
{
"name": "CVE-2024-50143",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50143"
},
{
"name": "CVE-2024-50151",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50151"
},
{
"name": "CVE-2024-50162",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50162"
},
{
"name": "CVE-2024-50163",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50163"
},
{
"name": "CVE-2024-50168",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50168"
},
{
"name": "CVE-2024-50185",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50185"
},
{
"name": "CVE-2024-50193",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50193"
},
{
"name": "CVE-2024-50199",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50199"
},
{
"name": "CVE-2024-50202",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50202"
},
{
"name": "CVE-2024-53097",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53097"
},
{
"name": "CVE-2024-53103",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53103"
},
{
"name": "CVE-2024-53113",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53113"
},
{
"name": "CVE-2024-53119",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53119"
},
{
"name": "CVE-2024-53120",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53120"
},
{
"name": "CVE-2024-53122",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53122"
},
{
"name": "CVE-2024-53127",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53127"
},
{
"name": "CVE-2024-53129",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53129"
},
{
"name": "CVE-2024-53130",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53130"
},
{
"name": "CVE-2024-53131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53131"
},
{
"name": "CVE-2024-53135",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53135"
},
{
"name": "CVE-2024-53136",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53136"
},
{
"name": "CVE-2024-53140",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53140"
},
{
"name": "CVE-2024-53144",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53144"
},
{
"name": "CVE-2024-8805",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8805"
},
{
"name": "CVE-2024-50016",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50016"
},
{
"name": "CVE-2024-53099",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53099"
},
{
"name": "CVE-2024-53125",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53125"
},
{
"name": "CVE-2024-53141",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53141"
},
{
"name": "CVE-2024-53146",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53146"
},
{
"name": "CVE-2024-53148",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53148"
},
{
"name": "CVE-2024-53150",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53150"
},
{
"name": "CVE-2024-53151",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53151"
},
{
"name": "CVE-2024-53155",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53155"
},
{
"name": "CVE-2024-53156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53156"
},
{
"name": "CVE-2024-53157",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53157"
},
{
"name": "CVE-2024-53158",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53158"
},
{
"name": "CVE-2024-53161",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53161"
},
{
"name": "CVE-2024-53171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53171"
},
{
"name": "CVE-2024-53173",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53173"
},
{
"name": "CVE-2024-53174",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53174"
},
{
"name": "CVE-2024-53180",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53180"
},
{
"name": "CVE-2024-53206",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53206"
},
{
"name": "CVE-2024-53214",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53214"
},
{
"name": "CVE-2024-53215",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53215"
},
{
"name": "CVE-2024-53217",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53217"
},
{
"name": "CVE-2024-53237",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53237"
},
{
"name": "CVE-2024-56539",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56539"
},
{
"name": "CVE-2024-56562",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56562"
},
{
"name": "CVE-2024-56567",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56567"
},
{
"name": "CVE-2024-56576",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56576"
},
{
"name": "CVE-2024-56582",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56582"
},
{
"name": "CVE-2024-56605",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56605"
},
{
"name": "CVE-2024-56645",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56645"
},
{
"name": "CVE-2024-56754",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56754"
},
{
"name": "CVE-2024-56756",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56756"
},
{
"name": "CVE-2024-53239",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53239"
},
{
"name": "CVE-2024-56548",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56548"
},
{
"name": "CVE-2024-56570",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56570"
},
{
"name": "CVE-2024-56575",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56575"
},
{
"name": "CVE-2024-56598",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56598"
},
{
"name": "CVE-2024-56619",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56619"
},
{
"name": "CVE-2024-56631",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56631"
},
{
"name": "CVE-2024-56704",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56704"
},
{
"name": "CVE-2024-36476",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36476"
},
{
"name": "CVE-2024-45828",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45828"
},
{
"name": "CVE-2024-47143",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47143"
},
{
"name": "CVE-2024-48881",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48881"
},
{
"name": "CVE-2024-49951",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49951"
},
{
"name": "CVE-2024-49998",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49998"
},
{
"name": "CVE-2024-50051",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50051"
},
{
"name": "CVE-2024-52332",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52332"
},
{
"name": "CVE-2024-53170",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53170"
},
{
"name": "CVE-2024-53172",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53172"
},
{
"name": "CVE-2024-53194",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53194"
},
{
"name": "CVE-2024-53197",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53197"
},
{
"name": "CVE-2024-53198",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53198"
},
{
"name": "CVE-2024-53227",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53227"
},
{
"name": "CVE-2024-53685",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53685"
},
{
"name": "CVE-2024-53690",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53690"
},
{
"name": "CVE-2024-55881",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55881"
},
{
"name": "CVE-2024-55916",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55916"
},
{
"name": "CVE-2024-56369",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56369"
},
{
"name": "CVE-2024-56531",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56531"
},
{
"name": "CVE-2024-56532",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56532"
},
{
"name": "CVE-2024-56533",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56533"
},
{
"name": "CVE-2024-56558",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56558"
},
{
"name": "CVE-2024-56568",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56568"
},
{
"name": "CVE-2024-56569",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56569"
},
{
"name": "CVE-2024-56572",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56572"
},
{
"name": "CVE-2024-56574",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56574"
},
{
"name": "CVE-2024-53164",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53164"
},
{
"name": "CVE-2024-56578",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56578"
},
{
"name": "CVE-2024-56587",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56587"
},
{
"name": "CVE-2024-56589",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56589"
},
{
"name": "CVE-2024-56590",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56590"
},
{
"name": "CVE-2024-56593",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56593"
},
{
"name": "CVE-2024-56594",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56594"
},
{
"name": "CVE-2024-56595",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56595"
},
{
"name": "CVE-2024-56596",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56596"
},
{
"name": "CVE-2024-56597",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56597"
},
{
"name": "CVE-2024-56602",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56602"
},
{
"name": "CVE-2024-56603",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56603"
},
{
"name": "CVE-2024-56606",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56606"
},
{
"name": "CVE-2024-56614",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56614"
},
{
"name": "CVE-2024-56615",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56615"
},
{
"name": "CVE-2024-56616",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56616"
},
{
"name": "CVE-2024-56622",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56622"
},
{
"name": "CVE-2024-56623",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56623"
},
{
"name": "CVE-2024-56625",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56625"
},
{
"name": "CVE-2024-56629",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56629"
},
{
"name": "CVE-2024-56630",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56630"
},
{
"name": "CVE-2024-56634",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56634"
},
{
"name": "CVE-2024-56636",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56636"
},
{
"name": "CVE-2024-56637",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56637"
},
{
"name": "CVE-2024-56642",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56642"
},
{
"name": "CVE-2024-56643",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56643"
},
{
"name": "CVE-2024-56644",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56644"
},
{
"name": "CVE-2024-56648",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56648"
},
{
"name": "CVE-2024-56659",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56659"
},
{
"name": "CVE-2024-56662",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56662"
},
{
"name": "CVE-2024-56663",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56663"
},
{
"name": "CVE-2024-56670",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56670"
},
{
"name": "CVE-2024-56672",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56672"
},
{
"name": "CVE-2024-56678",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56678"
},
{
"name": "CVE-2024-56681",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56681"
},
{
"name": "CVE-2024-56688",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56688"
},
{
"name": "CVE-2024-56690",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56690"
},
{
"name": "CVE-2024-56691",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56691"
},
{
"name": "CVE-2024-56694",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56694"
},
{
"name": "CVE-2024-56698",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56698"
},
{
"name": "CVE-2024-56700",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56700"
},
{
"name": "CVE-2024-56701",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56701"
},
{
"name": "CVE-2024-56705",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56705"
},
{
"name": "CVE-2024-56708",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56708"
},
{
"name": "CVE-2024-56716",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56716"
},
{
"name": "CVE-2024-56723",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56723"
},
{
"name": "CVE-2024-56724",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56724"
},
{
"name": "CVE-2024-56739",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56739"
},
{
"name": "CVE-2024-56745",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56745"
},
{
"name": "CVE-2024-56746",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56746"
},
{
"name": "CVE-2024-56747",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56747"
},
{
"name": "CVE-2024-56748",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56748"
},
{
"name": "CVE-2024-56759",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56759"
},
{
"name": "CVE-2024-56767",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56767"
},
{
"name": "CVE-2024-56769",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56769"
},
{
"name": "CVE-2024-56774",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56774"
},
{
"name": "CVE-2024-56776",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56776"
},
{
"name": "CVE-2024-56777",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56777"
},
{
"name": "CVE-2024-56778",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56778"
},
{
"name": "CVE-2024-56779",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56779"
},
{
"name": "CVE-2024-56780",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56780"
},
{
"name": "CVE-2024-56787",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56787"
},
{
"name": "CVE-2024-57791",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57791"
},
{
"name": "CVE-2024-57792",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57792"
},
{
"name": "CVE-2024-57798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57798"
},
{
"name": "CVE-2024-57838",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57838"
},
{
"name": "CVE-2024-57849",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57849"
},
{
"name": "CVE-2024-57850",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57850"
},
{
"name": "CVE-2024-57874",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57874"
},
{
"name": "CVE-2024-57890",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57890"
},
{
"name": "CVE-2024-57892",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57892"
},
{
"name": "CVE-2024-57896",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57896"
},
{
"name": "CVE-2024-57897",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57897"
},
{
"name": "CVE-2024-57903",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57903"
},
{
"name": "CVE-2024-57904",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57904"
},
{
"name": "CVE-2024-57906",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57906"
},
{
"name": "CVE-2024-57907",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57907"
},
{
"name": "CVE-2024-57908",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57908"
},
{
"name": "CVE-2024-57910",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57910"
},
{
"name": "CVE-2024-57911",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57911"
},
{
"name": "CVE-2024-57912",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57912"
},
{
"name": "CVE-2024-57913",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57913"
},
{
"name": "CVE-2024-57922",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57922"
},
{
"name": "CVE-2024-57929",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57929"
},
{
"name": "CVE-2024-57940",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57940"
},
{
"name": "CVE-2025-21646",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21646"
},
{
"name": "CVE-2024-50304",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50304"
},
{
"name": "CVE-2024-56600",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56600"
},
{
"name": "CVE-2024-56601",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56601"
},
{
"name": "CVE-2024-56610",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56610"
},
{
"name": "CVE-2024-56650",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56650"
},
{
"name": "CVE-2024-56658",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56658"
},
{
"name": "CVE-2024-56679",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56679"
},
{
"name": "CVE-2024-56693",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56693"
},
{
"name": "CVE-2024-56715",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56715"
},
{
"name": "CVE-2024-56726",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56726"
},
{
"name": "CVE-2024-56728",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56728"
},
{
"name": "CVE-2024-56763",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56763"
},
{
"name": "CVE-2024-57802",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57802"
},
{
"name": "CVE-2024-57882",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57882"
},
{
"name": "CVE-2024-57884",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57884"
},
{
"name": "CVE-2024-57917",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57917"
},
{
"name": "CVE-2024-57931",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57931"
},
{
"name": "CVE-2024-57938",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57938"
},
{
"name": "CVE-2024-57946",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57946"
},
{
"name": "CVE-2025-21653",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21653"
},
{
"name": "CVE-2025-21664",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21664"
},
{
"name": "CVE-2025-21666",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21666"
},
{
"name": "CVE-2025-21669",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21669"
},
{
"name": "CVE-2025-21678",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21678"
},
{
"name": "CVE-2024-49994",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49994"
},
{
"name": "CVE-2024-53124",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53124"
},
{
"name": "CVE-2024-57925",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57925"
},
{
"name": "CVE-2024-57939",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57939"
},
{
"name": "CVE-2024-57948",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57948"
},
{
"name": "CVE-2025-21631",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21631"
},
{
"name": "CVE-2025-21636",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21636"
},
{
"name": "CVE-2025-21637",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21637"
},
{
"name": "CVE-2025-21638",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21638"
},
{
"name": "CVE-2025-21639",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21639"
},
{
"name": "CVE-2025-21640",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21640"
},
{
"name": "CVE-2025-21648",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21648"
},
{
"name": "CVE-2025-21665",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21665"
},
{
"name": "CVE-2025-21680",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21680"
},
{
"name": "CVE-2025-21683",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21683"
},
{
"name": "CVE-2024-56633",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56633"
},
{
"name": "CVE-2022-49034",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49034"
},
{
"name": "CVE-2024-47677",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47677"
},
{
"name": "CVE-2024-47689",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47689"
},
{
"name": "CVE-2024-47691",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47691"
},
{
"name": "CVE-2024-47700",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47700"
},
{
"name": "CVE-2024-47711",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47711"
},
{
"name": "CVE-2024-47716",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47716"
},
{
"name": "CVE-2024-47726",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47726"
},
{
"name": "CVE-2024-47733",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47733"
},
{
"name": "CVE-2024-49865",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49865"
},
{
"name": "CVE-2024-49876",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49876"
},
{
"name": "CVE-2024-49880",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49880"
},
{
"name": "CVE-2024-49885",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49885"
},
{
"name": "CVE-2024-49926",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49926"
},
{
"name": "CVE-2024-49942",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49942"
},
{
"name": "CVE-2024-49980",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49980"
},
{
"name": "CVE-2024-49988",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49988"
},
{
"name": "CVE-2024-49999",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49999"
},
{
"name": "CVE-2024-50005",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50005"
},
{
"name": "CVE-2024-50029",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50029"
},
{
"name": "CVE-2024-50030",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50030"
},
{
"name": "CVE-2024-50056",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50056"
},
{
"name": "CVE-2024-50057",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50057"
},
{
"name": "CVE-2024-50065",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50065"
},
{
"name": "CVE-2024-50066",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50066"
},
{
"name": "CVE-2024-50068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50068"
},
{
"name": "CVE-2024-50070",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50070"
},
{
"name": "CVE-2024-50090",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50090"
},
{
"name": "CVE-2024-50197",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50197"
},
{
"name": "CVE-2024-53145",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53145"
},
{
"name": "CVE-2024-53165",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53165"
},
{
"name": "CVE-2024-53181",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53181"
},
{
"name": "CVE-2024-53183",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53183"
},
{
"name": "CVE-2024-53184",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53184"
},
{
"name": "CVE-2024-53226",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53226"
},
{
"name": "CVE-2024-56720",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56720"
},
{
"name": "CVE-2025-0927",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0927"
},
{
"name": "CVE-2024-57889",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57889"
},
{
"name": "CVE-2025-21687",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21687"
},
{
"name": "CVE-2025-21689",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21689"
},
{
"name": "CVE-2025-21690",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21690"
},
{
"name": "CVE-2025-21692",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21692"
},
{
"name": "CVE-2025-21697",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21697"
},
{
"name": "CVE-2025-21699",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21699"
},
{
"name": "CVE-2024-43098",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43098"
},
{
"name": "CVE-2024-47408",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47408"
},
{
"name": "CVE-2024-49571",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49571"
},
{
"name": "CVE-2024-53680",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53680"
},
{
"name": "CVE-2024-56581",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56581"
},
{
"name": "CVE-2024-56586",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56586"
},
{
"name": "CVE-2024-56626",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56626"
},
{
"name": "CVE-2024-56627",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56627"
},
{
"name": "CVE-2024-56640",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56640"
},
{
"name": "CVE-2024-56770",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56770"
},
{
"name": "CVE-2024-56781",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56781"
},
{
"name": "CVE-2024-56785",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56785"
},
{
"name": "CVE-2024-57807",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57807"
},
{
"name": "CVE-2024-57841",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57841"
},
{
"name": "CVE-2024-57900",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57900"
},
{
"name": "CVE-2024-57901",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57901"
},
{
"name": "CVE-2024-57902",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57902"
},
{
"name": "CVE-2024-57951",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57951"
},
{
"name": "CVE-2025-21694",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21694"
},
{
"name": "CVE-2024-58087",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58087"
},
{
"name": "CVE-2021-47122",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47122"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0276",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-04-04T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux d\u0027Ubuntu. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux d\u0027Ubuntu",
"vendor_advisories": [
{
"published_at": "2025-04-01",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7402-1",
"url": "https://ubuntu.com/security/notices/USN-7402-1"
},
{
"published_at": "2025-04-02",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7406-1",
"url": "https://ubuntu.com/security/notices/USN-7406-1"
},
{
"published_at": "2025-04-01",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7401-1",
"url": "https://ubuntu.com/security/notices/USN-7401-1"
},
{
"published_at": "2025-03-28",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7389-1",
"url": "https://ubuntu.com/security/notices/USN-7389-1"
},
{
"published_at": "2025-04-02",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7408-2",
"url": "https://ubuntu.com/security/notices/USN-7408-2"
},
{
"published_at": "2025-04-02",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7406-2",
"url": "https://ubuntu.com/security/notices/USN-7406-2"
},
{
"published_at": "2025-04-03",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7415-1",
"url": "https://ubuntu.com/security/notices/USN-7415-1"
},
{
"published_at": "2025-04-01",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7402-2",
"url": "https://ubuntu.com/security/notices/USN-7402-2"
},
{
"published_at": "2025-03-28",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7387-3",
"url": "https://ubuntu.com/security/notices/USN-7387-3"
},
{
"published_at": "2025-04-02",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7407-1",
"url": "https://ubuntu.com/security/notices/USN-7407-1"
},
{
"published_at": "2025-04-02",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7408-1",
"url": "https://ubuntu.com/security/notices/USN-7408-1"
},
{
"published_at": "2025-03-28",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7391-1",
"url": "https://ubuntu.com/security/notices/USN-7391-1"
},
{
"published_at": "2025-03-28",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7387-2",
"url": "https://ubuntu.com/security/notices/USN-7387-2"
},
{
"published_at": "2025-03-28",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7392-1",
"url": "https://ubuntu.com/security/notices/USN-7392-1"
},
{
"published_at": "2025-04-01",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7403-1",
"url": "https://ubuntu.com/security/notices/USN-7403-1"
},
{
"published_at": "2025-04-03",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7413-1",
"url": "https://ubuntu.com/security/notices/USN-7413-1"
},
{
"published_at": "2025-04-02",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7406-3",
"url": "https://ubuntu.com/security/notices/USN-7406-3"
},
{
"published_at": "2025-03-28",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7390-1",
"url": "https://ubuntu.com/security/notices/USN-7390-1"
},
{
"published_at": "2025-03-27",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7387-1",
"url": "https://ubuntu.com/security/notices/USN-7387-1"
},
{
"published_at": "2025-03-28",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7393-1",
"url": "https://ubuntu.com/security/notices/USN-7393-1"
},
{
"published_at": "2025-03-27",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7388-1",
"url": "https://ubuntu.com/security/notices/USN-7388-1"
},
{
"published_at": "2025-04-03",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7406-4",
"url": "https://ubuntu.com/security/notices/USN-7406-4"
},
{
"published_at": "2025-03-28",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7392-2",
"url": "https://ubuntu.com/security/notices/USN-7392-2"
}
]
}
CERTFR-2025-AVI-0151
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SUSE | N/A | SUSE Linux Enterprise Micro for Rancher 5.3 | ||
| SUSE | N/A | SUSE Linux Enterprise High Performance Computing 15 SP5 | ||
| SUSE | N/A | SUSE Manager Proxy 4.2 | ||
| SUSE | N/A | SUSE Linux Enterprise Micro 5.3 | ||
| SUSE | N/A | SUSE Manager Proxy 4.3 | ||
| SUSE | N/A | SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 | ||
| SUSE | N/A | SUSE Linux Enterprise Micro for Rancher 5.2 | ||
| SUSE | N/A | SUSE Real Time Module 15-SP6 | ||
| SUSE | N/A | SUSE Linux Enterprise High Performance Computing 12 SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Server 12 SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise High Availability Extension 15 SP4 | ||
| SUSE | N/A | SUSE Linux Enterprise Micro for Rancher 5.4 | ||
| SUSE | N/A | SUSE Linux Enterprise Live Patching 15-SP4 | ||
| SUSE | N/A | SUSE Manager Retail Branch Server 4.3 | ||
| SUSE | N/A | SUSE Linux Enterprise Server 12 SP5 LTSS | ||
| SUSE | N/A | SUSE Linux Enterprise High Availability Extension 15 SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Live Patching 15-SP3 | ||
| SUSE | N/A | openSUSE Leap 15.4 | ||
| SUSE | N/A | SUSE Linux Enterprise Server 11 SP4 | ||
| SUSE | N/A | SUSE Linux Enterprise Server for SAP Applications 15 SP4 | ||
| SUSE | N/A | openSUSE Leap 15.5 | ||
| SUSE | N/A | SUSE Manager Server 4.3 | ||
| SUSE | N/A | SUSE Linux Enterprise High Availability Extension 12 SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise High Performance Computing 15 SP4 | ||
| SUSE | N/A | SUSE Linux Enterprise High Availability Extension 15 SP3 | ||
| SUSE | N/A | SUSE Linux Enterprise Live Patching 15-SP6 | ||
| SUSE | N/A | SUSE Linux Enterprise Server 15 SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Server 15 SP3 Business Critical Linux | ||
| SUSE | N/A | SUSE Linux Enterprise Server for SAP Applications 15 SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Real Time 15 SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Live Patching 12-SP5 | ||
| SUSE | N/A | SUSE Manager Retail Branch Server 4.2 | ||
| SUSE | N/A | Confidential Computing Module 15-SP6 | ||
| SUSE | N/A | SUSE Linux Enterprise Live Patching 15-SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Server 15 SP3 | ||
| SUSE | N/A | SUSE Linux Enterprise Server 15 SP4 LTSS | ||
| SUSE | N/A | SUSE Linux Enterprise Micro 5.2 | ||
| SUSE | N/A | SUSE Linux Enterprise Real Time 15 SP6 | ||
| SUSE | N/A | openSUSE Leap 15.6 | ||
| SUSE | N/A | SUSE Enterprise Storage 7.1 | ||
| SUSE | N/A | SUSE Linux Enterprise Server 15 SP4 | ||
| SUSE | N/A | SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 | ||
| SUSE | N/A | SUSE Linux Enterprise Server 15 SP5 LTSS | ||
| SUSE | N/A | SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 | ||
| SUSE | N/A | SUSE Linux Enterprise Real Time 15 SP4 | ||
| SUSE | N/A | SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 | ||
| SUSE | N/A | SUSE Manager Server 4.2 | ||
| SUSE | N/A | SUSE Linux Enterprise High Performance Computing 15 SP3 | ||
| SUSE | N/A | SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE | ||
| SUSE | N/A | SUSE Linux Enterprise Server for SAP Applications 15 SP3 | ||
| SUSE | N/A | SUSE Linux Enterprise Server for SAP Applications 12 SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Server 15 SP3 LTSS | ||
| SUSE | N/A | SUSE Linux Enterprise Micro 5.1 | ||
| SUSE | N/A | SUSE Linux Enterprise Micro 5.4 | ||
| SUSE | N/A | openSUSE Leap 15.3 | ||
| SUSE | N/A | SUSE Linux Enterprise Server for SAP Applications 15 SP6 | ||
| SUSE | N/A | SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security | ||
| SUSE | N/A | SUSE Linux Enterprise Server 15 SP6 | ||
| SUSE | N/A | SUSE Linux Enterprise Micro 5.5 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SUSE Linux Enterprise Micro for Rancher 5.3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 15 SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Proxy 4.2",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro 5.3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Proxy 4.3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing LTSS 15 SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro for Rancher 5.2",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Real Time Module 15-SP6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 12 SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 12 SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Availability Extension 15 SP4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro for Rancher 5.4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 15-SP4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Retail Branch Server 4.3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 12 SP5 LTSS",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Availability Extension 15 SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 15-SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "openSUSE Leap 15.4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 11 SP4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "openSUSE Leap 15.5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Server 4.3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Availability Extension 12 SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 15 SP4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Availability Extension 15 SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 15-SP6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15 SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15 SP3 Business Critical Linux",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Real Time 15 SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 12-SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Retail Branch Server 4.2",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "Confidential Computing Module 15-SP6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 15-SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing LTSS 15 SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15 SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15 SP4 LTSS",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro 5.2",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Real Time 15 SP6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "openSUSE Leap 15.6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Enterprise Storage 7.1",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15 SP4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15 SP5 LTSS",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing LTSS 15 SP4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Real Time 15 SP4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Server 4.2",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 15 SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15 SP3 LTSS",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro 5.1",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro 5.4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "openSUSE Leap 15.3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15 SP6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro 5.5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2023-4244",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4244"
},
{
"name": "CVE-2024-26644",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26644"
},
{
"name": "CVE-2024-26758",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26758"
},
{
"name": "CVE-2024-26943",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26943"
},
{
"name": "CVE-2024-35863",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35863"
},
{
"name": "CVE-2024-36898",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36898"
},
{
"name": "CVE-2024-38599",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38599"
},
{
"name": "CVE-2024-40980",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40980"
},
{
"name": "CVE-2024-41047",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41047"
},
{
"name": "CVE-2024-45019",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45019"
},
{
"name": "CVE-2024-46858",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46858"
},
{
"name": "CVE-2024-50251",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50251"
},
{
"name": "CVE-2024-50299",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50299"
},
{
"name": "CVE-2024-50142",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50142"
},
{
"name": "CVE-2024-43913",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43913"
},
{
"name": "CVE-2024-49948",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49948"
},
{
"name": "CVE-2024-50136",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50136"
},
{
"name": "CVE-2024-50195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50195"
},
{
"name": "CVE-2024-50210",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50210"
},
{
"name": "CVE-2024-50275",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50275"
},
{
"name": "CVE-2024-53095",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53095"
},
{
"name": "CVE-2024-53104",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53104"
},
{
"name": "CVE-2024-53112",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53112"
},
{
"name": "CVE-2024-53121",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53121"
},
{
"name": "CVE-2024-53138",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53138"
},
{
"name": "CVE-2024-49978",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49978"
},
{
"name": "CVE-2024-50151",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50151"
},
{
"name": "CVE-2024-50199",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50199"
},
{
"name": "CVE-2024-53103",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53103"
},
{
"name": "CVE-2024-53123",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53123"
},
{
"name": "CVE-2024-53127",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53127"
},
{
"name": "CVE-2024-53129",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53129"
},
{
"name": "CVE-2024-53144",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53144"
},
{
"name": "CVE-2024-8805",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8805"
},
{
"name": "CVE-2024-53141",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53141"
},
{
"name": "CVE-2024-53148",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53148"
},
{
"name": "CVE-2024-53151",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53151"
},
{
"name": "CVE-2024-53155",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53155"
},
{
"name": "CVE-2024-53166",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53166"
},
{
"name": "CVE-2024-53169",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53169"
},
{
"name": "CVE-2024-53171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53171"
},
{
"name": "CVE-2024-53173",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53173"
},
{
"name": "CVE-2024-53174",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53174"
},
{
"name": "CVE-2024-53208",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53208"
},
{
"name": "CVE-2024-53209",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53209"
},
{
"name": "CVE-2024-53215",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53215"
},
{
"name": "CVE-2024-53217",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53217"
},
{
"name": "CVE-2024-53224",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53224"
},
{
"name": "CVE-2024-53229",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53229"
},
{
"name": "CVE-2024-56539",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56539"
},
{
"name": "CVE-2024-56562",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56562"
},
{
"name": "CVE-2024-56567",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56567"
},
{
"name": "CVE-2024-56605",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56605"
},
{
"name": "CVE-2024-56645",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56645"
},
{
"name": "CVE-2024-56754",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56754"
},
{
"name": "CVE-2024-56756",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56756"
},
{
"name": "CVE-2024-53239",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53239"
},
{
"name": "CVE-2024-56548",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56548"
},
{
"name": "CVE-2024-56570",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56570"
},
{
"name": "CVE-2024-56571",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56571"
},
{
"name": "CVE-2024-56575",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56575"
},
{
"name": "CVE-2024-56598",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56598"
},
{
"name": "CVE-2024-56619",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56619"
},
{
"name": "CVE-2024-56631",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56631"
},
{
"name": "CVE-2024-56704",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56704"
},
{
"name": "CVE-2023-52923",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52923"
},
{
"name": "CVE-2024-36476",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36476"
},
{
"name": "CVE-2024-39282",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39282"
},
{
"name": "CVE-2024-45828",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45828"
},
{
"name": "CVE-2024-46896",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46896"
},
{
"name": "CVE-2024-47141",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47141"
},
{
"name": "CVE-2024-47143",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47143"
},
{
"name": "CVE-2024-47809",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47809"
},
{
"name": "CVE-2024-48873",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48873"
},
{
"name": "CVE-2024-48881",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48881"
},
{
"name": "CVE-2024-49569",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49569"
},
{
"name": "CVE-2024-49951",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49951"
},
{
"name": "CVE-2024-49998",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49998"
},
{
"name": "CVE-2024-50051",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50051"
},
{
"name": "CVE-2024-50106",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50106"
},
{
"name": "CVE-2024-52332",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52332"
},
{
"name": "CVE-2024-53091",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53091"
},
{
"name": "CVE-2024-53168",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53168"
},
{
"name": "CVE-2024-53170",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53170"
},
{
"name": "CVE-2024-53172",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53172"
},
{
"name": "CVE-2024-53175",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53175"
},
{
"name": "CVE-2024-53185",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53185"
},
{
"name": "CVE-2024-53194",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53194"
},
{
"name": "CVE-2024-53195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53195"
},
{
"name": "CVE-2024-53196",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53196"
},
{
"name": "CVE-2024-53197",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53197"
},
{
"name": "CVE-2024-53198",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53198"
},
{
"name": "CVE-2024-53227",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53227"
},
{
"name": "CVE-2024-53230",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53230"
},
{
"name": "CVE-2024-53231",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53231"
},
{
"name": "CVE-2024-53232",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53232"
},
{
"name": "CVE-2024-53233",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53233"
},
{
"name": "CVE-2024-53236",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53236"
},
{
"name": "CVE-2024-53685",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53685"
},
{
"name": "CVE-2024-53690",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53690"
},
{
"name": "CVE-2024-54680",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54680"
},
{
"name": "CVE-2024-55639",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55639"
},
{
"name": "CVE-2024-55881",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55881"
},
{
"name": "CVE-2024-55916",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55916"
},
{
"name": "CVE-2024-56369",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56369"
},
{
"name": "CVE-2024-56372",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56372"
},
{
"name": "CVE-2024-56531",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56531"
},
{
"name": "CVE-2024-56532",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56532"
},
{
"name": "CVE-2024-56533",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56533"
},
{
"name": "CVE-2024-56538",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56538"
},
{
"name": "CVE-2024-56543",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56543"
},
{
"name": "CVE-2024-56546",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56546"
},
{
"name": "CVE-2024-56557",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56557"
},
{
"name": "CVE-2024-56558",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56558"
},
{
"name": "CVE-2024-56568",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56568"
},
{
"name": "CVE-2024-56569",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56569"
},
{
"name": "CVE-2024-56572",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56572"
},
{
"name": "CVE-2024-56573",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56573"
},
{
"name": "CVE-2024-56574",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56574"
},
{
"name": "CVE-2024-53164",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53164"
},
{
"name": "CVE-2024-56577",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56577"
},
{
"name": "CVE-2024-56578",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56578"
},
{
"name": "CVE-2024-56584",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56584"
},
{
"name": "CVE-2024-56587",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56587"
},
{
"name": "CVE-2024-56588",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56588"
},
{
"name": "CVE-2024-56589",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56589"
},
{
"name": "CVE-2024-56590",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56590"
},
{
"name": "CVE-2024-56593",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56593"
},
{
"name": "CVE-2024-56594",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56594"
},
{
"name": "CVE-2024-56595",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56595"
},
{
"name": "CVE-2024-56596",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56596"
},
{
"name": "CVE-2024-56597",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56597"
},
{
"name": "CVE-2024-5660",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5660"
},
{
"name": "CVE-2024-56602",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56602"
},
{
"name": "CVE-2024-56603",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56603"
},
{
"name": "CVE-2024-56606",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56606"
},
{
"name": "CVE-2024-56607",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56607"
},
{
"name": "CVE-2024-56609",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56609"
},
{
"name": "CVE-2024-56611",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56611"
},
{
"name": "CVE-2024-56614",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56614"
},
{
"name": "CVE-2024-56615",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56615"
},
{
"name": "CVE-2024-56616",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56616"
},
{
"name": "CVE-2024-56617",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56617"
},
{
"name": "CVE-2024-56620",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56620"
},
{
"name": "CVE-2024-56622",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56622"
},
{
"name": "CVE-2024-56623",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56623"
},
{
"name": "CVE-2024-56625",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56625"
},
{
"name": "CVE-2024-56629",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56629"
},
{
"name": "CVE-2024-56630",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56630"
},
{
"name": "CVE-2024-56632",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56632"
},
{
"name": "CVE-2024-56634",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56634"
},
{
"name": "CVE-2024-56635",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56635"
},
{
"name": "CVE-2024-56636",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56636"
},
{
"name": "CVE-2024-56637",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56637"
},
{
"name": "CVE-2024-56641",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56641"
},
{
"name": "CVE-2024-56642",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56642"
},
{
"name": "CVE-2024-56643",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56643"
},
{
"name": "CVE-2024-56644",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56644"
},
{
"name": "CVE-2024-56648",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56648"
},
{
"name": "CVE-2024-56649",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56649"
},
{
"name": "CVE-2024-56651",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56651"
},
{
"name": "CVE-2024-56654",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56654"
},
{
"name": "CVE-2024-56656",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56656"
},
{
"name": "CVE-2024-56659",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56659"
},
{
"name": "CVE-2024-56660",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56660"
},
{
"name": "CVE-2024-56661",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56661"
},
{
"name": "CVE-2024-56662",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56662"
},
{
"name": "CVE-2024-56663",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56663"
},
{
"name": "CVE-2024-56664",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56664"
},
{
"name": "CVE-2024-56670",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56670"
},
{
"name": "CVE-2024-56672",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56672"
},
{
"name": "CVE-2024-56675",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56675"
},
{
"name": "CVE-2024-56677",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56677"
},
{
"name": "CVE-2024-56678",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56678"
},
{
"name": "CVE-2024-56681",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56681"
},
{
"name": "CVE-2024-56683",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56683"
},
{
"name": "CVE-2024-56687",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56687"
},
{
"name": "CVE-2024-56688",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56688"
},
{
"name": "CVE-2024-56690",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56690"
},
{
"name": "CVE-2024-56691",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56691"
},
{
"name": "CVE-2024-56694",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56694"
},
{
"name": "CVE-2024-56698",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56698"
},
{
"name": "CVE-2024-56700",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56700"
},
{
"name": "CVE-2024-56701",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56701"
},
{
"name": "CVE-2024-56705",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56705"
},
{
"name": "CVE-2024-56708",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56708"
},
{
"name": "CVE-2024-56709",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56709"
},
{
"name": "CVE-2024-56712",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56712"
},
{
"name": "CVE-2024-56716",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56716"
},
{
"name": "CVE-2024-56722",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56722"
},
{
"name": "CVE-2024-56723",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56723"
},
{
"name": "CVE-2024-56724",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56724"
},
{
"name": "CVE-2024-56729",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56729"
},
{
"name": "CVE-2024-56739",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56739"
},
{
"name": "CVE-2024-56741",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56741"
},
{
"name": "CVE-2024-56745",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56745"
},
{
"name": "CVE-2024-56746",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56746"
},
{
"name": "CVE-2024-56747",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56747"
},
{
"name": "CVE-2024-56748",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56748"
},
{
"name": "CVE-2024-56759",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56759"
},
{
"name": "CVE-2024-56760",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56760"
},
{
"name": "CVE-2024-56765",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56765"
},
{
"name": "CVE-2024-56766",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56766"
},
{
"name": "CVE-2024-56767",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56767"
},
{
"name": "CVE-2024-56769",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56769"
},
{
"name": "CVE-2024-56774",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56774"
},
{
"name": "CVE-2024-56775",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56775"
},
{
"name": "CVE-2024-56776",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56776"
},
{
"name": "CVE-2024-56777",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56777"
},
{
"name": "CVE-2024-56778",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56778"
},
{
"name": "CVE-2024-56779",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56779"
},
{
"name": "CVE-2024-56780",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56780"
},
{
"name": "CVE-2024-56787",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56787"
},
{
"name": "CVE-2024-57791",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57791"
},
{
"name": "CVE-2024-57792",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57792"
},
{
"name": "CVE-2024-57793",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57793"
},
{
"name": "CVE-2024-57795",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57795"
},
{
"name": "CVE-2024-57798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57798"
},
{
"name": "CVE-2024-57801",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57801"
},
{
"name": "CVE-2024-57804",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57804"
},
{
"name": "CVE-2024-57809",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57809"
},
{
"name": "CVE-2024-57838",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57838"
},
{
"name": "CVE-2024-57849",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57849"
},
{
"name": "CVE-2024-57850",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57850"
},
{
"name": "CVE-2024-57857",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57857"
},
{
"name": "CVE-2024-57874",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57874"
},
{
"name": "CVE-2024-57876",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57876"
},
{
"name": "CVE-2024-57887",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57887"
},
{
"name": "CVE-2024-57888",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57888"
},
{
"name": "CVE-2024-57890",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57890"
},
{
"name": "CVE-2024-57892",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57892"
},
{
"name": "CVE-2024-57893",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57893"
},
{
"name": "CVE-2024-57896",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57896"
},
{
"name": "CVE-2024-57897",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57897"
},
{
"name": "CVE-2024-57899",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57899"
},
{
"name": "CVE-2024-57903",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57903"
},
{
"name": "CVE-2024-57904",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57904"
},
{
"name": "CVE-2024-57906",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57906"
},
{
"name": "CVE-2024-57907",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57907"
},
{
"name": "CVE-2024-57908",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57908"
},
{
"name": "CVE-2024-57910",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57910"
},
{
"name": "CVE-2024-57911",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57911"
},
{
"name": "CVE-2024-57912",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57912"
},
{
"name": "CVE-2024-57913",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57913"
},
{
"name": "CVE-2024-57915",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57915"
},
{
"name": "CVE-2024-57916",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57916"
},
{
"name": "CVE-2024-57922",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57922"
},
{
"name": "CVE-2024-57926",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57926"
},
{
"name": "CVE-2024-57929",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57929"
},
{
"name": "CVE-2024-57932",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57932"
},
{
"name": "CVE-2024-57933",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57933"
},
{
"name": "CVE-2024-57935",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57935"
},
{
"name": "CVE-2024-57936",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57936"
},
{
"name": "CVE-2024-57940",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57940"
},
{
"name": "CVE-2025-21632",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21632"
},
{
"name": "CVE-2025-21645",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21645"
},
{
"name": "CVE-2025-21646",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21646"
},
{
"name": "CVE-2025-21649",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21649"
},
{
"name": "CVE-2025-21650",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21650"
},
{
"name": "CVE-2025-21651",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21651"
},
{
"name": "CVE-2025-21656",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21656"
},
{
"name": "CVE-2025-21662",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21662"
},
{
"name": "CVE-2024-50258",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50258"
},
{
"name": "CVE-2024-50304",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50304"
},
{
"name": "CVE-2024-53187",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53187"
},
{
"name": "CVE-2024-53203",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53203"
},
{
"name": "CVE-2024-56592",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56592"
},
{
"name": "CVE-2024-56600",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56600"
},
{
"name": "CVE-2024-56601",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56601"
},
{
"name": "CVE-2024-56608",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56608"
},
{
"name": "CVE-2024-56610",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56610"
},
{
"name": "CVE-2024-56650",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56650"
},
{
"name": "CVE-2024-56658",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56658"
},
{
"name": "CVE-2024-56665",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56665"
},
{
"name": "CVE-2024-56679",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56679"
},
{
"name": "CVE-2024-56693",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56693"
},
{
"name": "CVE-2024-56707",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56707"
},
{
"name": "CVE-2024-56715",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56715"
},
{
"name": "CVE-2024-56725",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56725"
},
{
"name": "CVE-2024-56726",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56726"
},
{
"name": "CVE-2024-56727",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56727"
},
{
"name": "CVE-2024-56728",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56728"
},
{
"name": "CVE-2024-56763",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56763"
},
{
"name": "CVE-2024-57802",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57802"
},
{
"name": "CVE-2024-57882",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57882"
},
{
"name": "CVE-2024-57884",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57884"
},
{
"name": "CVE-2024-57917",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57917"
},
{
"name": "CVE-2024-57931",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57931"
},
{
"name": "CVE-2024-57938",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57938"
},
{
"name": "CVE-2024-57946",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57946"
},
{
"name": "CVE-2025-21652",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21652"
},
{
"name": "CVE-2025-21653",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21653"
},
{
"name": "CVE-2025-21655",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21655"
},
{
"name": "CVE-2025-21663",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21663"
},
{
"name": "CVE-2025-21664",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21664"
},
{
"name": "CVE-2025-21666",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21666"
},
{
"name": "CVE-2025-21669",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21669"
},
{
"name": "CVE-2025-21670",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21670"
},
{
"name": "CVE-2025-21674",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21674"
},
{
"name": "CVE-2025-21675",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21675"
},
{
"name": "CVE-2025-21676",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21676"
},
{
"name": "CVE-2025-21678",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21678"
},
{
"name": "CVE-2025-21682",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21682"
},
{
"name": "CVE-2025-21665",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21665"
},
{
"name": "CVE-2025-21667",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21667"
},
{
"name": "CVE-2025-21668",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21668"
},
{
"name": "CVE-2025-21681",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21681"
},
{
"name": "CVE-2021-47222",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47222"
},
{
"name": "CVE-2021-47223",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47223"
},
{
"name": "CVE-2024-53177",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53177"
},
{
"name": "CVE-2024-56633",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56633"
},
{
"name": "CVE-2025-21673",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21673"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0151",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-02-21T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de SUSE. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de SUSE",
"vendor_advisories": [
{
"published_at": "2025-02-14",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2025:0555-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250555-1"
},
{
"published_at": "2025-02-17",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2025:0564-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250564-1"
},
{
"published_at": "2025-02-14",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2025:0556-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250556-1"
},
{
"published_at": "2025-02-18",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2025:0577-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250577-1"
},
{
"published_at": "2025-02-14",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2025:0557-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250557-1"
},
{
"published_at": "2025-02-18",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2025:0576-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250576-1"
},
{
"published_at": "2025-02-20",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2025:0603-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250603-1"
},
{
"published_at": "2025-02-17",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2025:0565-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250565-1"
},
{
"published_at": "2025-02-20",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2025:0517-2",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250517-2"
}
]
}
CERTFR-2025-AVI-0677
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Siemens. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Siemens | N/A | SIMATIC PCS neo V6.0 versions antérieures à V6.0 SP1 | ||
| Siemens | N/A | SIMATIC WinCC V17, v18 et V20 toutes versions pour les vulnérabilités CVE-2024-54678 et CVE-2025-40759 | ||
| Siemens | N/A | SIMATIC Control Function Library (CFL) toutes versions pour la vulnérabilité CVE-2025-30033 | ||
| Siemens | N/A | SIPROTEC 5 versions antérieures à 10.0 | ||
| Siemens | N/A | SIMATIC MTP Integrator toutes versions pour la vulnérabilité CVE-2025-30033 | ||
| Siemens | N/A | SIMATIC ProSave V17 toutes versions pour la vulnérabilité CVE-2025-30033 | ||
| Siemens | N/A | SIMATIC WinCC Unified Line Coordination toutes versions pour la vulnérabilité CVE-2025-30033 | ||
| Siemens | N/A | SIMATIC WinCC TeleControl toutes versions pour la vulnérabilité CVE-2025-30033 | ||
| Siemens | N/A | SIMATIC WinCC OA V3.19 versions antérieures à V3.19 P020 | ||
| Siemens | N/A | SIMATIC WinCC flexible ES toutes versions pour la vulnérabilité CVE-2025-30033 | ||
| Siemens | N/A | SIMATIC S7-PLCSIM V17 toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2024-54678. | ||
| Siemens | N/A | SIMATIC S7-Fail-safe Configuration Tool (S7-FCT) versions antérieures à 4.0.1 | ||
| Siemens | N/A | SIMATIC PCS neo V6.0 toutes versions pour la vulnérabilité CVE-2024-54678 | ||
| Siemens | N/A | SIMATIC eaSie Core Package (6DL5424-0AX00-0AV8) toutes versions pour la vulnérabilité CVE-2025-30033 | ||
| Siemens | N/A | SIMATIC MTP CREATOR V2.x et V3.x toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2025-30033. | ||
| Siemens | N/A | SIMATIC WinCC OA V3.18 versions antérieures à V3.18 P032 | ||
| Siemens | N/A | TIA Portal Cloud V19 versions antérieures à 5.2.1.1 | ||
| Siemens | N/A | SIMATIC D7-SYS toutes versions pour la vulnérabilité CVE-2025-30033 | ||
| Siemens | N/A | SIMATIC BATCH V10.0 toutes versions pour la vulnérabilité CVE-2025-30033 | ||
| Siemens | N/A | SIMATIC ODK 1500S toutes versions pour la vulnérabilité CVE-2025-30033 | ||
| Siemens | N/A | SIMATIC Process Historian 2020 toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour les vulnérabilités CVE-2025-30033 et CVE-2025-47809 | ||
| Siemens | N/A | SIMATIC S7-1500 Software Controller V2 toutes versions pour la vulnérabilité CVE-2025-30033 | ||
| Siemens | N/A | TIA Portal Cloud Connector toutes versions pour la vulnérabilité CVE-2025-30033 | ||
| Siemens | N/A | SIMATIC WinCC Unified Sequence toutes versions pour la vulnérabilité CVE-2025-30033 | ||
| Siemens | N/A | SIMATIC S7-PLCSIM V17 toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2025-40759. | ||
| Siemens | N/A | SIMATIC WinCC Runtime Advanced toutes versions pour la vulnérabilité CVE-2025-30033 | ||
| Siemens | N/A | SIMATIC Logon V2.0 toutes versions pour la vulnérabilité CVE-2025-30033 | ||
| Siemens | N/A | SIMATIC ProSave V19 versions antérieures à V19 Update 4 | ||
| Siemens | N/A | SIMATIC PDM Maintenance Station V5.0 toutes versions pour les vulnérabilités CVE-2025-30033 et CVE-2025-47809 | ||
| Siemens | N/A | SIMATIC Safety Matrix toutes versions pour la vulnérabilité CVE-2025-30033 | ||
| Siemens | N/A | SIMATIC Management Console toutes versions pour la vulnérabilité CVE-2025-30033 | ||
| Siemens | N/A | SCALANCE XCM-/XRM-/XCH-/XRH-300 family versions antérieures à 3.2 | ||
| Siemens | N/A | SIMATIC BATCH V9.1 toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2025-30033. | ||
| Siemens | N/A | SIMATIC Process Function Library (PFL) V4.0 toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2025-30033. | ||
| Siemens | N/A | SIMATIC S7-1500 Software Controller V3 toutes versions pour la vulnérabilité CVE-2025-30033 | ||
| Siemens | N/A | SIMATIC STEP 7 CFC V20 toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2025-30033. | ||
| Siemens | N/A | SIMATIC NET PC Software toutes versions pour la vulnérabilité CVE-2025-30033 | ||
| Siemens | N/A | SIMATIC Route Control V9.1 toutes versions pour la vulnérabilité CVE-2025-30033 | ||
| Siemens | N/A | SIMATIC Process Historian 2022 toutes versions pour la vulnérabilité CVE-2025-30033 | ||
| Siemens | N/A | SIMATIC WinCC OA V3.20 versions antérieures à V3.20 P008 | ||
| Siemens | N/A | SIMATIC RTLS Locating Manager versions antérieures à 3.3 | ||
| Siemens | N/A | Siprotec 4 7SA6, 7SD5 et 7SD610 versions antérieures à 4.78 | ||
| Siemens | N/A | SIMATIC Automation Tool toutes versions pour la vulnérabilité CVE-2025-30033 | ||
| Siemens | N/A | TIA Portal Cloud V18 toutes versions pour les vulnérabilités CVE-2024-54678 et CVE-2025-40759 | ||
| Siemens | N/A | SIMATIC PDM V9.2 et V9.3 toutes versions pour la vulnérabilité CVE-2025-30033 | ||
| Siemens | N/A | SIMATIC WinCC Runtime Professional toutes versions pour la vulnérabilité CVE-2025-30033 | ||
| Siemens | N/A | SIMATIC WinCC Visualization Architect (SiVArc) toutes versions pour la vulnérabilité CVE-2025-30033 | ||
| Siemens | N/A | SIMATIC eaSie Workflow Skills toutes versions pour la vulnérabilité CVE-2025-30033 | ||
| Siemens | N/A | SIMATIC STEP 7 CFC V19 toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2025-30033. | ||
| Siemens | N/A | SIMATIC WinCC V19 versions antérieures à V19 Update 4 | ||
| Siemens | N/A | SIMATIC Management Agent toutes versions pour la vulnérabilité CVE-2025-30033 | ||
| Siemens | N/A | SIMATIC WinCC V7.5 et V8.0 toutes versions pour la vulnérabilité CVE-2025-30033 | ||
| Siemens | N/A | SIMATIC STEP 7 V5.7 toutes versions pour la vulnérabilité CVE-2025-30033 | ||
| Siemens | N/A | SIMATIC Automation Tool SDK Windows toutes versions pour la vulnérabilité CVE-2025-30033 | ||
| Siemens | N/A | SIMATIC Process Historian 2022 toutes versions pour la vulnérabilité CVE-2025-47809 | ||
| Siemens | N/A | SIMATIC S7-PLCSIM V20 versions antérieures à V20 Update 1 | ||
| Siemens | N/A | TIA Portal Cloud V17 toutes versions pour les vulnérabilités CVE-2024-54678 et CVE-2025-40759 | ||
| Siemens | N/A | SIMATIC Energy Suite toutes versions pour la vulnérabilité CVE-2025-30033 | ||
| Siemens | N/A | SIMATIC PCS 7 toutes versions pour la vulnérabilité CVE-2025-30033 | ||
| Siemens | N/A | SIMATIC Process Historian 2024 toutes versions pour la vulnérabilité CVE-2025-30033 | ||
| Siemens | N/A | SIMATIC STEP 7 V19 versions antérieures à V19 Update 4 | ||
| Siemens | N/A | TIA Portal Test Suite V17, v18, v19 et v20 toutes versions pour la vulnérabilité CVE-2025-30033 | ||
| Siemens | N/A | SIMATIC S7-PCT toutes versions pour la vulnérabilité CVE-2025-30033 | ||
| Siemens | N/A | SIMATIC Target toutes versions pour la vulnérabilité CVE-2025-30033 | ||
| Siemens | N/A | SIMATIC ProSave V18 toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2025-30033. | ||
| Siemens | N/A | SIMATIC Logon V1.6 toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2025-30033. | ||
| Siemens | N/A | SIMATIC STEP 7 V17 et V18 toutes versions pour les vulnérabilités CVE-2024-54678 et CVE-2025-40759 | ||
| Siemens | N/A | SIMATIC RTLS Locating Manager versions antérieures à 3.2 | ||
| Siemens | N/A | SIMATIC S7-PLCSIM Advanced versions antérieures à V7.0 Update 1 | ||
| Siemens | N/A | SIMATIC PCS neo V5.0 toutes versions pour la vulnérabilité CVE-2024-54678 | ||
| Siemens | N/A | SIMATIC STEP 7 V20 toutes versions pour les vulnérabilités CVE-2024-54678 et CVE-2025-40759 | ||
| Siemens | N/A | TIA Portal Cloud V20 toutes versions pour les vulnérabilités CVE-2024-54678 et CVE-2025-40759 | ||
| Siemens | N/A | Siprotec 4 toutes versions et tous modèles exceptés 7SA6, 7SD5, 7SD610 pour la vulnérabilité CVE-2024-52504. | ||
| Siemens | N/A | SIMATIC eaSie PCS 7 Skill Package (6DL5424-0BX00-0AV8) toutes versions pour la vulnérabilité CVE-2025-30033 | ||
| Siemens | N/A | SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 versions antérieures à 3.2 | ||
| Siemens | N/A | SIMATIC S7-PLCSIM V17, V18 et V19 toutes versions pour la vulnérabilité CVE-2025-30033 | ||
| Siemens | N/A | SIMATIC WinCC Unified PC Runtime V18, V19 et V20 toutes versions pour la vulnérabilité CVE-2025-30033 | ||
| Siemens | N/A | SIMATIC PCS 7 Advanced Process Faceplates V9.1 toutes versions pour la vulnérabilité CVE-2025-30033 | ||
| Siemens | N/A | SIMATIC S7 F Systems V6.4 toutes versions pour la vulnérabilité CVE-2025-30033 | ||
| Siemens | N/A | SIMATIC Information Server toutes versions pour la vulnérabilité CVE-2025-47809 | ||
| Siemens | N/A | SIMATIC S7 F Systems V6.3 toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2025-30033. | ||
| Siemens | N/A | SIMATIC ProSave V20 toutes versions pour la vulnérabilité CVE-2025-30033 | ||
| Siemens | N/A | SIMATIC PCS 7 Logic Matrix V9.1 toutes versions pour la vulnérabilité CVE-2025-30033 | ||
| Siemens | N/A | WinCC Panel Image Setup toutes versions pour la vulnérabilité CVE-2025-30033 | ||
| Siemens | N/A | SIMATIC PCS neo V4.1 et V5.0 toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2024-54678. | ||
| Siemens | N/A | SIMATIC Route Control V10.0 toutes versions pour la vulnérabilité CVE-2025-30033 | ||
| Siemens | N/A | SIMATIC WinCC V8.1 versions antérieures à V8.1 Update 3 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SIMATIC PCS neo V6.0 versions ant\u00e9rieures \u00e0 V6.0 SP1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC V17, v18 et V20 toutes versions pour les vuln\u00e9rabilit\u00e9s CVE-2024-54678 et CVE-2025-40759",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC Control Function Library (CFL) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-30033",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 5 versions ant\u00e9rieures \u00e0 10.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC MTP Integrator toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-30033",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ProSave V17 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-30033",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC Unified Line Coordination toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-30033",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC TeleControl toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-30033",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC OA V3.19 versions ant\u00e9rieures \u00e0 V3.19 P020",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC flexible ES toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-30033",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-PLCSIM V17 toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2024-54678.",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-Fail-safe Configuration Tool (S7-FCT) versions ant\u00e9rieures \u00e0 4.0.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC PCS neo V6.0 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-54678",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC eaSie Core Package (6DL5424-0AX00-0AV8) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-30033",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC MTP CREATOR V2.x et V3.x toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2025-30033.",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC OA V3.18 versions ant\u00e9rieures \u00e0 V3.18 P032",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "TIA Portal Cloud V19 versions ant\u00e9rieures \u00e0 5.2.1.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC D7-SYS toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-30033",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC BATCH V10.0 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-30033",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ODK 1500S toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-30033",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC Process Historian 2020 toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour les vuln\u00e9rabilit\u00e9s CVE-2025-30033 et CVE-2025-47809",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 Software Controller V2 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-30033",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "TIA Portal Cloud Connector toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-30033",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC Unified Sequence toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-30033",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-PLCSIM V17 toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2025-40759.",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC Runtime Advanced toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-30033",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC Logon V2.0 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-30033",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ProSave V19 versions ant\u00e9rieures \u00e0 V19 Update 4",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC PDM Maintenance Station V5.0 toutes versions pour les vuln\u00e9rabilit\u00e9s CVE-2025-30033 et CVE-2025-47809",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC Safety Matrix toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-30033",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC Management Console toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-30033",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XCM-/XRM-/XCH-/XRH-300 family versions ant\u00e9rieures \u00e0 3.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC BATCH V9.1 toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2025-30033.",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC Process Function Library (PFL) V4.0 toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2025-30033.",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 Software Controller V3 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-30033",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC STEP 7 CFC V20 toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2025-30033.",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC NET PC Software toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-30033",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC Route Control V9.1 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-30033",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC Process Historian 2022 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-30033",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC OA V3.20 versions ant\u00e9rieures \u00e0 V3.20 P008",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC RTLS Locating Manager versions ant\u00e9rieures \u00e0 3.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Siprotec 4 7SA6, 7SD5 et 7SD610 versions ant\u00e9rieures \u00e0 4.78",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC Automation Tool toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-30033",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "TIA Portal Cloud V18 toutes versions pour les vuln\u00e9rabilit\u00e9s CVE-2024-54678 et CVE-2025-40759",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC PDM V9.2 et V9.3 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-30033",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC Runtime Professional toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-30033",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC Visualization Architect (SiVArc) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-30033",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC eaSie Workflow Skills toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-30033",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC STEP 7 CFC V19 toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2025-30033.",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC V19 versions ant\u00e9rieures \u00e0 V19 Update 4",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC Management Agent toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-30033",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC V7.5 et V8.0 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-30033",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC STEP 7 V5.7 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-30033",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC Automation Tool SDK Windows toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-30033",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC Process Historian 2022 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-47809",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-PLCSIM V20 versions ant\u00e9rieures \u00e0 V20 Update 1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "TIA Portal Cloud V17 toutes versions pour les vuln\u00e9rabilit\u00e9s CVE-2024-54678 et CVE-2025-40759",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC Energy Suite toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-30033",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC PCS 7 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-30033",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC Process Historian 2024 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-30033",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC STEP 7 V19 versions ant\u00e9rieures \u00e0 V19 Update 4",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "TIA Portal Test Suite V17, v18, v19 et v20 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-30033",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-PCT toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-30033",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC Target toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-30033",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ProSave V18 toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2025-30033.",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC Logon V1.6 toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2025-30033.",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC STEP 7 V17 et V18 toutes versions pour les vuln\u00e9rabilit\u00e9s CVE-2024-54678 et CVE-2025-40759",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC RTLS Locating Manager versions ant\u00e9rieures \u00e0 3.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-PLCSIM Advanced versions ant\u00e9rieures \u00e0 V7.0 Update 1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC PCS neo V5.0 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-54678",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC STEP 7 V20 toutes versions pour les vuln\u00e9rabilit\u00e9s CVE-2024-54678 et CVE-2025-40759",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "TIA Portal Cloud V20 toutes versions pour les vuln\u00e9rabilit\u00e9s CVE-2024-54678 et CVE-2025-40759",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Siprotec 4 toutes versions et tous mod\u00e8les except\u00e9s 7SA6, 7SD5, 7SD610 pour la vuln\u00e9rabilit\u00e9 CVE-2024-52504. ",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC eaSie PCS 7 Skill Package (6DL5424-0BX00-0AV8) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-30033",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 versions ant\u00e9rieures \u00e0 3.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-PLCSIM V17, V18 et V19 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-30033",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC Unified PC Runtime V18, V19 et V20 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-30033",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC PCS 7 Advanced Process Faceplates V9.1 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-30033",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7 F Systems V6.4 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-30033",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC Information Server toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-47809",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7 F Systems V6.3 toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2025-30033.",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ProSave V20 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-30033",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC PCS 7 Logic Matrix V9.1 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-30033",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "WinCC Panel Image Setup toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-30033",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC PCS neo V4.1 et V5.0 toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2024-54678.",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC Route Control V10.0 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-30033",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC V8.1 versions ant\u00e9rieures \u00e0 V8.1 Update 3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2023-35827",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35827"
},
{
"name": "CVE-2024-40931",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40931"
},
{
"name": "CVE-2024-56596",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56596"
},
{
"name": "CVE-2024-43907",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43907"
},
{
"name": "CVE-2024-56645",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56645"
},
{
"name": "CVE-2024-56659",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56659"
},
{
"name": "CVE-2024-46755",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46755"
},
{
"name": "CVE-2024-47748",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47748"
},
{
"name": "CVE-2024-26825",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26825"
},
{
"name": "CVE-2024-49863",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49863"
},
{
"name": "CVE-2024-41022",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41022"
},
{
"name": "CVE-2024-49907",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49907"
},
{
"name": "CVE-2024-53061",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53061"
},
{
"name": "CVE-2024-53052",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53052"
},
{
"name": "CVE-2023-52477",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52477"
},
{
"name": "CVE-2024-53097",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53097"
},
{
"name": "CVE-2024-46713",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46713"
},
{
"name": "CVE-2023-52622",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52622"
},
{
"name": "CVE-2024-9681",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9681"
},
{
"name": "CVE-2024-46844",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46844"
},
{
"name": "CVE-2024-43914",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43914"
},
{
"name": "CVE-2024-26696",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26696"
},
{
"name": "CVE-2024-56670",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56670"
},
{
"name": "CVE-2024-41009",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41009"
},
{
"name": "CVE-2024-47697",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47697"
},
{
"name": "CVE-2024-46815",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46815"
},
{
"name": "CVE-2024-39503",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39503"
},
{
"name": "CVE-2025-40759",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40759"
},
{
"name": "CVE-2022-48666",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48666"
},
{
"name": "CVE-2024-49890",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49890"
},
{
"name": "CVE-2024-50262",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50262"
},
{
"name": "CVE-2024-40988",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40988"
},
{
"name": "CVE-2024-50268",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50268"
},
{
"name": "CVE-2024-49903",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49903"
},
{
"name": "CVE-2024-49969",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49969"
},
{
"name": "CVE-2023-52804",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52804"
},
{
"name": "CVE-2024-41004",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41004"
},
{
"name": "CVE-2024-46676",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46676"
},
{
"name": "CVE-2024-41070",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41070"
},
{
"name": "CVE-2024-46740",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46740"
},
{
"name": "CVE-2023-52845",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52845"
},
{
"name": "CVE-2021-44879",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44879"
},
{
"name": "CVE-2024-46798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46798"
},
{
"name": "CVE-2024-50195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50195"
},
{
"name": "CVE-2024-53172",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53172"
},
{
"name": "CVE-2024-46707",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46707"
},
{
"name": "CVE-2024-49967",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49967"
},
{
"name": "CVE-2024-41000",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41000"
},
{
"name": "CVE-2024-36974",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36974"
},
{
"name": "CVE-2023-52818",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52818"
},
{
"name": "CVE-2024-56606",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56606"
},
{
"name": "CVE-2023-52637",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52637"
},
{
"name": "CVE-2024-46747",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46747"
},
{
"name": "CVE-2024-49858",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49858"
},
{
"name": "CVE-2023-52873",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52873"
},
{
"name": "CVE-2024-49948",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49948"
},
{
"name": "CVE-2024-56594",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56594"
},
{
"name": "CVE-2024-26754",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26754"
},
{
"name": "CVE-2023-52858",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52858"
},
{
"name": "CVE-2024-46738",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46738"
},
{
"name": "CVE-2023-45863",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45863"
},
{
"name": "CVE-2024-56756",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56756"
},
{
"name": "CVE-2024-52332",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52332"
},
{
"name": "CVE-2024-46679",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46679"
},
{
"name": "CVE-2024-56724",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56724"
},
{
"name": "CVE-2024-53194",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53194"
},
{
"name": "CVE-2024-49878",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49878"
},
{
"name": "CVE-2023-51782",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51782"
},
{
"name": "CVE-2024-46673",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46673"
},
{
"name": "CVE-2024-41034",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41034"
},
{
"name": "CVE-2024-56723",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56723"
},
{
"name": "CVE-2024-53226",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53226"
},
{
"name": "CVE-2024-49884",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49884"
},
{
"name": "CVE-2024-46724",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46724"
},
{
"name": "CVE-2024-56569",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56569"
},
{
"name": "CVE-2024-50074",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50074"
},
{
"name": "CVE-2024-26790",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26790"
},
{
"name": "CVE-2024-46791",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46791"
},
{
"name": "CVE-2024-50024",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50024"
},
{
"name": "CVE-2024-47684",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47684"
},
{
"name": "CVE-2024-49965",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49965"
},
{
"name": "CVE-2024-44969",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44969"
},
{
"name": "CVE-2024-56634",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56634"
},
{
"name": "CVE-2024-43098",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43098"
},
{
"name": "CVE-2024-42236",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42236"
},
{
"name": "CVE-2024-56548",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56548"
},
{
"name": "CVE-2024-39469",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39469"
},
{
"name": "CVE-2024-39509",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39509"
},
{
"name": "CVE-2024-50202",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50202"
},
{
"name": "CVE-2023-5178",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5178"
},
{
"name": "CVE-2024-26845",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26845"
},
{
"name": "CVE-2024-26704",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26704"
},
{
"name": "CVE-2024-26671",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26671"
},
{
"name": "CVE-2024-46800",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46800"
},
{
"name": "CVE-2023-52810",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52810"
},
{
"name": "CVE-2024-46750",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46750"
},
{
"name": "CVE-2024-39484",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39484"
},
{
"name": "CVE-2024-53181",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53181"
},
{
"name": "CVE-2024-46722",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46722"
},
{
"name": "CVE-2024-26600",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26600"
},
{
"name": "CVE-2024-47701",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47701"
},
{
"name": "CVE-2024-40971",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40971"
},
{
"name": "CVE-2023-52847",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52847"
},
{
"name": "CVE-2024-39505",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39505"
},
{
"name": "CVE-2023-52864",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52864"
},
{
"name": "CVE-2024-0646",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0646"
},
{
"name": "CVE-2024-50302",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50302"
},
{
"name": "CVE-2024-47713",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47713"
},
{
"name": "CVE-2024-49936",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49936"
},
{
"name": "CVE-2024-50267",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50267"
},
{
"name": "CVE-2024-56637",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56637"
},
{
"name": "CVE-2024-47663",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47663"
},
{
"name": "CVE-2024-40932",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40932"
},
{
"name": "CVE-2024-49881",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49881"
},
{
"name": "CVE-2023-52478",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52478"
},
{
"name": "CVE-2024-41006",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41006"
},
{
"name": "CVE-2023-46343",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46343"
},
{
"name": "CVE-2024-46745",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46745"
},
{
"name": "CVE-2024-46819",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46819"
},
{
"name": "CVE-2024-49896",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49896"
},
{
"name": "CVE-2024-40904",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40904"
},
{
"name": "CVE-2024-42084",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42084"
},
{
"name": "CVE-2024-49959",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49959"
},
{
"name": "CVE-2024-49913",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49913"
},
{
"name": "CVE-2024-56691",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56691"
},
{
"name": "CVE-2024-46721",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46721"
},
{
"name": "CVE-2024-50045",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50045"
},
{
"name": "CVE-2024-26805",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26805"
},
{
"name": "CVE-2024-42153",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42153"
},
{
"name": "CVE-2024-46822",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46822"
},
{
"name": "CVE-2024-40960",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40960"
},
{
"name": "CVE-2024-49995",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49995"
},
{
"name": "CVE-2024-56643",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56643"
},
{
"name": "CVE-2025-40570",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40570"
},
{
"name": "CVE-2024-56661",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56661"
},
{
"name": "CVE-2024-49977",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49977"
},
{
"name": "CVE-2024-42154",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42154"
},
{
"name": "CVE-2024-49900",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49900"
},
{
"name": "CVE-2024-46685",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46685"
},
{
"name": "CVE-2024-47679",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47679"
},
{
"name": "CVE-2024-36484",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36484"
},
{
"name": "CVE-2024-43889",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43889"
},
{
"name": "CVE-2024-44998",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44998"
},
{
"name": "CVE-2024-46723",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46723"
},
{
"name": "CVE-2024-42229",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42229"
},
{
"name": "CVE-2024-26839",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26839"
},
{
"name": "CVE-2024-46828",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46828"
},
{
"name": "CVE-2024-50269",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50269"
},
{
"name": "CVE-2024-53150",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53150"
},
{
"name": "CVE-2024-47735",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47735"
},
{
"name": "CVE-2024-49952",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49952"
},
{
"name": "CVE-2024-49981",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49981"
},
{
"name": "CVE-2024-56595",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56595"
},
{
"name": "CVE-2024-42086",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42086"
},
{
"name": "CVE-2024-26581",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26581"
},
{
"name": "CVE-2022-48935",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48935"
},
{
"name": "CVE-2023-52433",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52433"
},
{
"name": "CVE-2024-41007",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41007"
},
{
"name": "CVE-2024-41095",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41095"
},
{
"name": "CVE-2024-56601",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56601"
},
{
"name": "CVE-2023-52600",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52600"
},
{
"name": "CVE-2024-53057",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53057"
},
{
"name": "CVE-2024-26910",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26910"
},
{
"name": "CVE-2024-50181",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50181"
},
{
"name": "CVE-2023-52507",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52507"
},
{
"name": "CVE-2024-56571",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56571"
},
{
"name": "CVE-2023-52764",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52764"
},
{
"name": "CVE-2023-52587",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52587"
},
{
"name": "CVE-2023-52887",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52887"
},
{
"name": "CVE-2024-46675",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46675"
},
{
"name": "CVE-2024-26645",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26645"
},
{
"name": "CVE-2024-26702",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26702"
},
{
"name": "CVE-2024-46783",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46783"
},
{
"name": "CVE-2023-51779",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51779"
},
{
"name": "CVE-2024-42076",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42076"
},
{
"name": "CVE-2024-26673",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26673"
},
{
"name": "CVE-2024-49997",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49997"
},
{
"name": "CVE-2024-42092",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42092"
},
{
"name": "CVE-2024-26720",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26720"
},
{
"name": "CVE-2024-0584",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0584"
},
{
"name": "CVE-2024-42093",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42093"
},
{
"name": "CVE-2024-42247",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42247"
},
{
"name": "CVE-2024-43871",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43871"
},
{
"name": "CVE-2024-53066",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53066"
},
{
"name": "CVE-2023-52784",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52784"
},
{
"name": "CVE-2024-43880",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43880"
},
{
"name": "CVE-2024-27413",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27413"
},
{
"name": "CVE-2024-56629",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56629"
},
{
"name": "CVE-2024-50304",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50304"
},
{
"name": "CVE-2024-40959",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40959"
},
{
"name": "CVE-2024-26615",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26615"
},
{
"name": "CVE-2023-52853",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52853"
},
{
"name": "CVE-2024-46689",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46689"
},
{
"name": "CVE-2024-50295",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50295"
},
{
"name": "CVE-2024-26801",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26801"
},
{
"name": "CVE-2024-50051",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50051"
},
{
"name": "CVE-2024-41078",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41078"
},
{
"name": "CVE-2024-53063",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53063"
},
{
"name": "CVE-2024-53171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53171"
},
{
"name": "CVE-2024-56602",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56602"
},
{
"name": "CVE-2024-46781",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46781"
},
{
"name": "CVE-2024-56770",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56770"
},
{
"name": "CVE-2024-53157",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53157"
},
{
"name": "CVE-2025-30034",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30034"
},
{
"name": "CVE-2024-46777",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46777"
},
{
"name": "CVE-2023-52340",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52340"
},
{
"name": "CVE-2024-50199",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50199"
},
{
"name": "CVE-2024-26779",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26779"
},
{
"name": "CVE-2024-40916",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40916"
},
{
"name": "CVE-2024-0193",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0193"
},
{
"name": "CVE-2023-52604",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52604"
},
{
"name": "CVE-2024-50040",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50040"
},
{
"name": "CVE-2024-38586",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38586"
},
{
"name": "CVE-2024-56739",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56739"
},
{
"name": "CVE-2024-50292",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50292"
},
{
"name": "CVE-2024-53103",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53103"
},
{
"name": "CVE-2024-46714",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46714"
},
{
"name": "CVE-2024-40976",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40976"
},
{
"name": "CVE-2024-41081",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41081"
},
{
"name": "CVE-2025-40746",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40746"
},
{
"name": "CVE-2024-49983",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49983"
},
{
"name": "CVE-2023-52601",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52601"
},
{
"name": "CVE-2024-41072",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41072"
},
{
"name": "CVE-2024-44960",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44960"
},
{
"name": "CVE-2024-26773",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26773"
},
{
"name": "CVE-2024-26722",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26722"
},
{
"name": "CVE-2024-54678",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54678"
},
{
"name": "CVE-2024-26598",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26598"
},
{
"name": "CVE-2024-53197",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53197"
},
{
"name": "CVE-2024-26679",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26679"
},
{
"name": "CVE-2024-39468",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39468"
},
{
"name": "CVE-2024-26763",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26763"
},
{
"name": "CVE-2024-49889",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49889"
},
{
"name": "CVE-2023-52435",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52435"
},
{
"name": "CVE-2024-40980",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40980"
},
{
"name": "CVE-2023-52654",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52654"
},
{
"name": "CVE-2024-36938",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36938"
},
{
"name": "CVE-2024-40974",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40974"
},
{
"name": "CVE-2023-52855",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52855"
},
{
"name": "CVE-2024-56779",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56779"
},
{
"name": "CVE-2024-26749",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26749"
},
{
"name": "CVE-2024-44971",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44971"
},
{
"name": "CVE-2023-52603",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52603"
},
{
"name": "CVE-2024-43894",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43894"
},
{
"name": "CVE-2023-52486",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52486"
},
{
"name": "CVE-2024-43867",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43867"
},
{
"name": "CVE-2023-52868",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52868"
},
{
"name": "CVE-2023-52619",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52619"
},
{
"name": "CVE-2023-52796",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52796"
},
{
"name": "CVE-2023-52475",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52475"
},
{
"name": "CVE-2024-50013",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50013"
},
{
"name": "CVE-2024-50185",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50185"
},
{
"name": "CVE-2024-53239",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53239"
},
{
"name": "CVE-2023-52617",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52617"
},
{
"name": "CVE-2024-49957",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49957"
},
{
"name": "CVE-2024-49962",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49962"
},
{
"name": "CVE-2024-46731",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46731"
},
{
"name": "CVE-2024-39502",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39502"
},
{
"name": "CVE-2024-46674",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46674"
},
{
"name": "CVE-2023-52836",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52836"
},
{
"name": "CVE-2024-26804",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26804"
},
{
"name": "CVE-2024-26593",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26593"
},
{
"name": "CVE-2024-26751",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26751"
},
{
"name": "CVE-2024-49958",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49958"
},
{
"name": "CVE-2024-50082",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50082"
},
{
"name": "CVE-2024-47723",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47723"
},
{
"name": "CVE-2024-49955",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49955"
},
{
"name": "CVE-2024-42087",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42087"
},
{
"name": "CVE-2024-44944",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44944"
},
{
"name": "CVE-2024-43893",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43893"
},
{
"name": "CVE-2024-50095",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50095"
},
{
"name": "CVE-2024-40983",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40983"
},
{
"name": "CVE-2024-50296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50296"
},
{
"name": "CVE-2024-57874",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57874"
},
{
"name": "CVE-2024-53145",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53145"
},
{
"name": "CVE-2024-50006",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50006"
},
{
"name": "CVE-2022-49034",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49034"
},
{
"name": "CVE-2024-50049",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50049"
},
{
"name": "CVE-2024-27412",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27412"
},
{
"name": "CVE-2024-26636",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26636"
},
{
"name": "CVE-2024-56642",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56642"
},
{
"name": "CVE-2024-50007",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50007"
},
{
"name": "CVE-2024-56586",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56586"
},
{
"name": "CVE-2023-39198",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39198"
},
{
"name": "CVE-2024-40963",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40963"
},
{
"name": "CVE-2025-40752",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40752"
},
{
"name": "CVE-2024-41041",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41041"
},
{
"name": "CVE-2024-50096",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50096"
},
{
"name": "CVE-2023-52789",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52789"
},
{
"name": "CVE-2024-49868",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49868"
},
{
"name": "CVE-2024-40947",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40947"
},
{
"name": "CVE-2024-53173",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53173"
},
{
"name": "CVE-2024-50237",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50237"
},
{
"name": "CVE-2023-52867",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52867"
},
{
"name": "CVE-2024-44995",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44995"
},
{
"name": "CVE-2024-46757",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46757"
},
{
"name": "CVE-2024-42232",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42232"
},
{
"name": "CVE-2024-47699",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47699"
},
{
"name": "CVE-2024-56581",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56581"
},
{
"name": "CVE-2024-46677",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46677"
},
{
"name": "CVE-2024-50059",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50059"
},
{
"name": "CVE-2024-50264",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50264"
},
{
"name": "CVE-2024-26606",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26606"
},
{
"name": "CVE-2024-35833",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35833"
},
{
"name": "CVE-2024-41005",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41005"
},
{
"name": "CVE-2024-43883",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43883"
},
{
"name": "CVE-2024-56623",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56623"
},
{
"name": "CVE-2024-26625",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26625"
},
{
"name": "CVE-2024-44935",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44935"
},
{
"name": "CVE-2024-44999",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44999"
},
{
"name": "CVE-2024-47712",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47712"
},
{
"name": "CVE-2024-56610",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56610"
},
{
"name": "CVE-2024-26748",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26748"
},
{
"name": "CVE-2023-52809",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52809"
},
{
"name": "CVE-2024-42223",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42223"
},
{
"name": "CVE-2024-49963",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49963"
},
{
"name": "CVE-2024-49971",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49971"
},
{
"name": "CVE-2024-56562",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56562"
},
{
"name": "CVE-2024-26635",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26635"
},
{
"name": "CVE-2023-52805",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52805"
},
{
"name": "CVE-2024-41097",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41097"
},
{
"name": "CVE-2024-49875",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49875"
},
{
"name": "CVE-2024-47739",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47739"
},
{
"name": "CVE-2024-47705",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47705"
},
{
"name": "CVE-2024-53161",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53161"
},
{
"name": "CVE-2023-52919",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52919"
},
{
"name": "CVE-2024-50035",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50035"
},
{
"name": "CVE-2024-56600",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56600"
},
{
"name": "CVE-2024-36978",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36978"
},
{
"name": "CVE-2024-44988",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44988"
},
{
"name": "CVE-2024-47660",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47660"
},
{
"name": "CVE-2024-56690",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56690"
},
{
"name": "CVE-2024-56597",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56597"
},
{
"name": "CVE-2024-40905",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40905"
},
{
"name": "CVE-2024-56574",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56574"
},
{
"name": "CVE-2024-47740",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47740"
},
{
"name": "CVE-2024-41063",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41063"
},
{
"name": "CVE-2024-41017",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41017"
},
{
"name": "CVE-2024-26697",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26697"
},
{
"name": "CVE-2024-42244",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42244"
},
{
"name": "CVE-2024-49924",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49924"
},
{
"name": "CVE-2024-46758",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46758"
},
{
"name": "CVE-2024-53217",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53217"
},
{
"name": "CVE-2024-53183",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53183"
},
{
"name": "CVE-2024-49938",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49938"
},
{
"name": "CVE-2024-41012",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41012"
},
{
"name": "CVE-2024-40902",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40902"
},
{
"name": "CVE-2024-47756",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47756"
},
{
"name": "CVE-2024-40934",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40934"
},
{
"name": "CVE-2024-47667",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47667"
},
{
"name": "CVE-2024-46756",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46756"
},
{
"name": "CVE-2024-56615",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56615"
},
{
"name": "CVE-2024-47737",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47737"
},
{
"name": "CVE-2024-46739",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46739"
},
{
"name": "CVE-2024-47669",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47669"
},
{
"name": "CVE-2024-56705",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56705"
},
{
"name": "CVE-2024-50290",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50290"
},
{
"name": "CVE-2024-50008",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50008"
},
{
"name": "CVE-2024-42082",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42082"
},
{
"name": "CVE-2024-26685",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26685"
},
{
"name": "CVE-2024-56704",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56704"
},
{
"name": "CVE-2024-45006",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45006"
},
{
"name": "CVE-2024-46725",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46725"
},
{
"name": "CVE-2024-46829",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46829"
},
{
"name": "CVE-2024-40912",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40912"
},
{
"name": "CVE-2023-52599",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52599"
},
{
"name": "CVE-2024-56589",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56589"
},
{
"name": "CVE-2024-50265",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50265"
},
{
"name": "CVE-2024-56636",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56636"
},
{
"name": "CVE-2024-41089",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41089"
},
{
"name": "CVE-2024-39487",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39487"
},
{
"name": "CVE-2024-56567",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56567"
},
{
"name": "CVE-2024-44954",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44954"
},
{
"name": "CVE-2024-43908",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43908"
},
{
"name": "CVE-2023-3567",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3567"
},
{
"name": "CVE-2024-50033",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50033"
},
{
"name": "CVE-2024-43890",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43890"
},
{
"name": "CVE-2024-26688",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26688"
},
{
"name": "CVE-2023-52865",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52865"
},
{
"name": "CVE-2024-49901",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49901"
},
{
"name": "CVE-2024-36901",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36901"
},
{
"name": "CVE-2024-56688",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56688"
},
{
"name": "CVE-2024-41090",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41090"
},
{
"name": "CVE-2024-50180",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50180"
},
{
"name": "CVE-2024-26663",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26663"
},
{
"name": "CVE-2024-50282",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50282"
},
{
"name": "CVE-2024-50273",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50273"
},
{
"name": "CVE-2024-26675",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26675"
},
{
"name": "CVE-2024-56532",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56532"
},
{
"name": "CVE-2024-41077",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41077"
},
{
"name": "CVE-2024-47143",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47143"
},
{
"name": "CVE-2024-49949",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49949"
},
{
"name": "CVE-2023-52509",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52509"
},
{
"name": "CVE-2024-44952",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44952"
},
{
"name": "CVE-2023-52753",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52753"
},
{
"name": "CVE-2024-26840",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26840"
},
{
"name": "CVE-2024-50046",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50046"
},
{
"name": "CVE-2023-52583",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52583"
},
{
"name": "CVE-2024-50099",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50099"
},
{
"name": "CVE-2024-50193",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50193"
},
{
"name": "CVE-2024-46743",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46743"
},
{
"name": "CVE-2024-49944",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49944"
},
{
"name": "CVE-2023-52602",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52602"
},
{
"name": "CVE-2024-50198",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50198"
},
{
"name": "CVE-2023-52832",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52832"
},
{
"name": "CVE-2024-56746",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56746"
},
{
"name": "CVE-2024-47749",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47749"
},
{
"name": "CVE-2024-41092",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41092"
},
{
"name": "CVE-2024-49966",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49966"
},
{
"name": "CVE-2024-40995",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40995"
},
{
"name": "CVE-2024-41087",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41087"
},
{
"name": "CVE-2023-52819",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52819"
},
{
"name": "CVE-2023-52876",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52876"
},
{
"name": "CVE-2024-42095",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42095"
},
{
"name": "CVE-2024-49902",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49902"
},
{
"name": "CVE-2024-47757",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47757"
},
{
"name": "CVE-2025-30033",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30033"
},
{
"name": "CVE-2024-27417",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27417"
},
{
"name": "CVE-2024-48881",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48881"
},
{
"name": "CVE-2024-47692",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47692"
},
{
"name": "CVE-2024-46744",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46744"
},
{
"name": "CVE-2024-0841",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0841"
},
{
"name": "CVE-2025-40753",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40753"
},
{
"name": "CVE-2024-50184",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50184"
},
{
"name": "CVE-2024-40929",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40929"
},
{
"name": "CVE-2024-39501",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39501"
},
{
"name": "CVE-2024-52504",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52504"
},
{
"name": "CVE-2024-50287",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50287"
},
{
"name": "CVE-2024-56747",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56747"
},
{
"name": "CVE-2024-49851",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49851"
},
{
"name": "CVE-2023-6040",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6040"
},
{
"name": "CVE-2023-52510",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52510"
},
{
"name": "CVE-2023-51781",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51781"
},
{
"name": "CVE-2024-56603",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56603"
},
{
"name": "CVE-2024-53158",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53158"
},
{
"name": "CVE-2024-43882",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43882"
},
{
"name": "CVE-2024-41068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41068"
},
{
"name": "CVE-2024-56644",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56644"
},
{
"name": "CVE-2024-46780",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46780"
},
{
"name": "CVE-2024-46817",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46817"
},
{
"name": "CVE-2024-42101",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42101"
},
{
"name": "CVE-2025-40751",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40751"
},
{
"name": "CVE-2024-50278",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50278"
},
{
"name": "CVE-2024-50201",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50201"
},
{
"name": "CVE-2024-35835",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35835"
},
{
"name": "CVE-2024-56701",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56701"
},
{
"name": "CVE-2024-42077",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42077"
},
{
"name": "CVE-2023-52670",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52670"
},
{
"name": "CVE-2024-40943",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40943"
},
{
"name": "CVE-2024-26735",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26735"
},
{
"name": "CVE-2024-49933",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49933"
},
{
"name": "CVE-2024-53184",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53184"
},
{
"name": "CVE-2024-47685",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47685"
},
{
"name": "CVE-2024-40901",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40901"
},
{
"name": "CVE-2022-48829",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48829"
},
{
"name": "CVE-2024-53174",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53174"
},
{
"name": "CVE-2024-49879",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49879"
},
{
"name": "CVE-2024-39495",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39495"
},
{
"name": "CVE-2024-50044",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50044"
},
{
"name": "CVE-2024-49894",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49894"
},
{
"name": "CVE-2024-56700",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56700"
},
{
"name": "CVE-2024-47718",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47718"
},
{
"name": "CVE-2024-49867",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49867"
},
{
"name": "CVE-2023-51780",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51780"
},
{
"name": "CVE-2024-49985",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49985"
},
{
"name": "CVE-2024-50001",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50001"
},
{
"name": "CVE-2023-52881",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52881"
},
{
"name": "CVE-2024-49993",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49993"
},
{
"name": "CVE-2024-56728",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56728"
},
{
"name": "CVE-2024-43861",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43861"
},
{
"name": "CVE-2024-53241",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53241"
},
{
"name": "CVE-2023-52838",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52838"
},
{
"name": "CVE-2024-47710",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47710"
},
{
"name": "CVE-2024-46771",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46771"
},
{
"name": "CVE-2024-50083",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50083"
},
{
"name": "CVE-2023-52774",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52774"
},
{
"name": "CVE-2024-56531",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56531"
},
{
"name": "CVE-2024-49892",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49892"
},
{
"name": "CVE-2024-49930",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49930"
},
{
"name": "CVE-2024-53148",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53148"
},
{
"name": "CVE-2024-47698",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47698"
},
{
"name": "CVE-2023-52879",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52879"
},
{
"name": "CVE-2024-56681",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56681"
},
{
"name": "CVE-2024-26602",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26602"
},
{
"name": "CVE-2023-52799",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52799"
},
{
"name": "CVE-2024-38619",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38619"
},
{
"name": "CVE-2024-50039",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50039"
},
{
"name": "CVE-2024-50251",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50251"
},
{
"name": "CVE-2024-56754",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56754"
},
{
"name": "CVE-2024-49973",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49973"
},
{
"name": "CVE-2024-53214",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53214"
},
{
"name": "CVE-2024-39476",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39476"
},
{
"name": "CVE-2024-46804",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46804"
},
{
"name": "CVE-2024-56619",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56619"
},
{
"name": "CVE-2024-47668",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47668"
},
{
"name": "CVE-2024-49883",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49883"
},
{
"name": "CVE-2024-53165",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53165"
},
{
"name": "CVE-2024-50236",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50236"
},
{
"name": "CVE-2024-46840",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46840"
},
{
"name": "CVE-2022-48828",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48828"
},
{
"name": "CVE-2024-56568",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56568"
},
{
"name": "CVE-2024-46763",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46763"
},
{
"name": "CVE-2024-41059",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41059"
},
{
"name": "CVE-2024-42094",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42094"
},
{
"name": "CVE-2024-53146",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53146"
},
{
"name": "CVE-2024-46759",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46759"
},
{
"name": "CVE-2024-27416",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27416"
},
{
"name": "CVE-2023-52598",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52598"
},
{
"name": "CVE-2024-46737",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46737"
},
{
"name": "CVE-2024-41040",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41040"
},
{
"name": "CVE-2023-6606",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6606"
},
{
"name": "CVE-2024-40987",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40987"
},
{
"name": "CVE-2024-56539",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56539"
},
{
"name": "CVE-2023-52806",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52806"
},
{
"name": "CVE-2024-56662",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56662"
},
{
"name": "CVE-2024-46814",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46814"
},
{
"name": "CVE-2024-56572",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56572"
},
{
"name": "CVE-2024-56570",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56570"
},
{
"name": "CVE-2024-26793",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26793"
},
{
"name": "CVE-2024-40945",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40945"
},
{
"name": "CVE-2024-46818",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46818"
},
{
"name": "CVE-2023-6932",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6932"
},
{
"name": "CVE-2024-50602",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50602"
},
{
"name": "CVE-2024-40941",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40941"
},
{
"name": "CVE-2022-48827",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48827"
},
{
"name": "CVE-2023-52594",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52594"
},
{
"name": "CVE-2024-53198",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53198"
},
{
"name": "CVE-2024-44965",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44965"
},
{
"name": "CVE-2024-49860",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49860"
},
{
"name": "CVE-2024-45003",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45003"
},
{
"name": "CVE-2024-41055",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41055"
},
{
"name": "CVE-2023-52595",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52595"
},
{
"name": "CVE-2025-47809",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47809"
},
{
"name": "CVE-2024-50234",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50234"
},
{
"name": "CVE-2024-56720",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56720"
},
{
"name": "CVE-2024-26752",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26752"
},
{
"name": "CVE-2024-41015",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41015"
},
{
"name": "CVE-2024-53155",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53155"
},
{
"name": "CVE-2024-40984",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40984"
},
{
"name": "CVE-2024-42224",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42224"
},
{
"name": "CVE-2024-50194",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50194"
},
{
"name": "CVE-2024-46832",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46832"
},
{
"name": "CVE-2023-52871",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52871"
},
{
"name": "CVE-2024-49895",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49895"
},
{
"name": "CVE-2024-56785",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56785"
},
{
"name": "CVE-2023-52623",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52623"
},
{
"name": "CVE-2024-26736",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26736"
},
{
"name": "CVE-2024-56587",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56587"
},
{
"name": "CVE-2024-45021",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45021"
},
{
"name": "CVE-2023-52655",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52655"
},
{
"name": "CVE-2024-49882",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49882"
},
{
"name": "CVE-2024-47659",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47659"
},
{
"name": "CVE-2024-42161",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42161"
},
{
"name": "CVE-2023-52813",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52813"
},
{
"name": "CVE-2024-56741",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56741"
},
{
"name": "CVE-2023-52504",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52504"
},
{
"name": "CVE-2024-39506",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39506"
},
{
"name": "CVE-2024-40990",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40990"
},
{
"name": "CVE-2024-40978",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40978"
},
{
"name": "CVE-2024-53104",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53104"
},
{
"name": "CVE-2023-52615",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52615"
},
{
"name": "CVE-2024-40968",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40968"
},
{
"name": "CVE-2024-45025",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45025"
},
{
"name": "CVE-2024-27414",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27414"
},
{
"name": "CVE-2024-56748",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56748"
},
{
"name": "CVE-2024-41035",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41035"
},
{
"name": "CVE-2024-56648",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56648"
},
{
"name": "CVE-2024-26777",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26777"
},
{
"name": "CVE-2024-41049",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41049"
},
{
"name": "CVE-2024-26764",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26764"
},
{
"name": "CVE-2024-42143",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42143"
},
{
"name": "CVE-2021-47316",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47316"
},
{
"name": "CVE-2024-56558",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56558"
},
{
"name": "CVE-2024-41065",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41065"
},
{
"name": "CVE-2024-43879",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43879"
},
{
"name": "CVE-2024-46761",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46761"
},
{
"name": "CVE-2023-52606",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52606"
},
{
"name": "CVE-2024-50301",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50301"
},
{
"name": "CVE-2024-26778",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26778"
},
{
"name": "CVE-2024-37078",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37078"
},
{
"name": "CVE-2024-49975",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49975"
},
{
"name": "CVE-2024-53240",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53240"
},
{
"name": "CVE-2024-50179",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50179"
},
{
"name": "CVE-2024-53101",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53101"
},
{
"name": "CVE-2024-47696",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47696"
},
{
"name": "CVE-2023-52840",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52840"
},
{
"name": "CVE-2024-53156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53156"
},
{
"name": "CVE-2023-52502",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52502"
},
{
"name": "CVE-2024-41091",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41091"
},
{
"name": "CVE-2024-42105",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42105"
},
{
"name": "CVE-2024-50015",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50015"
},
{
"name": "CVE-2023-52597",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52597"
},
{
"name": "CVE-2024-41044",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41044"
},
{
"name": "CVE-2024-40958",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40958"
},
{
"name": "CVE-2023-52581",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52581"
},
{
"name": "CVE-2024-45008",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45008"
},
{
"name": "CVE-2024-50188",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50188"
},
{
"name": "CVE-2024-56533",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56533"
},
{
"name": "CVE-2024-40981",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40981"
},
{
"name": "CVE-2023-52917",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52917"
},
{
"name": "CVE-2024-56598",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56598"
},
{
"name": "CVE-2024-1086",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1086"
},
{
"name": "CVE-2024-53060",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53060"
},
{
"name": "CVE-2023-52875",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52875"
},
{
"name": "CVE-2024-44990",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44990"
},
{
"name": "CVE-2024-44987",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44987"
},
{
"name": "CVE-2024-56781",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56781"
},
{
"name": "CVE-2024-41046",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41046"
},
{
"name": "CVE-2024-50089",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50089"
},
{
"name": "CVE-2024-56630",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56630"
},
{
"name": "CVE-2024-42152",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42152"
},
{
"name": "CVE-2024-49982",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49982"
},
{
"name": "CVE-2023-52835",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52835"
},
{
"name": "CVE-2024-53059",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53059"
},
{
"name": "CVE-2024-50299",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50299"
},
{
"name": "CVE-2024-50218",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50218"
},
{
"name": "CVE-2024-42148",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42148"
},
{
"name": "CVE-2024-39482",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39482"
},
{
"name": "CVE-2024-39499",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39499"
},
{
"name": "CVE-2024-56633",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56633"
},
{
"name": "CVE-2024-56593",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56593"
},
{
"name": "CVE-2024-56605",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56605"
},
{
"name": "CVE-2024-53680",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53680"
},
{
"name": "CVE-2024-26835",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26835"
},
{
"name": "CVE-2024-26791",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26791"
},
{
"name": "CVE-2023-52843",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52843"
},
{
"name": "CVE-2024-50279",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50279"
},
{
"name": "CVE-2024-41064",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41064"
},
{
"name": "CVE-2024-36894",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36894"
},
{
"name": "CVE-2024-56698",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56698"
},
{
"name": "CVE-2024-47742",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47742"
},
{
"name": "CVE-2024-47709",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47709"
},
{
"name": "CVE-2024-41020",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41020"
},
{
"name": "CVE-2024-26772",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26772"
},
{
"name": "CVE-2024-46782",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46782"
},
{
"name": "CVE-2024-56780",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56780"
},
{
"name": "CVE-2024-47706",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47706"
},
{
"name": "CVE-2024-27405",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27405"
},
{
"name": "CVE-2024-46702",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46702"
},
{
"name": "CVE-2023-5717",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5717"
},
{
"name": "CVE-2024-47747",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47747"
},
{
"name": "CVE-2024-40942",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40942"
},
{
"name": "CVE-2024-26766",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26766"
},
{
"name": "CVE-2023-5678",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5678"
},
{
"name": "CVE-2024-26664",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26664"
},
{
"name": "CVE-2024-46719",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46719"
},
{
"name": "CVE-2024-49877",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49877"
},
{
"name": "CVE-2023-52791",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52791"
},
{
"name": "CVE-2024-44949",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44949"
},
{
"name": "CVE-2023-6121",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6121"
},
{
"name": "CVE-2023-52607",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52607"
},
{
"name": "CVE-2024-56650",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56650"
},
{
"name": "CVE-2024-44989",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44989"
},
{
"name": "CVE-2024-26788",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26788"
},
{
"name": "CVE-2023-52817",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52817"
},
{
"name": "CVE-2024-27410",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27410"
},
{
"name": "CVE-2024-26684",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26684"
},
{
"name": "CVE-2024-53237",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53237"
},
{
"name": "CVE-2023-6931",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6931"
},
{
"name": "CVE-2024-56576",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56576"
},
{
"name": "CVE-2024-42145",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42145"
},
{
"name": "CVE-2024-40961",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40961"
},
{
"name": "CVE-2024-53227",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53227"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0677",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-08-12T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Siemens. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
"vendor_advisories": [
{
"published_at": "2025-08-12",
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-707630",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-707630.html"
},
{
"published_at": "2025-08-12",
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-331739",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-331739.html"
},
{
"published_at": "2025-08-12",
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-693808",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-693808.html"
},
{
"published_at": "2025-08-12",
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-613116",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-613116.html"
},
{
"published_at": "2025-08-12",
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-493396",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-493396.html"
},
{
"published_at": "2025-08-11",
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-400089",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-400089.html"
},
{
"published_at": "2025-08-12",
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-493787",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-493787.html"
},
{
"published_at": "2025-08-12",
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-894058",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-894058.html"
},
{
"published_at": "2025-08-12",
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-355557",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-355557.html"
},
{
"published_at": "2025-08-12",
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-529291",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-529291.html"
},
{
"published_at": "2025-08-12",
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-282044",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-282044.html"
}
]
}
CERTFR-2024-AVI-1078
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans le noyau Linux de Red Hat. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Red Hat | Red Hat CodeReady Linux Builder | Red Hat CodeReady Linux Builder for ARM 64 8 aarch64 | ||
| Red Hat | Red Hat CodeReady Linux Builder | Red Hat CodeReady Linux Builder for ARM 64 9 aarch64 | ||
| Red Hat | Red Hat CodeReady Linux Builder | Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 8.8 aarch64 | ||
| Red Hat | Red Hat CodeReady Linux Builder | Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 9.2 aarch64 | ||
| Red Hat | Red Hat CodeReady Linux Builder | Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 9.4 aarch64 | ||
| Red Hat | Red Hat CodeReady Linux Builder | Red Hat CodeReady Linux Builder for IBM z Systems 9 s390x | ||
| Red Hat | Red Hat CodeReady Linux Builder | Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 9.2 s390x | ||
| Red Hat | Red Hat CodeReady Linux Builder | Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 9.4 s390x | ||
| Red Hat | Red Hat CodeReady Linux Builder | Red Hat CodeReady Linux Builder for Power, little endian 8 ppc64le | ||
| Red Hat | Red Hat CodeReady Linux Builder | Red Hat CodeReady Linux Builder for Power, little endian 9 ppc64le | ||
| Red Hat | Red Hat CodeReady Linux Builder | Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 8.8 ppc64le | ||
| Red Hat | Red Hat CodeReady Linux Builder | Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 9.2 ppc64le | ||
| Red Hat | Red Hat CodeReady Linux Builder | Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 9.4 ppc64le | ||
| Red Hat | Red Hat CodeReady Linux Builder | Red Hat CodeReady Linux Builder for x86_64 8 x86_64 | ||
| Red Hat | Red Hat CodeReady Linux Builder | Red Hat CodeReady Linux Builder for x86_64 9 x86_64 | ||
| Red Hat | Red Hat CodeReady Linux Builder | Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 8.8 x86_64 | ||
| Red Hat | Red Hat CodeReady Linux Builder | Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 9.2 x86_64 | ||
| Red Hat | Red Hat CodeReady Linux Builder | Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 9.4 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.2 aarch64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.4 aarch64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for ARM 64 8 aarch64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for ARM 64 9 aarch64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.8 aarch64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.2 aarch64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.4 aarch64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.2 s390x | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.4 s390x | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for IBM z Systems 8 s390x | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for IBM z Systems 9 s390x | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.8 s390x | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.2 s390x | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.4 s390x | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for Power, little endian 8 ppc64le | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for Power, little endian 9 ppc64le | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.8 ppc64le | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.2 ppc64le | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.4 ppc64le | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for Real Time 8 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for Real Time 9 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for Real Time for NFV 8 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for Real Time for NFV 9 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for Real Time for NFV for x86_64 - 4 years of updates 9.2 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for Real Time for NFV for x86_64 - 4 years of updates 9.4 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for Real Time for x86_64 - 4 years of updates 9.2 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for Real Time for x86_64 - 4 years of updates 9.4 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for x86_64 8 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for x86_64 9 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.8 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.2 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.8 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.2 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.4 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux Server | Red Hat Enterprise Linux Server - AUS 9.2 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux Server | Red Hat Enterprise Linux Server - AUS 9.4 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux Server | Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.8 ppc64le | ||
| Red Hat | Red Hat Enterprise Linux Server | Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.2 ppc64le | ||
| Red Hat | Red Hat Enterprise Linux Server | Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.4 ppc64le | ||
| Red Hat | Red Hat Enterprise Linux Server | Red Hat Enterprise Linux Server - TUS 8.8 x86_64 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Red Hat CodeReady Linux Builder for ARM 64 8 aarch64",
"product": {
"name": "Red Hat CodeReady Linux Builder",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat CodeReady Linux Builder for ARM 64 9 aarch64",
"product": {
"name": "Red Hat CodeReady Linux Builder",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 8.8 aarch64",
"product": {
"name": "Red Hat CodeReady Linux Builder",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 9.2 aarch64",
"product": {
"name": "Red Hat CodeReady Linux Builder",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 9.4 aarch64",
"product": {
"name": "Red Hat CodeReady Linux Builder",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat CodeReady Linux Builder for IBM z Systems 9 s390x",
"product": {
"name": "Red Hat CodeReady Linux Builder",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 9.2 s390x",
"product": {
"name": "Red Hat CodeReady Linux Builder",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 9.4 s390x",
"product": {
"name": "Red Hat CodeReady Linux Builder",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat CodeReady Linux Builder for Power, little endian 8 ppc64le",
"product": {
"name": "Red Hat CodeReady Linux Builder",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat CodeReady Linux Builder for Power, little endian 9 ppc64le",
"product": {
"name": "Red Hat CodeReady Linux Builder",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 8.8 ppc64le",
"product": {
"name": "Red Hat CodeReady Linux Builder",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 9.2 ppc64le",
"product": {
"name": "Red Hat CodeReady Linux Builder",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 9.4 ppc64le",
"product": {
"name": "Red Hat CodeReady Linux Builder",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat CodeReady Linux Builder for x86_64 8 x86_64",
"product": {
"name": "Red Hat CodeReady Linux Builder",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat CodeReady Linux Builder for x86_64 9 x86_64",
"product": {
"name": "Red Hat CodeReady Linux Builder",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 8.8 x86_64",
"product": {
"name": "Red Hat CodeReady Linux Builder",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 9.2 x86_64",
"product": {
"name": "Red Hat CodeReady Linux Builder",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 9.4 x86_64",
"product": {
"name": "Red Hat CodeReady Linux Builder",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.2 aarch64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.4 aarch64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for ARM 64 8 aarch64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for ARM 64 9 aarch64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.8 aarch64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.2 aarch64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.4 aarch64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.2 s390x",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.4 s390x",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for IBM z Systems 8 s390x",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for IBM z Systems 9 s390x",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.8 s390x",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.2 s390x",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.4 s390x",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for Power, little endian 8 ppc64le",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for Power, little endian 9 ppc64le",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.8 ppc64le",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.2 ppc64le",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.4 ppc64le",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for Real Time 8 x86_64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for Real Time 9 x86_64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for Real Time for NFV 8 x86_64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for Real Time for NFV 9 x86_64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for Real Time for NFV for x86_64 - 4 years of updates 9.2 x86_64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for Real Time for NFV for x86_64 - 4 years of updates 9.4 x86_64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for Real Time for x86_64 - 4 years of updates 9.2 x86_64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for Real Time for x86_64 - 4 years of updates 9.4 x86_64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for x86_64 8 x86_64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for x86_64 9 x86_64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.8 x86_64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.2 x86_64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4 x86_64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.8 x86_64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.2 x86_64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.4 x86_64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux Server - AUS 9.2 x86_64",
"product": {
"name": "Red Hat Enterprise Linux Server",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux Server - AUS 9.4 x86_64",
"product": {
"name": "Red Hat Enterprise Linux Server",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.8 ppc64le",
"product": {
"name": "Red Hat Enterprise Linux Server",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.2 ppc64le",
"product": {
"name": "Red Hat Enterprise Linux Server",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.4 ppc64le",
"product": {
"name": "Red Hat Enterprise Linux Server",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux Server - TUS 8.8 x86_64",
"product": {
"name": "Red Hat Enterprise Linux Server",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-50142",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50142"
},
{
"name": "CVE-2024-50262",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50262"
},
{
"name": "CVE-2024-26830",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26830"
},
{
"name": "CVE-2024-27062",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27062"
},
{
"name": "CVE-2023-51779",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51779"
},
{
"name": "CVE-2024-50192",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50192"
},
{
"name": "CVE-2024-45018",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45018"
},
{
"name": "CVE-2024-26615",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26615"
},
{
"name": "CVE-2024-42124",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42124"
},
{
"name": "CVE-2024-50082",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50082"
},
{
"name": "CVE-2024-43854",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43854"
},
{
"name": "CVE-2024-50264",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50264"
},
{
"name": "CVE-2024-47675",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47675"
},
{
"name": "CVE-2024-49888",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49888"
},
{
"name": "CVE-2024-46695",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46695"
},
{
"name": "CVE-2024-49949",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49949"
},
{
"name": "CVE-2024-50099",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50099"
},
{
"name": "CVE-2024-50256",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50256"
},
{
"name": "CVE-2024-50251",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50251"
},
{
"name": "CVE-2024-38564",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38564"
},
{
"name": "CVE-2024-41049",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41049"
},
{
"name": "CVE-2024-41064",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41064"
},
{
"name": "CVE-2024-50110",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50110"
},
{
"name": "CVE-2024-44994",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44994"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-1078",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-12-13T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de Red Hat. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de Red Hat",
"vendor_advisories": [
{
"published_at": "2024-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2024:10939",
"url": "https://access.redhat.com/errata/RHSA-2024:10939"
},
{
"published_at": "2024-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2024:10945",
"url": "https://access.redhat.com/errata/RHSA-2024:10945"
},
{
"published_at": "2024-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2024:10942",
"url": "https://access.redhat.com/errata/RHSA-2024:10942"
},
{
"published_at": "2024-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2024:10943",
"url": "https://access.redhat.com/errata/RHSA-2024:10943"
},
{
"published_at": "2024-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2024:10944",
"url": "https://access.redhat.com/errata/RHSA-2024:10944"
},
{
"published_at": "2024-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2024:10946",
"url": "https://access.redhat.com/errata/RHSA-2024:10946"
},
{
"published_at": "2024-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2024:10941",
"url": "https://access.redhat.com/errata/RHSA-2024:10941"
}
]
}
CERTFR-2025-AVI-0184
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans le noyau Linux de Debian LTS. Elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à la confidentialité des données et un déni de service.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Debian LTS bullseye versions ant\u00e9rieures \u00e0 6.1.128-1~deb11u1",
"product": {
"name": "Debian",
"vendor": {
"name": "Debian",
"scada": false
}
}
},
{
"description": "Debian LTS bullseye versions ant\u00e9rieures \u00e0 5.10.234-1",
"product": {
"name": "Debian",
"vendor": {
"name": "Debian",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-26595",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26595"
},
{
"name": "CVE-2023-52530",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52530"
},
{
"name": "CVE-2024-27072",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27072"
},
{
"name": "CVE-2021-47469",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47469"
},
{
"name": "CVE-2024-26921",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26921"
},
{
"name": "CVE-2024-35870",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35870"
},
{
"name": "CVE-2024-35965",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35965"
},
{
"name": "CVE-2024-35966",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35966"
},
{
"name": "CVE-2024-35956",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35956"
},
{
"name": "CVE-2024-36479",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36479"
},
{
"name": "CVE-2024-36899",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36899"
},
{
"name": "CVE-2024-37021",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37021"
},
{
"name": "CVE-2024-38544",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38544"
},
{
"name": "CVE-2024-38591",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38591"
},
{
"name": "CVE-2024-27017",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27017"
},
{
"name": "CVE-2024-40953",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40953"
},
{
"name": "CVE-2024-38588",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38588"
},
{
"name": "CVE-2024-38538",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38538"
},
{
"name": "CVE-2024-41014",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41014"
},
{
"name": "CVE-2024-39497",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39497"
},
{
"name": "CVE-2024-41016",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41016"
},
{
"name": "CVE-2024-41060",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41060"
},
{
"name": "CVE-2024-41080",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41080"
},
{
"name": "CVE-2024-42315",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42315"
},
{
"name": "CVE-2024-42319",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42319"
},
{
"name": "CVE-2024-44931",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44931"
},
{
"name": "CVE-2024-44940",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44940"
},
{
"name": "CVE-2024-46849",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46849"
},
{
"name": "CVE-2024-46853",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46853"
},
{
"name": "CVE-2024-46854",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46854"
},
{
"name": "CVE-2024-46858",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46858"
},
{
"name": "CVE-2024-46865",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46865"
},
{
"name": "CVE-2023-52916",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52916"
},
{
"name": "CVE-2024-42252",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42252"
},
{
"name": "CVE-2024-44950",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44950"
},
{
"name": "CVE-2024-46695",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46695"
},
{
"name": "CVE-2023-52917",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52917"
},
{
"name": "CVE-2024-46809",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46809"
},
{
"name": "CVE-2024-46841",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46841"
},
{
"name": "CVE-2024-47670",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47670"
},
{
"name": "CVE-2024-47671",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47671"
},
{
"name": "CVE-2024-47672",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47672"
},
{
"name": "CVE-2024-47674",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47674"
},
{
"name": "CVE-2024-47684",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47684"
},
{
"name": "CVE-2024-47685",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47685"
},
{
"name": "CVE-2024-47692",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47692"
},
{
"name": "CVE-2024-47696",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47696"
},
{
"name": "CVE-2024-47697",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47697"
},
{
"name": "CVE-2024-47698",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47698"
},
{
"name": "CVE-2024-47699",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47699"
},
{
"name": "CVE-2024-47705",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47705"
},
{
"name": "CVE-2024-47706",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47706"
},
{
"name": "CVE-2024-47707",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47707"
},
{
"name": "CVE-2024-47709",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47709"
},
{
"name": "CVE-2024-47710",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47710"
},
{
"name": "CVE-2024-47712",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47712"
},
{
"name": "CVE-2024-47713",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47713"
},
{
"name": "CVE-2024-47718",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47718"
},
{
"name": "CVE-2024-47723",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47723"
},
{
"name": "CVE-2024-47735",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47735"
},
{
"name": "CVE-2024-47737",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47737"
},
{
"name": "CVE-2024-47739",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47739"
},
{
"name": "CVE-2024-47742",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47742"
},
{
"name": "CVE-2024-47745",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47745"
},
{
"name": "CVE-2024-47748",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47748"
},
{
"name": "CVE-2024-47749",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47749"
},
{
"name": "CVE-2024-47756",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47756"
},
{
"name": "CVE-2024-47757",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47757"
},
{
"name": "CVE-2024-49851",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49851"
},
{
"name": "CVE-2024-49858",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49858"
},
{
"name": "CVE-2024-49860",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49860"
},
{
"name": "CVE-2024-49861",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49861"
},
{
"name": "CVE-2024-49863",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49863"
},
{
"name": "CVE-2024-49867",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49867"
},
{
"name": "CVE-2024-49875",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49875"
},
{
"name": "CVE-2024-49877",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49877"
},
{
"name": "CVE-2024-49878",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49878"
},
{
"name": "CVE-2024-49879",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49879"
},
{
"name": "CVE-2024-49881",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49881"
},
{
"name": "CVE-2024-49882",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49882"
},
{
"name": "CVE-2024-49883",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49883"
},
{
"name": "CVE-2024-49890",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49890"
},
{
"name": "CVE-2024-49891",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49891"
},
{
"name": "CVE-2024-49892",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49892"
},
{
"name": "CVE-2024-49894",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49894"
},
{
"name": "CVE-2024-49895",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49895"
},
{
"name": "CVE-2024-49896",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49896"
},
{
"name": "CVE-2024-49897",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49897"
},
{
"name": "CVE-2024-49898",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49898"
},
{
"name": "CVE-2024-49899",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49899"
},
{
"name": "CVE-2024-49900",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49900"
},
{
"name": "CVE-2024-49902",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49902"
},
{
"name": "CVE-2024-49903",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49903"
},
{
"name": "CVE-2024-49907",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49907"
},
{
"name": "CVE-2024-49909",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49909"
},
{
"name": "CVE-2024-49911",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49911"
},
{
"name": "CVE-2024-49913",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49913"
},
{
"name": "CVE-2024-49917",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49917"
},
{
"name": "CVE-2024-49929",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49929"
},
{
"name": "CVE-2024-49930",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49930"
},
{
"name": "CVE-2024-49933",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49933"
},
{
"name": "CVE-2024-49936",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49936"
},
{
"name": "CVE-2024-49938",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49938"
},
{
"name": "CVE-2024-49939",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49939"
},
{
"name": "CVE-2024-49949",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49949"
},
{
"name": "CVE-2024-49955",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49955"
},
{
"name": "CVE-2024-49957",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49957"
},
{
"name": "CVE-2024-49958",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49958"
},
{
"name": "CVE-2024-49959",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49959"
},
{
"name": "CVE-2024-49962",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49962"
},
{
"name": "CVE-2024-49963",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49963"
},
{
"name": "CVE-2024-49965",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49965"
},
{
"name": "CVE-2024-49966",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49966"
},
{
"name": "CVE-2024-49969",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49969"
},
{
"name": "CVE-2024-49973",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49973"
},
{
"name": "CVE-2024-49974",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49974"
},
{
"name": "CVE-2024-49975",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49975"
},
{
"name": "CVE-2024-49981",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49981"
},
{
"name": "CVE-2024-49982",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49982"
},
{
"name": "CVE-2024-49985",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49985"
},
{
"name": "CVE-2024-49995",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49995"
},
{
"name": "CVE-2024-49996",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49996"
},
{
"name": "CVE-2024-50001",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50001"
},
{
"name": "CVE-2024-50006",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50006"
},
{
"name": "CVE-2024-50007",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50007"
},
{
"name": "CVE-2024-50008",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50008"
},
{
"name": "CVE-2024-50013",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50013"
},
{
"name": "CVE-2024-50014",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50014"
},
{
"name": "CVE-2024-50015",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50015"
},
{
"name": "CVE-2024-50024",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50024"
},
{
"name": "CVE-2024-50033",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50033"
},
{
"name": "CVE-2024-50035",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50035"
},
{
"name": "CVE-2024-50040",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50040"
},
{
"name": "CVE-2024-50044",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50044"
},
{
"name": "CVE-2024-50045",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50045"
},
{
"name": "CVE-2024-50046",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50046"
},
{
"name": "CVE-2024-50047",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50047"
},
{
"name": "CVE-2024-50049",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50049"
},
{
"name": "CVE-2024-50055",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50055"
},
{
"name": "CVE-2024-50058",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50058"
},
{
"name": "CVE-2024-50059",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50059"
},
{
"name": "CVE-2024-50074",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50074"
},
{
"name": "CVE-2024-50036",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50036"
},
{
"name": "CVE-2024-50072",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50072"
},
{
"name": "CVE-2024-50218",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50218"
},
{
"name": "CVE-2024-50229",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50229"
},
{
"name": "CVE-2024-50230",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50230"
},
{
"name": "CVE-2024-50233",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50233"
},
{
"name": "CVE-2024-50234",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50234"
},
{
"name": "CVE-2024-50236",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50236"
},
{
"name": "CVE-2024-50237",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50237"
},
{
"name": "CVE-2024-50251",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50251"
},
{
"name": "CVE-2024-50262",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50262"
},
{
"name": "CVE-2024-50264",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50264"
},
{
"name": "CVE-2024-50265",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50265"
},
{
"name": "CVE-2024-50267",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50267"
},
{
"name": "CVE-2024-50268",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50268"
},
{
"name": "CVE-2024-50269",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50269"
},
{
"name": "CVE-2024-50273",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50273"
},
{
"name": "CVE-2024-50278",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50278"
},
{
"name": "CVE-2024-50279",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50279"
},
{
"name": "CVE-2024-50282",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50282"
},
{
"name": "CVE-2024-50287",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50287"
},
{
"name": "CVE-2024-50290",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50290"
},
{
"name": "CVE-2024-50292",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50292"
},
{
"name": "CVE-2024-50295",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50295"
},
{
"name": "CVE-2024-50296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50296"
},
{
"name": "CVE-2024-50299",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50299"
},
{
"name": "CVE-2024-50301",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50301"
},
{
"name": "CVE-2024-50302",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50302"
},
{
"name": "CVE-2024-53042",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53042"
},
{
"name": "CVE-2024-53052",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53052"
},
{
"name": "CVE-2024-53057",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53057"
},
{
"name": "CVE-2024-53059",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53059"
},
{
"name": "CVE-2024-53060",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53060"
},
{
"name": "CVE-2024-53061",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53061"
},
{
"name": "CVE-2024-53063",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53063"
},
{
"name": "CVE-2024-53066",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53066"
},
{
"name": "CVE-2024-49925",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49925"
},
{
"name": "CVE-2024-50208",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50208"
},
{
"name": "CVE-2024-50082",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50082"
},
{
"name": "CVE-2024-50099",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50099"
},
{
"name": "CVE-2024-50142",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50142"
},
{
"name": "CVE-2024-50192",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50192"
},
{
"name": "CVE-2024-53241",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53241"
},
{
"name": "CVE-2024-53240",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53240"
},
{
"name": "CVE-2024-47679",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47679"
},
{
"name": "CVE-2024-47701",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47701"
},
{
"name": "CVE-2024-47740",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47740"
},
{
"name": "CVE-2024-49868",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49868"
},
{
"name": "CVE-2024-49884",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49884"
},
{
"name": "CVE-2024-49889",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49889"
},
{
"name": "CVE-2024-49915",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49915"
},
{
"name": "CVE-2024-49944",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49944"
},
{
"name": "CVE-2024-49948",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49948"
},
{
"name": "CVE-2024-49952",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49952"
},
{
"name": "CVE-2024-49977",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49977"
},
{
"name": "CVE-2024-49983",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49983"
},
{
"name": "CVE-2024-50039",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50039"
},
{
"name": "CVE-2024-50095",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50095"
},
{
"name": "CVE-2024-50096",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50096"
},
{
"name": "CVE-2024-50179",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50179"
},
{
"name": "CVE-2024-50180",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50180"
},
{
"name": "CVE-2024-50181",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50181"
},
{
"name": "CVE-2024-50184",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50184"
},
{
"name": "CVE-2024-50188",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50188"
},
{
"name": "CVE-2024-27407",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27407"
},
{
"name": "CVE-2024-49934",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49934"
},
{
"name": "CVE-2024-50103",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50103"
},
{
"name": "CVE-2024-50115",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50115"
},
{
"name": "CVE-2024-50116",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50116"
},
{
"name": "CVE-2024-50117",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50117"
},
{
"name": "CVE-2024-50121",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50121"
},
{
"name": "CVE-2024-50127",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50127"
},
{
"name": "CVE-2024-50131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50131"
},
{
"name": "CVE-2024-50134",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50134"
},
{
"name": "CVE-2024-50146",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50146"
},
{
"name": "CVE-2024-50148",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50148"
},
{
"name": "CVE-2024-50150",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50150"
},
{
"name": "CVE-2024-50153",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50153"
},
{
"name": "CVE-2024-50167",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50167"
},
{
"name": "CVE-2024-50171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50171"
},
{
"name": "CVE-2024-50194",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50194"
},
{
"name": "CVE-2024-50195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50195"
},
{
"name": "CVE-2024-50198",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50198"
},
{
"name": "CVE-2024-50201",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50201"
},
{
"name": "CVE-2024-50205",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50205"
},
{
"name": "CVE-2024-50209",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50209"
},
{
"name": "CVE-2024-50210",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50210"
},
{
"name": "CVE-2024-50248",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50248"
},
{
"name": "CVE-2024-50275",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50275"
},
{
"name": "CVE-2024-53096",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53096"
},
{
"name": "CVE-2024-53101",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53101"
},
{
"name": "CVE-2024-53104",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53104"
},
{
"name": "CVE-2024-53112",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53112"
},
{
"name": "CVE-2024-53121",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53121"
},
{
"name": "CVE-2024-53138",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53138"
},
{
"name": "CVE-2024-53142",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53142"
},
{
"name": "CVE-2024-50010",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50010"
},
{
"name": "CVE-2024-50083",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50083"
},
{
"name": "CVE-2024-50151",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50151"
},
{
"name": "CVE-2024-50185",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50185"
},
{
"name": "CVE-2024-50193",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50193"
},
{
"name": "CVE-2024-50199",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50199"
},
{
"name": "CVE-2024-50202",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50202"
},
{
"name": "CVE-2024-53097",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53097"
},
{
"name": "CVE-2024-53103",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53103"
},
{
"name": "CVE-2024-53119",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53119"
},
{
"name": "CVE-2024-53127",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53127"
},
{
"name": "CVE-2024-53130",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53130"
},
{
"name": "CVE-2024-53131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53131"
},
{
"name": "CVE-2024-53135",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53135"
},
{
"name": "CVE-2024-53136",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53136"
},
{
"name": "CVE-2024-53140",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53140"
},
{
"name": "CVE-2024-53099",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53099"
},
{
"name": "CVE-2024-53105",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53105"
},
{
"name": "CVE-2024-53125",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53125"
},
{
"name": "CVE-2024-53141",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53141"
},
{
"name": "CVE-2024-53146",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53146"
},
{
"name": "CVE-2024-53148",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53148"
},
{
"name": "CVE-2024-53150",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53150"
},
{
"name": "CVE-2024-53151",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53151"
},
{
"name": "CVE-2024-53154",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53154"
},
{
"name": "CVE-2024-53155",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53155"
},
{
"name": "CVE-2024-53156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53156"
},
{
"name": "CVE-2024-53157",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53157"
},
{
"name": "CVE-2024-53158",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53158"
},
{
"name": "CVE-2024-53161",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53161"
},
{
"name": "CVE-2024-53171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53171"
},
{
"name": "CVE-2024-53173",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53173"
},
{
"name": "CVE-2024-53174",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53174"
},
{
"name": "CVE-2024-53180",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53180"
},
{
"name": "CVE-2024-53190",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53190"
},
{
"name": "CVE-2024-53206",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53206"
},
{
"name": "CVE-2024-53207",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53207"
},
{
"name": "CVE-2024-53208",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53208"
},
{
"name": "CVE-2024-53210",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53210"
},
{
"name": "CVE-2024-53213",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53213"
},
{
"name": "CVE-2024-53214",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53214"
},
{
"name": "CVE-2024-53215",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53215"
},
{
"name": "CVE-2024-53217",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53217"
},
{
"name": "CVE-2024-53229",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53229"
},
{
"name": "CVE-2024-53234",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53234"
},
{
"name": "CVE-2024-53237",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53237"
},
{
"name": "CVE-2024-56539",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56539"
},
{
"name": "CVE-2024-56551",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56551"
},
{
"name": "CVE-2024-56562",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56562"
},
{
"name": "CVE-2024-56567",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56567"
},
{
"name": "CVE-2024-56576",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56576"
},
{
"name": "CVE-2024-56582",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56582"
},
{
"name": "CVE-2024-56599",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56599"
},
{
"name": "CVE-2024-56604",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56604"
},
{
"name": "CVE-2024-56605",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56605"
},
{
"name": "CVE-2024-56645",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56645"
},
{
"name": "CVE-2024-56754",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56754"
},
{
"name": "CVE-2024-56755",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56755"
},
{
"name": "CVE-2024-56756",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56756"
},
{
"name": "CVE-2024-53239",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53239"
},
{
"name": "CVE-2024-56548",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56548"
},
{
"name": "CVE-2024-56570",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56570"
},
{
"name": "CVE-2024-56575",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56575"
},
{
"name": "CVE-2024-56598",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56598"
},
{
"name": "CVE-2024-56619",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56619"
},
{
"name": "CVE-2024-56631",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56631"
},
{
"name": "CVE-2024-56704",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56704"
},
{
"name": "CVE-2024-36476",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36476"
},
{
"name": "CVE-2024-39282",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39282"
},
{
"name": "CVE-2024-45828",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45828"
},
{
"name": "CVE-2024-46896",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46896"
},
{
"name": "CVE-2024-47143",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47143"
},
{
"name": "CVE-2024-48881",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48881"
},
{
"name": "CVE-2024-49951",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49951"
},
{
"name": "CVE-2024-50051",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50051"
},
{
"name": "CVE-2024-52332",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52332"
},
{
"name": "CVE-2024-53170",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53170"
},
{
"name": "CVE-2024-53172",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53172"
},
{
"name": "CVE-2024-53175",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53175"
},
{
"name": "CVE-2024-53194",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53194"
},
{
"name": "CVE-2024-53196",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53196"
},
{
"name": "CVE-2024-53197",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53197"
},
{
"name": "CVE-2024-53198",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53198"
},
{
"name": "CVE-2024-53227",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53227"
},
{
"name": "CVE-2024-53230",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53230"
},
{
"name": "CVE-2024-53231",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53231"
},
{
"name": "CVE-2024-53233",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53233"
},
{
"name": "CVE-2024-53685",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53685"
},
{
"name": "CVE-2024-53690",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53690"
},
{
"name": "CVE-2024-55881",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55881"
},
{
"name": "CVE-2024-55916",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55916"
},
{
"name": "CVE-2024-56369",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56369"
},
{
"name": "CVE-2024-56531",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56531"
},
{
"name": "CVE-2024-56532",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56532"
},
{
"name": "CVE-2024-56533",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56533"
},
{
"name": "CVE-2024-56546",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56546"
},
{
"name": "CVE-2024-56557",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56557"
},
{
"name": "CVE-2024-56558",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56558"
},
{
"name": "CVE-2024-56568",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56568"
},
{
"name": "CVE-2024-56569",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56569"
},
{
"name": "CVE-2024-56572",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56572"
},
{
"name": "CVE-2024-56574",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56574"
},
{
"name": "CVE-2024-53164",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53164"
},
{
"name": "CVE-2024-56578",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56578"
},
{
"name": "CVE-2024-56584",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56584"
},
{
"name": "CVE-2024-56587",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56587"
},
{
"name": "CVE-2024-56589",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56589"
},
{
"name": "CVE-2024-56590",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56590"
},
{
"name": "CVE-2024-56593",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56593"
},
{
"name": "CVE-2024-56594",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56594"
},
{
"name": "CVE-2024-56595",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56595"
},
{
"name": "CVE-2024-56596",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56596"
},
{
"name": "CVE-2024-56597",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56597"
},
{
"name": "CVE-2024-56602",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56602"
},
{
"name": "CVE-2024-56603",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56603"
},
{
"name": "CVE-2024-56606",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56606"
},
{
"name": "CVE-2024-56614",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56614"
},
{
"name": "CVE-2024-56615",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56615"
},
{
"name": "CVE-2024-56616",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56616"
},
{
"name": "CVE-2024-56622",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56622"
},
{
"name": "CVE-2024-56623",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56623"
},
{
"name": "CVE-2024-56625",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56625"
},
{
"name": "CVE-2024-56629",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56629"
},
{
"name": "CVE-2024-56630",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56630"
},
{
"name": "CVE-2024-56634",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56634"
},
{
"name": "CVE-2024-56636",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56636"
},
{
"name": "CVE-2024-56637",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56637"
},
{
"name": "CVE-2024-56642",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56642"
},
{
"name": "CVE-2024-56643",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56643"
},
{
"name": "CVE-2024-56644",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56644"
},
{
"name": "CVE-2024-56648",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56648"
},
{
"name": "CVE-2024-56651",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56651"
},
{
"name": "CVE-2024-56659",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56659"
},
{
"name": "CVE-2024-56660",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56660"
},
{
"name": "CVE-2024-56661",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56661"
},
{
"name": "CVE-2024-56662",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56662"
},
{
"name": "CVE-2024-56663",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56663"
},
{
"name": "CVE-2024-56664",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56664"
},
{
"name": "CVE-2024-56670",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56670"
},
{
"name": "CVE-2024-56672",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56672"
},
{
"name": "CVE-2024-56675",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56675"
},
{
"name": "CVE-2024-56677",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56677"
},
{
"name": "CVE-2024-56678",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56678"
},
{
"name": "CVE-2024-56681",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56681"
},
{
"name": "CVE-2024-56683",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56683"
},
{
"name": "CVE-2024-56687",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56687"
},
{
"name": "CVE-2024-56688",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56688"
},
{
"name": "CVE-2024-56690",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56690"
},
{
"name": "CVE-2024-56691",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56691"
},
{
"name": "CVE-2024-56694",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56694"
},
{
"name": "CVE-2024-56698",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56698"
},
{
"name": "CVE-2024-56700",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56700"
},
{
"name": "CVE-2024-56701",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56701"
},
{
"name": "CVE-2024-56705",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56705"
},
{
"name": "CVE-2024-56708",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56708"
},
{
"name": "CVE-2024-56709",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56709"
},
{
"name": "CVE-2024-56716",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56716"
},
{
"name": "CVE-2024-56722",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56722"
},
{
"name": "CVE-2024-56723",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56723"
},
{
"name": "CVE-2024-56724",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56724"
},
{
"name": "CVE-2024-56739",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56739"
},
{
"name": "CVE-2024-56741",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56741"
},
{
"name": "CVE-2024-56745",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56745"
},
{
"name": "CVE-2024-56746",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56746"
},
{
"name": "CVE-2024-56747",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56747"
},
{
"name": "CVE-2024-56748",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56748"
},
{
"name": "CVE-2024-56759",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56759"
},
{
"name": "CVE-2024-56765",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56765"
},
{
"name": "CVE-2024-56766",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56766"
},
{
"name": "CVE-2024-56767",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56767"
},
{
"name": "CVE-2024-56769",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56769"
},
{
"name": "CVE-2024-56774",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56774"
},
{
"name": "CVE-2024-56776",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56776"
},
{
"name": "CVE-2024-56777",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56777"
},
{
"name": "CVE-2024-56778",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56778"
},
{
"name": "CVE-2024-56779",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56779"
},
{
"name": "CVE-2024-56780",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56780"
},
{
"name": "CVE-2024-56787",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56787"
},
{
"name": "CVE-2024-57791",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57791"
},
{
"name": "CVE-2024-57792",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57792"
},
{
"name": "CVE-2024-57798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57798"
},
{
"name": "CVE-2024-57838",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57838"
},
{
"name": "CVE-2024-57849",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57849"
},
{
"name": "CVE-2024-57850",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57850"
},
{
"name": "CVE-2024-57874",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57874"
},
{
"name": "CVE-2024-57876",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57876"
},
{
"name": "CVE-2024-57887",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57887"
},
{
"name": "CVE-2024-57890",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57890"
},
{
"name": "CVE-2024-57892",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57892"
},
{
"name": "CVE-2024-57893",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57893"
},
{
"name": "CVE-2024-57896",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57896"
},
{
"name": "CVE-2024-57897",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57897"
},
{
"name": "CVE-2024-57903",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57903"
},
{
"name": "CVE-2024-57904",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57904"
},
{
"name": "CVE-2024-57906",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57906"
},
{
"name": "CVE-2024-57907",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57907"
},
{
"name": "CVE-2024-57908",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57908"
},
{
"name": "CVE-2024-57910",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57910"
},
{
"name": "CVE-2024-57911",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57911"
},
{
"name": "CVE-2024-57912",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57912"
},
{
"name": "CVE-2024-57913",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57913"
},
{
"name": "CVE-2024-57916",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57916"
},
{
"name": "CVE-2024-57922",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57922"
},
{
"name": "CVE-2024-57929",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57929"
},
{
"name": "CVE-2024-57940",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57940"
},
{
"name": "CVE-2025-21646",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21646"
},
{
"name": "CVE-2025-21662",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21662"
},
{
"name": "CVE-2024-50258",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50258"
},
{
"name": "CVE-2024-50304",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50304"
},
{
"name": "CVE-2024-56600",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56600"
},
{
"name": "CVE-2024-56601",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56601"
},
{
"name": "CVE-2024-56608",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56608"
},
{
"name": "CVE-2024-56610",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56610"
},
{
"name": "CVE-2024-56650",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56650"
},
{
"name": "CVE-2024-56658",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56658"
},
{
"name": "CVE-2024-56665",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56665"
},
{
"name": "CVE-2024-56679",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56679"
},
{
"name": "CVE-2024-56693",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56693"
},
{
"name": "CVE-2024-56707",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56707"
},
{
"name": "CVE-2024-56715",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56715"
},
{
"name": "CVE-2024-56725",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56725"
},
{
"name": "CVE-2024-56726",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56726"
},
{
"name": "CVE-2024-56727",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56727"
},
{
"name": "CVE-2024-56728",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56728"
},
{
"name": "CVE-2024-56763",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56763"
},
{
"name": "CVE-2024-57802",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57802"
},
{
"name": "CVE-2024-57882",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57882"
},
{
"name": "CVE-2024-57884",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57884"
},
{
"name": "CVE-2024-57917",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57917"
},
{
"name": "CVE-2024-57931",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57931"
},
{
"name": "CVE-2024-57938",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57938"
},
{
"name": "CVE-2024-57946",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57946"
},
{
"name": "CVE-2025-21653",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21653"
},
{
"name": "CVE-2025-21655",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21655"
},
{
"name": "CVE-2025-21664",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21664"
},
{
"name": "CVE-2025-21666",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21666"
},
{
"name": "CVE-2025-21669",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21669"
},
{
"name": "CVE-2025-21675",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21675"
},
{
"name": "CVE-2025-21678",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21678"
},
{
"name": "CVE-2024-49994",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49994"
},
{
"name": "CVE-2024-50164",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50164"
},
{
"name": "CVE-2024-53124",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53124"
},
{
"name": "CVE-2024-53128",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53128"
},
{
"name": "CVE-2024-56703",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56703"
},
{
"name": "CVE-2024-57925",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57925"
},
{
"name": "CVE-2024-57939",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57939"
},
{
"name": "CVE-2024-57948",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57948"
},
{
"name": "CVE-2025-21631",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21631"
},
{
"name": "CVE-2025-21636",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21636"
},
{
"name": "CVE-2025-21637",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21637"
},
{
"name": "CVE-2025-21638",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21638"
},
{
"name": "CVE-2025-21639",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21639"
},
{
"name": "CVE-2025-21640",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21640"
},
{
"name": "CVE-2025-21647",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21647"
},
{
"name": "CVE-2025-21648",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21648"
},
{
"name": "CVE-2025-21660",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21660"
},
{
"name": "CVE-2025-21665",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21665"
},
{
"name": "CVE-2025-21667",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21667"
},
{
"name": "CVE-2025-21668",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21668"
},
{
"name": "CVE-2025-21671",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21671"
},
{
"name": "CVE-2025-21680",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21680"
},
{
"name": "CVE-2025-21681",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21681"
},
{
"name": "CVE-2025-21683",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21683"
},
{
"name": "CVE-2024-56633",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56633"
},
{
"name": "CVE-2022-49034",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49034"
},
{
"name": "CVE-2024-53145",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53145"
},
{
"name": "CVE-2024-53165",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53165"
},
{
"name": "CVE-2024-53181",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53181"
},
{
"name": "CVE-2024-53183",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53183"
},
{
"name": "CVE-2024-53184",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53184"
},
{
"name": "CVE-2024-53220",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53220"
},
{
"name": "CVE-2024-53226",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53226"
},
{
"name": "CVE-2024-56720",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56720"
},
{
"name": "CVE-2024-56751",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56751"
},
{
"name": "CVE-2024-56579",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56579"
},
{
"name": "CVE-2024-57889",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57889"
},
{
"name": "CVE-2025-21687",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21687"
},
{
"name": "CVE-2025-21688",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21688"
},
{
"name": "CVE-2025-21689",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21689"
},
{
"name": "CVE-2025-21690",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21690"
},
{
"name": "CVE-2025-21692",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21692"
},
{
"name": "CVE-2025-21697",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21697"
},
{
"name": "CVE-2025-21699",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21699"
},
{
"name": "CVE-2023-52926",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52926"
},
{
"name": "CVE-2024-43098",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43098"
},
{
"name": "CVE-2024-47408",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47408"
},
{
"name": "CVE-2024-49571",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49571"
},
{
"name": "CVE-2024-53680",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53680"
},
{
"name": "CVE-2024-54031",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54031"
},
{
"name": "CVE-2024-56581",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56581"
},
{
"name": "CVE-2024-56585",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56585"
},
{
"name": "CVE-2024-56586",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56586"
},
{
"name": "CVE-2024-56626",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56626"
},
{
"name": "CVE-2024-56627",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56627"
},
{
"name": "CVE-2024-56628",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56628"
},
{
"name": "CVE-2024-56640",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56640"
},
{
"name": "CVE-2024-56717",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56717"
},
{
"name": "CVE-2024-56718",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56718"
},
{
"name": "CVE-2024-56770",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56770"
},
{
"name": "CVE-2024-56781",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56781"
},
{
"name": "CVE-2024-56783",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56783"
},
{
"name": "CVE-2024-56785",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56785"
},
{
"name": "CVE-2024-57807",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57807"
},
{
"name": "CVE-2024-57841",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57841"
},
{
"name": "CVE-2024-57894",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57894"
},
{
"name": "CVE-2024-57900",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57900"
},
{
"name": "CVE-2024-57901",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57901"
},
{
"name": "CVE-2024-57902",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57902"
},
{
"name": "CVE-2024-57930",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57930"
},
{
"name": "CVE-2024-57949",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57949"
},
{
"name": "CVE-2024-57951",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57951"
},
{
"name": "CVE-2025-21629",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21629"
},
{
"name": "CVE-2025-21694",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21694"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0184",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-03-07T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de Debian LTS. Elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un d\u00e9ni de service.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de Debian LTS",
"vendor_advisories": [
{
"published_at": "2025-03-01",
"title": "Bulletin de s\u00e9curit\u00e9 Debian LTS DLA-4075-1",
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
},
{
"published_at": "2025-03-01",
"title": "Bulletin de s\u00e9curit\u00e9 Debian LTS DLA-4076-1",
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
}
]
}
CERTFR-2024-AVI-1031
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans le noyau Linux de Debian. Elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à la confidentialité des données et un déni de service.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Debian bookworm versions ant\u00e9rieures \u00e0 6.1.119-1",
"product": {
"name": "N/A",
"vendor": {
"name": "Debian",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-53061",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53061"
},
{
"name": "CVE-2024-53052",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53052"
},
{
"name": "CVE-2024-53042",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53042"
},
{
"name": "CVE-2024-50262",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50262"
},
{
"name": "CVE-2024-50268",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50268"
},
{
"name": "CVE-2024-50243",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50243"
},
{
"name": "CVE-2024-53054",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53054"
},
{
"name": "CVE-2024-53055",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53055"
},
{
"name": "CVE-2024-43868",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43868"
},
{
"name": "CVE-2024-49950",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49950"
},
{
"name": "CVE-2024-50286",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50286"
},
{
"name": "CVE-2024-50302",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50302"
},
{
"name": "CVE-2024-50267",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50267"
},
{
"name": "CVE-2024-50228",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50228"
},
{
"name": "CVE-2024-50269",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50269"
},
{
"name": "CVE-2024-53057",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53057"
},
{
"name": "CVE-2024-50257",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50257"
},
{
"name": "CVE-2024-53066",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53066"
},
{
"name": "CVE-2024-50295",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50295"
},
{
"name": "CVE-2024-53063",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53063"
},
{
"name": "CVE-2024-50249",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50249"
},
{
"name": "CVE-2024-49974",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49974"
},
{
"name": "CVE-2024-50233",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50233"
},
{
"name": "CVE-2024-49960",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49960"
},
{
"name": "CVE-2024-50292",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50292"
},
{
"name": "CVE-2024-50012",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50012"
},
{
"name": "CVE-2024-50244",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50244"
},
{
"name": "CVE-2024-50072",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50072"
},
{
"name": "CVE-2024-50283",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50283"
},
{
"name": "CVE-2024-50247",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50247"
},
{
"name": "CVE-2024-50296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50296"
},
{
"name": "CVE-2024-50284",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50284"
},
{
"name": "CVE-2024-36915",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36915"
},
{
"name": "CVE-2024-50237",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50237"
},
{
"name": "CVE-2024-50264",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50264"
},
{
"name": "CVE-2024-50230",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50230"
},
{
"name": "CVE-2024-50276",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50276"
},
{
"name": "CVE-2024-53058",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53058"
},
{
"name": "CVE-2024-50272",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50272"
},
{
"name": "CVE-2024-50261",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50261"
},
{
"name": "CVE-2024-53088",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53088"
},
{
"name": "CVE-2024-49986",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49986"
},
{
"name": "CVE-2024-50290",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50290"
},
{
"name": "CVE-2024-50242",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50242"
},
{
"name": "CVE-2024-50265",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50265"
},
{
"name": "CVE-2024-53082",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53082"
},
{
"name": "CVE-2024-50282",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50282"
},
{
"name": "CVE-2024-50273",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50273"
},
{
"name": "CVE-2024-35964",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35964"
},
{
"name": "CVE-2024-50280",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50280"
},
{
"name": "CVE-2024-53081",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53081"
},
{
"name": "CVE-2024-50259",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50259"
},
{
"name": "CVE-2024-50215",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50215"
},
{
"name": "CVE-2024-50235",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50235"
},
{
"name": "CVE-2024-26952",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26952"
},
{
"name": "CVE-2024-50287",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50287"
},
{
"name": "CVE-2022-45888",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45888"
},
{
"name": "CVE-2024-36244",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36244"
},
{
"name": "CVE-2024-50278",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50278"
},
{
"name": "CVE-2024-53072",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53072"
},
{
"name": "CVE-2024-38553",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38553"
},
{
"name": "CVE-2024-53043",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53043"
},
{
"name": "CVE-2024-50036",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50036"
},
{
"name": "CVE-2024-50256",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50256"
},
{
"name": "CVE-2024-50232",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50232"
},
{
"name": "CVE-2024-50252",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50252"
},
{
"name": "CVE-2024-50251",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50251"
},
{
"name": "CVE-2024-36923",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36923"
},
{
"name": "CVE-2024-41080",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41080"
},
{
"name": "CVE-2024-50236",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50236"
},
{
"name": "CVE-2024-42322",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42322"
},
{
"name": "CVE-2024-36478",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36478"
},
{
"name": "CVE-2024-50271",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50271"
},
{
"name": "CVE-2024-53070",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53070"
},
{
"name": "CVE-2024-50234",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50234"
},
{
"name": "CVE-2024-38540",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38540"
},
{
"name": "CVE-2024-50229",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50229"
},
{
"name": "CVE-2024-36914",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36914"
},
{
"name": "CVE-2024-50301",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50301"
},
{
"name": "CVE-2024-49991",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49991"
},
{
"name": "CVE-2024-43904",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43904"
},
{
"name": "CVE-2024-50126",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50126"
},
{
"name": "CVE-2024-50067",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50067"
},
{
"name": "CVE-2024-53060",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53060"
},
{
"name": "CVE-2024-50250",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50250"
},
{
"name": "CVE-2024-26954",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26954"
},
{
"name": "CVE-2024-43911",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43911"
},
{
"name": "CVE-2024-53059",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53059"
},
{
"name": "CVE-2024-50299",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50299"
},
{
"name": "CVE-2024-50218",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50218"
},
{
"name": "CVE-2024-50279",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50279"
},
{
"name": "CVE-2024-50245",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50245"
},
{
"name": "CVE-2024-44949",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44949"
},
{
"name": "CVE-2023-52812",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52812"
},
{
"name": "CVE-2024-50255",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50255"
},
{
"name": "CVE-2024-53093",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53093"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-1031",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-11-29T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de Debian. Elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un d\u00e9ni de service.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de Debian",
"vendor_advisories": [
{
"published_at": "2024-11-24",
"title": "Bulletin de s\u00e9curit\u00e9 Debian DSA-5818-1",
"url": "https://lists.debian.org/debian-security-announce/2024/msg00233.html"
}
]
}
CERTFR-2025-AVI-0366
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans le noyau Linux d'Ubuntu. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Ubuntu 24.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 20.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-26928",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26928"
},
{
"name": "CVE-2024-35864",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35864"
},
{
"name": "CVE-2024-36899",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36899"
},
{
"name": "CVE-2024-26837",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26837"
},
{
"name": "CVE-2024-41014",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41014"
},
{
"name": "CVE-2024-41016",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41016"
},
{
"name": "CVE-2024-42122",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42122"
},
{
"name": "CVE-2024-42315",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42315"
},
{
"name": "CVE-2024-43900",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43900"
},
{
"name": "CVE-2024-44938",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44938"
},
{
"name": "CVE-2024-46784",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46784"
},
{
"name": "CVE-2024-46826",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46826"
},
{
"name": "CVE-2024-46809",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46809"
},
{
"name": "CVE-2024-46841",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46841"
},
{
"name": "CVE-2024-46871",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46871"
},
{
"name": "CVE-2024-47670",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47670"
},
{
"name": "CVE-2024-47671",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47671"
},
{
"name": "CVE-2024-47672",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47672"
},
{
"name": "CVE-2024-47673",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47673"
},
{
"name": "CVE-2024-47684",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47684"
},
{
"name": "CVE-2024-47685",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47685"
},
{
"name": "CVE-2024-47692",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47692"
},
{
"name": "CVE-2024-47693",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47693"
},
{
"name": "CVE-2024-47695",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47695"
},
{
"name": "CVE-2024-47696",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47696"
},
{
"name": "CVE-2024-47697",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47697"
},
{
"name": "CVE-2024-47698",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47698"
},
{
"name": "CVE-2024-47699",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47699"
},
{
"name": "CVE-2024-47704",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47704"
},
{
"name": "CVE-2024-47705",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47705"
},
{
"name": "CVE-2024-47706",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47706"
},
{
"name": "CVE-2024-47707",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47707"
},
{
"name": "CVE-2024-47709",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47709"
},
{
"name": "CVE-2024-47710",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47710"
},
{
"name": "CVE-2024-47712",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47712"
},
{
"name": "CVE-2024-47713",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47713"
},
{
"name": "CVE-2024-47718",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47718"
},
{
"name": "CVE-2024-47720",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47720"
},
{
"name": "CVE-2024-47723",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47723"
},
{
"name": "CVE-2024-47728",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47728"
},
{
"name": "CVE-2024-47730",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47730"
},
{
"name": "CVE-2024-47735",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47735"
},
{
"name": "CVE-2024-47737",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47737"
},
{
"name": "CVE-2024-47738",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47738"
},
{
"name": "CVE-2024-47739",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47739"
},
{
"name": "CVE-2024-47742",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47742"
},
{
"name": "CVE-2024-47745",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47745"
},
{
"name": "CVE-2024-47747",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47747"
},
{
"name": "CVE-2024-47748",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47748"
},
{
"name": "CVE-2024-47749",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47749"
},
{
"name": "CVE-2024-47756",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47756"
},
{
"name": "CVE-2024-47757",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47757"
},
{
"name": "CVE-2024-49851",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49851"
},
{
"name": "CVE-2024-49852",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49852"
},
{
"name": "CVE-2024-49855",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49855"
},
{
"name": "CVE-2024-49858",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49858"
},
{
"name": "CVE-2024-49860",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49860"
},
{
"name": "CVE-2024-49861",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49861"
},
{
"name": "CVE-2024-49863",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49863"
},
{
"name": "CVE-2024-49866",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49866"
},
{
"name": "CVE-2024-49867",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49867"
},
{
"name": "CVE-2024-49870",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49870"
},
{
"name": "CVE-2024-49871",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49871"
},
{
"name": "CVE-2024-49875",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49875"
},
{
"name": "CVE-2024-49877",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49877"
},
{
"name": "CVE-2024-49878",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49878"
},
{
"name": "CVE-2024-49879",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49879"
},
{
"name": "CVE-2024-49881",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49881"
},
{
"name": "CVE-2024-49882",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49882"
},
{
"name": "CVE-2024-49883",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49883"
},
{
"name": "CVE-2024-49886",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49886"
},
{
"name": "CVE-2024-49888",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49888"
},
{
"name": "CVE-2024-49890",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49890"
},
{
"name": "CVE-2024-49891",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49891"
},
{
"name": "CVE-2024-49892",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49892"
},
{
"name": "CVE-2024-49894",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49894"
},
{
"name": "CVE-2024-49895",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49895"
},
{
"name": "CVE-2024-49896",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49896"
},
{
"name": "CVE-2024-49898",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49898"
},
{
"name": "CVE-2024-49899",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49899"
},
{
"name": "CVE-2024-49900",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49900"
},
{
"name": "CVE-2024-49901",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49901"
},
{
"name": "CVE-2024-49902",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49902"
},
{
"name": "CVE-2024-49903",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49903"
},
{
"name": "CVE-2024-49906",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49906"
},
{
"name": "CVE-2024-49907",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49907"
},
{
"name": "CVE-2024-49909",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49909"
},
{
"name": "CVE-2024-49911",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49911"
},
{
"name": "CVE-2024-49912",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49912"
},
{
"name": "CVE-2024-49913",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49913"
},
{
"name": "CVE-2024-49914",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49914"
},
{
"name": "CVE-2024-49917",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49917"
},
{
"name": "CVE-2024-49918",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49918"
},
{
"name": "CVE-2024-49919",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49919"
},
{
"name": "CVE-2024-49920",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49920"
},
{
"name": "CVE-2024-49922",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49922"
},
{
"name": "CVE-2024-49923",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49923"
},
{
"name": "CVE-2024-49928",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49928"
},
{
"name": "CVE-2024-49929",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49929"
},
{
"name": "CVE-2024-49930",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49930"
},
{
"name": "CVE-2024-49931",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49931"
},
{
"name": "CVE-2024-49933",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49933"
},
{
"name": "CVE-2024-49935",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49935"
},
{
"name": "CVE-2024-49936",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49936"
},
{
"name": "CVE-2024-49937",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49937"
},
{
"name": "CVE-2024-49938",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49938"
},
{
"name": "CVE-2024-49939",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49939"
},
{
"name": "CVE-2024-49946",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49946"
},
{
"name": "CVE-2024-49949",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49949"
},
{
"name": "CVE-2024-49950",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49950"
},
{
"name": "CVE-2024-49954",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49954"
},
{
"name": "CVE-2024-49955",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49955"
},
{
"name": "CVE-2024-49957",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49957"
},
{
"name": "CVE-2024-49958",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49958"
},
{
"name": "CVE-2024-49959",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49959"
},
{
"name": "CVE-2024-49960",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49960"
},
{
"name": "CVE-2024-49961",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49961"
},
{
"name": "CVE-2024-49962",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49962"
},
{
"name": "CVE-2024-49963",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49963"
},
{
"name": "CVE-2024-49965",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49965"
},
{
"name": "CVE-2024-49966",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49966"
},
{
"name": "CVE-2024-49969",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49969"
},
{
"name": "CVE-2024-49972",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49972"
},
{
"name": "CVE-2024-49973",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49973"
},
{
"name": "CVE-2024-49974",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49974"
},
{
"name": "CVE-2024-49975",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49975"
},
{
"name": "CVE-2024-49981",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49981"
},
{
"name": "CVE-2024-49982",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49982"
},
{
"name": "CVE-2024-49985",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49985"
},
{
"name": "CVE-2024-49991",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49991"
},
{
"name": "CVE-2024-49996",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49996"
},
{
"name": "CVE-2024-50000",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50000"
},
{
"name": "CVE-2024-50001",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50001"
},
{
"name": "CVE-2024-50002",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50002"
},
{
"name": "CVE-2024-50006",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50006"
},
{
"name": "CVE-2024-50007",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50007"
},
{
"name": "CVE-2024-50008",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50008"
},
{
"name": "CVE-2024-50013",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50013"
},
{
"name": "CVE-2024-50014",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50014"
},
{
"name": "CVE-2024-50015",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50015"
},
{
"name": "CVE-2024-50017",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50017"
},
{
"name": "CVE-2024-50019",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50019"
},
{
"name": "CVE-2024-50020",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50020"
},
{
"name": "CVE-2024-50021",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50021"
},
{
"name": "CVE-2024-50022",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50022"
},
{
"name": "CVE-2024-50023",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50023"
},
{
"name": "CVE-2024-50024",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50024"
},
{
"name": "CVE-2024-50025",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50025"
},
{
"name": "CVE-2024-50027",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50027"
},
{
"name": "CVE-2024-50028",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50028"
},
{
"name": "CVE-2024-50031",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50031"
},
{
"name": "CVE-2024-50033",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50033"
},
{
"name": "CVE-2024-50035",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50035"
},
{
"name": "CVE-2024-50040",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50040"
},
{
"name": "CVE-2024-50041",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50041"
},
{
"name": "CVE-2024-50042",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50042"
},
{
"name": "CVE-2024-50044",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50044"
},
{
"name": "CVE-2024-50045",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50045"
},
{
"name": "CVE-2024-50046",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50046"
},
{
"name": "CVE-2024-50047",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50047"
},
{
"name": "CVE-2024-50048",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50048"
},
{
"name": "CVE-2024-50049",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50049"
},
{
"name": "CVE-2024-50055",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50055"
},
{
"name": "CVE-2024-50058",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50058"
},
{
"name": "CVE-2024-50059",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50059"
},
{
"name": "CVE-2024-50060",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50060"
},
{
"name": "CVE-2024-50061",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50061"
},
{
"name": "CVE-2024-50062",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50062"
},
{
"name": "CVE-2024-50063",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50063"
},
{
"name": "CVE-2024-50064",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50064"
},
{
"name": "CVE-2024-50069",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50069"
},
{
"name": "CVE-2024-50073",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50073"
},
{
"name": "CVE-2024-50074",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50074"
},
{
"name": "CVE-2024-50075",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50075"
},
{
"name": "CVE-2024-50076",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50076"
},
{
"name": "CVE-2024-50077",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50077"
},
{
"name": "CVE-2024-50078",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50078"
},
{
"name": "CVE-2024-50080",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50080"
},
{
"name": "CVE-2024-50012",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50012"
},
{
"name": "CVE-2024-50036",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50036"
},
{
"name": "CVE-2024-50067",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50067"
},
{
"name": "CVE-2024-50072",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50072"
},
{
"name": "CVE-2024-50126",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50126"
},
{
"name": "CVE-2024-50215",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50215"
},
{
"name": "CVE-2024-50218",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50218"
},
{
"name": "CVE-2024-50229",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50229"
},
{
"name": "CVE-2024-50230",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50230"
},
{
"name": "CVE-2024-50232",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50232"
},
{
"name": "CVE-2024-50233",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50233"
},
{
"name": "CVE-2024-50234",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50234"
},
{
"name": "CVE-2024-50235",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50235"
},
{
"name": "CVE-2024-50236",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50236"
},
{
"name": "CVE-2024-50237",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50237"
},
{
"name": "CVE-2024-50242",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50242"
},
{
"name": "CVE-2024-50243",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50243"
},
{
"name": "CVE-2024-50244",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50244"
},
{
"name": "CVE-2024-50245",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50245"
},
{
"name": "CVE-2024-50247",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50247"
},
{
"name": "CVE-2024-50250",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50250"
},
{
"name": "CVE-2024-50251",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50251"
},
{
"name": "CVE-2024-50252",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50252"
},
{
"name": "CVE-2024-50255",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50255"
},
{
"name": "CVE-2024-50256",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50256"
},
{
"name": "CVE-2024-50257",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50257"
},
{
"name": "CVE-2024-50259",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50259"
},
{
"name": "CVE-2024-50261",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50261"
},
{
"name": "CVE-2024-50262",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50262"
},
{
"name": "CVE-2024-50265",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50265"
},
{
"name": "CVE-2024-50267",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50267"
},
{
"name": "CVE-2024-50268",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50268"
},
{
"name": "CVE-2024-50269",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50269"
},
{
"name": "CVE-2024-50271",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50271"
},
{
"name": "CVE-2024-50272",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50272"
},
{
"name": "CVE-2024-50273",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50273"
},
{
"name": "CVE-2024-50276",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50276"
},
{
"name": "CVE-2024-50278",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50278"
},
{
"name": "CVE-2024-50279",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50279"
},
{
"name": "CVE-2024-50280",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50280"
},
{
"name": "CVE-2024-50282",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50282"
},
{
"name": "CVE-2024-50283",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50283"
},
{
"name": "CVE-2024-50284",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50284"
},
{
"name": "CVE-2024-50286",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50286"
},
{
"name": "CVE-2024-50287",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50287"
},
{
"name": "CVE-2024-50290",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50290"
},
{
"name": "CVE-2024-50292",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50292"
},
{
"name": "CVE-2024-50295",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50295"
},
{
"name": "CVE-2024-50296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50296"
},
{
"name": "CVE-2024-50299",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50299"
},
{
"name": "CVE-2024-50301",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50301"
},
{
"name": "CVE-2024-50302",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50302"
},
{
"name": "CVE-2024-53042",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53042"
},
{
"name": "CVE-2024-53043",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53043"
},
{
"name": "CVE-2024-53052",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53052"
},
{
"name": "CVE-2024-53055",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53055"
},
{
"name": "CVE-2024-53058",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53058"
},
{
"name": "CVE-2024-53059",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53059"
},
{
"name": "CVE-2024-53061",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53061"
},
{
"name": "CVE-2024-53063",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53063"
},
{
"name": "CVE-2024-53066",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53066"
},
{
"name": "CVE-2024-53072",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53072"
},
{
"name": "CVE-2024-53081",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53081"
},
{
"name": "CVE-2024-53082",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53082"
},
{
"name": "CVE-2024-53088",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53088"
},
{
"name": "CVE-2024-53093",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53093"
},
{
"name": "CVE-2024-50226",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50226"
},
{
"name": "CVE-2024-49925",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49925"
},
{
"name": "CVE-2024-49945",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49945"
},
{
"name": "CVE-2024-50208",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50208"
},
{
"name": "CVE-2024-50082",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50082"
},
{
"name": "CVE-2024-50099",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50099"
},
{
"name": "CVE-2024-50110",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50110"
},
{
"name": "CVE-2024-50142",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50142"
},
{
"name": "CVE-2024-50192",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50192"
},
{
"name": "CVE-2024-47679",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47679"
},
{
"name": "CVE-2024-47690",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47690"
},
{
"name": "CVE-2024-47701",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47701"
},
{
"name": "CVE-2024-47734",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47734"
},
{
"name": "CVE-2024-47740",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47740"
},
{
"name": "CVE-2024-49856",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49856"
},
{
"name": "CVE-2024-49868",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49868"
},
{
"name": "CVE-2024-49884",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49884"
},
{
"name": "CVE-2024-49889",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49889"
},
{
"name": "CVE-2024-49893",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49893"
},
{
"name": "CVE-2024-49905",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49905"
},
{
"name": "CVE-2024-49915",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49915"
},
{
"name": "CVE-2024-49921",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49921"
},
{
"name": "CVE-2024-49924",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49924"
},
{
"name": "CVE-2024-49927",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49927"
},
{
"name": "CVE-2024-49944",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49944"
},
{
"name": "CVE-2024-49948",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49948"
},
{
"name": "CVE-2024-49952",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49952"
},
{
"name": "CVE-2024-49977",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49977"
},
{
"name": "CVE-2024-49983",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49983"
},
{
"name": "CVE-2024-49997",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49997"
},
{
"name": "CVE-2024-50038",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50038"
},
{
"name": "CVE-2024-50039",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50039"
},
{
"name": "CVE-2024-50093",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50093"
},
{
"name": "CVE-2024-50095",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50095"
},
{
"name": "CVE-2024-50096",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50096"
},
{
"name": "CVE-2024-50179",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50179"
},
{
"name": "CVE-2024-50180",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50180"
},
{
"name": "CVE-2024-50184",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50184"
},
{
"name": "CVE-2024-50186",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50186"
},
{
"name": "CVE-2024-50188",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50188"
},
{
"name": "CVE-2024-50189",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50189"
},
{
"name": "CVE-2024-50191",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50191"
},
{
"name": "CVE-2024-47703",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47703"
},
{
"name": "CVE-2024-49934",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49934"
},
{
"name": "CVE-2024-49968",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49968"
},
{
"name": "CVE-2024-49987",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49987"
},
{
"name": "CVE-2024-49989",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49989"
},
{
"name": "CVE-2024-50009",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50009"
},
{
"name": "CVE-2024-50026",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50026"
},
{
"name": "CVE-2024-50084",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50084"
},
{
"name": "CVE-2024-50087",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50087"
},
{
"name": "CVE-2024-50088",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50088"
},
{
"name": "CVE-2024-50098",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50098"
},
{
"name": "CVE-2024-50101",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50101"
},
{
"name": "CVE-2024-50103",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50103"
},
{
"name": "CVE-2024-50108",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50108"
},
{
"name": "CVE-2024-50115",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50115"
},
{
"name": "CVE-2024-50116",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50116"
},
{
"name": "CVE-2024-50117",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50117"
},
{
"name": "CVE-2024-50121",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50121"
},
{
"name": "CVE-2024-50124",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50124"
},
{
"name": "CVE-2024-50125",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50125"
},
{
"name": "CVE-2024-50127",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50127"
},
{
"name": "CVE-2024-50128",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50128"
},
{
"name": "CVE-2024-50130",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50130"
},
{
"name": "CVE-2024-50131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50131"
},
{
"name": "CVE-2024-50134",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50134"
},
{
"name": "CVE-2024-50135",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50135"
},
{
"name": "CVE-2024-50136",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50136"
},
{
"name": "CVE-2024-50138",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50138"
},
{
"name": "CVE-2024-50139",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50139"
},
{
"name": "CVE-2024-50141",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50141"
},
{
"name": "CVE-2024-50145",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50145"
},
{
"name": "CVE-2024-50146",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50146"
},
{
"name": "CVE-2024-50147",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50147"
},
{
"name": "CVE-2024-50148",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50148"
},
{
"name": "CVE-2024-50150",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50150"
},
{
"name": "CVE-2024-50153",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50153"
},
{
"name": "CVE-2024-50154",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50154"
},
{
"name": "CVE-2024-50155",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50155"
},
{
"name": "CVE-2024-50156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50156"
},
{
"name": "CVE-2024-50158",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50158"
},
{
"name": "CVE-2024-50159",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50159"
},
{
"name": "CVE-2024-50160",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50160"
},
{
"name": "CVE-2024-50166",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50166"
},
{
"name": "CVE-2024-50167",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50167"
},
{
"name": "CVE-2024-50169",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50169"
},
{
"name": "CVE-2024-50171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50171"
},
{
"name": "CVE-2024-50172",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50172"
},
{
"name": "CVE-2024-50182",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50182"
},
{
"name": "CVE-2024-50183",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50183"
},
{
"name": "CVE-2024-50187",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50187"
},
{
"name": "CVE-2024-50194",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50194"
},
{
"name": "CVE-2024-50195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50195"
},
{
"name": "CVE-2024-50196",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50196"
},
{
"name": "CVE-2024-50198",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50198"
},
{
"name": "CVE-2024-50200",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50200"
},
{
"name": "CVE-2024-50201",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50201"
},
{
"name": "CVE-2024-50205",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50205"
},
{
"name": "CVE-2024-50209",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50209"
},
{
"name": "CVE-2024-50216",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50216"
},
{
"name": "CVE-2024-50221",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50221"
},
{
"name": "CVE-2024-50224",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50224"
},
{
"name": "CVE-2024-50225",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50225"
},
{
"name": "CVE-2024-50231",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50231"
},
{
"name": "CVE-2024-50240",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50240"
},
{
"name": "CVE-2024-50246",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50246"
},
{
"name": "CVE-2024-50248",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50248"
},
{
"name": "CVE-2024-50274",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50274"
},
{
"name": "CVE-2024-50275",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50275"
},
{
"name": "CVE-2024-50289",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50289"
},
{
"name": "CVE-2024-50298",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50298"
},
{
"name": "CVE-2024-53045",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53045"
},
{
"name": "CVE-2024-53048",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53048"
},
{
"name": "CVE-2024-53051",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53051"
},
{
"name": "CVE-2024-53068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53068"
},
{
"name": "CVE-2024-53076",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53076"
},
{
"name": "CVE-2024-53079",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53079"
},
{
"name": "CVE-2024-53085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53085"
},
{
"name": "CVE-2024-53094",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53094"
},
{
"name": "CVE-2024-53095",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53095"
},
{
"name": "CVE-2024-53096",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53096"
},
{
"name": "CVE-2024-53100",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53100"
},
{
"name": "CVE-2024-53101",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53101"
},
{
"name": "CVE-2024-53104",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53104"
},
{
"name": "CVE-2024-53106",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53106"
},
{
"name": "CVE-2024-53108",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53108"
},
{
"name": "CVE-2024-53110",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53110"
},
{
"name": "CVE-2024-53112",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53112"
},
{
"name": "CVE-2024-53114",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53114"
},
{
"name": "CVE-2024-53121",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53121"
},
{
"name": "CVE-2024-53138",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53138"
},
{
"name": "CVE-2024-53142",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53142"
},
{
"name": "CVE-2024-47678",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47678"
},
{
"name": "CVE-2024-49859",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49859"
},
{
"name": "CVE-2024-49978",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49978"
},
{
"name": "CVE-2024-49992",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49992"
},
{
"name": "CVE-2024-50010",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50010"
},
{
"name": "CVE-2024-50083",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50083"
},
{
"name": "CVE-2024-50085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50085"
},
{
"name": "CVE-2024-50086",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50086"
},
{
"name": "CVE-2024-50133",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50133"
},
{
"name": "CVE-2024-50143",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50143"
},
{
"name": "CVE-2024-50151",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50151"
},
{
"name": "CVE-2024-50162",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50162"
},
{
"name": "CVE-2024-50163",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50163"
},
{
"name": "CVE-2024-50168",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50168"
},
{
"name": "CVE-2024-50185",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50185"
},
{
"name": "CVE-2024-50193",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50193"
},
{
"name": "CVE-2024-50199",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50199"
},
{
"name": "CVE-2024-50202",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50202"
},
{
"name": "CVE-2024-53103",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53103"
},
{
"name": "CVE-2024-53113",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53113"
},
{
"name": "CVE-2024-53119",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53119"
},
{
"name": "CVE-2024-53120",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53120"
},
{
"name": "CVE-2024-53122",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53122"
},
{
"name": "CVE-2024-53123",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53123"
},
{
"name": "CVE-2024-53127",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53127"
},
{
"name": "CVE-2024-53129",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53129"
},
{
"name": "CVE-2024-53130",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53130"
},
{
"name": "CVE-2024-53131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53131"
},
{
"name": "CVE-2024-53135",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53135"
},
{
"name": "CVE-2024-53136",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53136"
},
{
"name": "CVE-2024-53140",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53140"
},
{
"name": "CVE-2024-53144",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53144"
},
{
"name": "CVE-2024-8805",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8805"
},
{
"name": "CVE-2024-50016",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50016"
},
{
"name": "CVE-2024-50203",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50203"
},
{
"name": "CVE-2024-50211",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50211"
},
{
"name": "CVE-2024-53050",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53050"
},
{
"name": "CVE-2024-53090",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53090"
},
{
"name": "CVE-2024-53099",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53099"
},
{
"name": "CVE-2024-53105",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53105"
},
{
"name": "CVE-2024-53111",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53111"
},
{
"name": "CVE-2024-53117",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53117"
},
{
"name": "CVE-2024-53118",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53118"
},
{
"name": "CVE-2024-53125",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53125"
},
{
"name": "CVE-2024-53126",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53126"
},
{
"name": "CVE-2024-53133",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53133"
},
{
"name": "CVE-2024-53134",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53134"
},
{
"name": "CVE-2024-53141",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53141"
},
{
"name": "CVE-2024-53146",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53146"
},
{
"name": "CVE-2024-53148",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53148"
},
{
"name": "CVE-2024-53150",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53150"
},
{
"name": "CVE-2024-53151",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53151"
},
{
"name": "CVE-2024-53154",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53154"
},
{
"name": "CVE-2024-53155",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53155"
},
{
"name": "CVE-2024-53156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53156"
},
{
"name": "CVE-2024-53157",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53157"
},
{
"name": "CVE-2024-53158",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53158"
},
{
"name": "CVE-2024-53160",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53160"
},
{
"name": "CVE-2024-53161",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53161"
},
{
"name": "CVE-2024-53162",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53162"
},
{
"name": "CVE-2024-53166",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53166"
},
{
"name": "CVE-2024-53169",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53169"
},
{
"name": "CVE-2024-53171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53171"
},
{
"name": "CVE-2024-53173",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53173"
},
{
"name": "CVE-2024-53174",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53174"
},
{
"name": "CVE-2024-53180",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53180"
},
{
"name": "CVE-2024-53188",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53188"
},
{
"name": "CVE-2024-53190",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53190"
},
{
"name": "CVE-2024-53191",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53191"
},
{
"name": "CVE-2024-53200",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53200"
},
{
"name": "CVE-2024-53202",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53202"
},
{
"name": "CVE-2024-53206",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53206"
},
{
"name": "CVE-2024-53208",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53208"
},
{
"name": "CVE-2024-53209",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53209"
},
{
"name": "CVE-2024-53210",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53210"
},
{
"name": "CVE-2024-53213",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53213"
},
{
"name": "CVE-2024-53214",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53214"
},
{
"name": "CVE-2024-53215",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53215"
},
{
"name": "CVE-2024-53217",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53217"
},
{
"name": "CVE-2024-53222",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53222"
},
{
"name": "CVE-2024-53224",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53224"
},
{
"name": "CVE-2024-53229",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53229"
},
{
"name": "CVE-2024-53234",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53234"
},
{
"name": "CVE-2024-53237",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53237"
},
{
"name": "CVE-2024-56539",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56539"
},
{
"name": "CVE-2024-56549",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56549"
},
{
"name": "CVE-2024-56551",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56551"
},
{
"name": "CVE-2024-56562",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56562"
},
{
"name": "CVE-2024-56566",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56566"
},
{
"name": "CVE-2024-56567",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56567"
},
{
"name": "CVE-2024-56576",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56576"
},
{
"name": "CVE-2024-56582",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56582"
},
{
"name": "CVE-2024-56599",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56599"
},
{
"name": "CVE-2024-56604",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56604"
},
{
"name": "CVE-2024-56605",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56605"
},
{
"name": "CVE-2024-56645",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56645"
},
{
"name": "CVE-2024-56752",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56752"
},
{
"name": "CVE-2024-56754",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56754"
},
{
"name": "CVE-2024-56755",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56755"
},
{
"name": "CVE-2024-56756",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56756"
},
{
"name": "CVE-2024-53239",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53239"
},
{
"name": "CVE-2024-56548",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56548"
},
{
"name": "CVE-2024-56570",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56570"
},
{
"name": "CVE-2024-56575",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56575"
},
{
"name": "CVE-2024-56598",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56598"
},
{
"name": "CVE-2024-56619",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56619"
},
{
"name": "CVE-2024-56631",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56631"
},
{
"name": "CVE-2024-56704",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56704"
},
{
"name": "CVE-2024-36476",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36476"
},
{
"name": "CVE-2024-45828",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45828"
},
{
"name": "CVE-2024-47141",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47141"
},
{
"name": "CVE-2024-47143",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47143"
},
{
"name": "CVE-2024-47809",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47809"
},
{
"name": "CVE-2024-48873",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48873"
},
{
"name": "CVE-2024-48881",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48881"
},
{
"name": "CVE-2024-49569",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49569"
},
{
"name": "CVE-2024-49998",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49998"
},
{
"name": "CVE-2024-50051",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50051"
},
{
"name": "CVE-2024-52332",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52332"
},
{
"name": "CVE-2024-53091",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53091"
},
{
"name": "CVE-2024-53168",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53168"
},
{
"name": "CVE-2024-53170",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53170"
},
{
"name": "CVE-2024-53172",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53172"
},
{
"name": "CVE-2024-53175",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53175"
},
{
"name": "CVE-2024-53194",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53194"
},
{
"name": "CVE-2024-53195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53195"
},
{
"name": "CVE-2024-53196",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53196"
},
{
"name": "CVE-2024-53197",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53197"
},
{
"name": "CVE-2024-53198",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53198"
},
{
"name": "CVE-2024-53227",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53227"
},
{
"name": "CVE-2024-53230",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53230"
},
{
"name": "CVE-2024-53231",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53231"
},
{
"name": "CVE-2024-53232",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53232"
},
{
"name": "CVE-2024-53233",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53233"
},
{
"name": "CVE-2024-53236",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53236"
},
{
"name": "CVE-2024-53685",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53685"
},
{
"name": "CVE-2024-53690",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53690"
},
{
"name": "CVE-2024-55881",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55881"
},
{
"name": "CVE-2024-55916",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55916"
},
{
"name": "CVE-2024-56369",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56369"
},
{
"name": "CVE-2024-56531",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56531"
},
{
"name": "CVE-2024-56532",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56532"
},
{
"name": "CVE-2024-56533",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56533"
},
{
"name": "CVE-2024-56538",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56538"
},
{
"name": "CVE-2024-56543",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56543"
},
{
"name": "CVE-2024-56546",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56546"
},
{
"name": "CVE-2024-56557",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56557"
},
{
"name": "CVE-2024-56558",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56558"
},
{
"name": "CVE-2024-56568",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56568"
},
{
"name": "CVE-2024-56569",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56569"
},
{
"name": "CVE-2024-56572",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56572"
},
{
"name": "CVE-2024-56573",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56573"
},
{
"name": "CVE-2024-56574",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56574"
},
{
"name": "CVE-2024-53164",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53164"
},
{
"name": "CVE-2024-56577",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56577"
},
{
"name": "CVE-2024-56578",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56578"
},
{
"name": "CVE-2024-56584",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56584"
},
{
"name": "CVE-2024-56587",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56587"
},
{
"name": "CVE-2024-56588",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56588"
},
{
"name": "CVE-2024-56589",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56589"
},
{
"name": "CVE-2024-56590",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56590"
},
{
"name": "CVE-2024-56593",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56593"
},
{
"name": "CVE-2024-56594",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56594"
},
{
"name": "CVE-2024-56595",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56595"
},
{
"name": "CVE-2024-56596",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56596"
},
{
"name": "CVE-2024-56597",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56597"
},
{
"name": "CVE-2024-56602",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56602"
},
{
"name": "CVE-2024-56603",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56603"
},
{
"name": "CVE-2024-56606",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56606"
},
{
"name": "CVE-2024-56607",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56607"
},
{
"name": "CVE-2024-56609",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56609"
},
{
"name": "CVE-2024-56611",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56611"
},
{
"name": "CVE-2024-56614",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56614"
},
{
"name": "CVE-2024-56615",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56615"
},
{
"name": "CVE-2024-56616",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56616"
},
{
"name": "CVE-2024-56620",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56620"
},
{
"name": "CVE-2024-56622",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56622"
},
{
"name": "CVE-2024-56623",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56623"
},
{
"name": "CVE-2024-56625",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56625"
},
{
"name": "CVE-2024-56629",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56629"
},
{
"name": "CVE-2024-56630",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56630"
},
{
"name": "CVE-2024-56632",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56632"
},
{
"name": "CVE-2024-56634",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56634"
},
{
"name": "CVE-2024-56635",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56635"
},
{
"name": "CVE-2024-56636",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56636"
},
{
"name": "CVE-2024-56637",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56637"
},
{
"name": "CVE-2024-56641",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56641"
},
{
"name": "CVE-2024-56642",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56642"
},
{
"name": "CVE-2024-56643",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56643"
},
{
"name": "CVE-2024-56644",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56644"
},
{
"name": "CVE-2024-56648",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56648"
},
{
"name": "CVE-2024-56649",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56649"
},
{
"name": "CVE-2024-56651",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56651"
},
{
"name": "CVE-2024-56659",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56659"
},
{
"name": "CVE-2024-56662",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56662"
},
{
"name": "CVE-2024-56663",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56663"
},
{
"name": "CVE-2024-56670",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56670"
},
{
"name": "CVE-2024-56672",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56672"
},
{
"name": "CVE-2024-56677",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56677"
},
{
"name": "CVE-2024-56678",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56678"
},
{
"name": "CVE-2024-56681",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56681"
},
{
"name": "CVE-2024-56683",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56683"
},
{
"name": "CVE-2024-56687",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56687"
},
{
"name": "CVE-2024-56688",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56688"
},
{
"name": "CVE-2024-56690",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56690"
},
{
"name": "CVE-2024-56691",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56691"
},
{
"name": "CVE-2024-56694",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56694"
},
{
"name": "CVE-2024-56698",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56698"
},
{
"name": "CVE-2024-56700",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56700"
},
{
"name": "CVE-2024-56701",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56701"
},
{
"name": "CVE-2024-56705",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56705"
},
{
"name": "CVE-2024-56708",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56708"
},
{
"name": "CVE-2024-56716",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56716"
},
{
"name": "CVE-2024-56722",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56722"
},
{
"name": "CVE-2024-56723",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56723"
},
{
"name": "CVE-2024-56724",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56724"
},
{
"name": "CVE-2024-56729",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56729"
},
{
"name": "CVE-2024-56739",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56739"
},
{
"name": "CVE-2024-56745",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56745"
},
{
"name": "CVE-2024-56746",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56746"
},
{
"name": "CVE-2024-56747",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56747"
},
{
"name": "CVE-2024-56748",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56748"
},
{
"name": "CVE-2024-56759",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56759"
},
{
"name": "CVE-2024-56765",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56765"
},
{
"name": "CVE-2024-56767",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56767"
},
{
"name": "CVE-2024-56769",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56769"
},
{
"name": "CVE-2024-56774",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56774"
},
{
"name": "CVE-2024-56775",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56775"
},
{
"name": "CVE-2024-56776",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56776"
},
{
"name": "CVE-2024-56777",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56777"
},
{
"name": "CVE-2024-56778",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56778"
},
{
"name": "CVE-2024-56779",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56779"
},
{
"name": "CVE-2024-56780",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56780"
},
{
"name": "CVE-2024-56787",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56787"
},
{
"name": "CVE-2024-57791",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57791"
},
{
"name": "CVE-2024-57792",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57792"
},
{
"name": "CVE-2024-57798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57798"
},
{
"name": "CVE-2024-57838",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57838"
},
{
"name": "CVE-2024-57849",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57849"
},
{
"name": "CVE-2024-57850",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57850"
},
{
"name": "CVE-2024-57874",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57874"
},
{
"name": "CVE-2024-57876",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57876"
},
{
"name": "CVE-2024-57890",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57890"
},
{
"name": "CVE-2024-57892",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57892"
},
{
"name": "CVE-2024-57896",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57896"
},
{
"name": "CVE-2024-57897",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57897"
},
{
"name": "CVE-2024-57903",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57903"
},
{
"name": "CVE-2024-57904",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57904"
},
{
"name": "CVE-2024-57906",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57906"
},
{
"name": "CVE-2024-57907",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57907"
},
{
"name": "CVE-2024-57908",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57908"
},
{
"name": "CVE-2024-57910",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57910"
},
{
"name": "CVE-2024-57911",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57911"
},
{
"name": "CVE-2024-57912",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57912"
},
{
"name": "CVE-2024-57913",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57913"
},
{
"name": "CVE-2024-57922",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57922"
},
{
"name": "CVE-2024-57929",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57929"
},
{
"name": "CVE-2024-57940",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57940"
},
{
"name": "CVE-2025-21646",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21646"
},
{
"name": "CVE-2024-53047",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53047"
},
{
"name": "CVE-2024-50258",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50258"
},
{
"name": "CVE-2024-50304",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50304"
},
{
"name": "CVE-2024-53187",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53187"
},
{
"name": "CVE-2024-53203",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53203"
},
{
"name": "CVE-2024-56592",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56592"
},
{
"name": "CVE-2024-56600",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56600"
},
{
"name": "CVE-2024-56601",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56601"
},
{
"name": "CVE-2024-56608",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56608"
},
{
"name": "CVE-2024-56610",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56610"
},
{
"name": "CVE-2024-56650",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56650"
},
{
"name": "CVE-2024-56658",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56658"
},
{
"name": "CVE-2024-56679",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56679"
},
{
"name": "CVE-2024-56693",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56693"
},
{
"name": "CVE-2024-56707",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56707"
},
{
"name": "CVE-2024-56715",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56715"
},
{
"name": "CVE-2024-56725",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56725"
},
{
"name": "CVE-2024-56726",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56726"
},
{
"name": "CVE-2024-56727",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56727"
},
{
"name": "CVE-2024-56728",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56728"
},
{
"name": "CVE-2024-56763",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56763"
},
{
"name": "CVE-2024-57802",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57802"
},
{
"name": "CVE-2024-57882",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57882"
},
{
"name": "CVE-2024-57884",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57884"
},
{
"name": "CVE-2024-57917",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57917"
},
{
"name": "CVE-2024-57931",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57931"
},
{
"name": "CVE-2024-57938",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57938"
},
{
"name": "CVE-2024-57946",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57946"
},
{
"name": "CVE-2025-21653",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21653"
},
{
"name": "CVE-2025-21664",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21664"
},
{
"name": "CVE-2025-21666",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21666"
},
{
"name": "CVE-2025-21669",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21669"
},
{
"name": "CVE-2025-21678",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21678"
},
{
"name": "CVE-2024-49994",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49994"
},
{
"name": "CVE-2024-50164",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50164"
},
{
"name": "CVE-2024-53124",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53124"
},
{
"name": "CVE-2024-53128",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53128"
},
{
"name": "CVE-2024-56703",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56703"
},
{
"name": "CVE-2024-57925",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57925"
},
{
"name": "CVE-2024-57939",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57939"
},
{
"name": "CVE-2024-57948",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57948"
},
{
"name": "CVE-2025-21631",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21631"
},
{
"name": "CVE-2025-21636",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21636"
},
{
"name": "CVE-2025-21637",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21637"
},
{
"name": "CVE-2025-21638",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21638"
},
{
"name": "CVE-2025-21639",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21639"
},
{
"name": "CVE-2025-21640",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21640"
},
{
"name": "CVE-2025-21648",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21648"
},
{
"name": "CVE-2025-21665",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21665"
},
{
"name": "CVE-2025-21680",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21680"
},
{
"name": "CVE-2025-21683",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21683"
},
{
"name": "CVE-2024-53177",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53177"
},
{
"name": "CVE-2024-56633",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56633"
},
{
"name": "CVE-2022-49034",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49034"
},
{
"name": "CVE-2024-47689",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47689"
},
{
"name": "CVE-2024-47691",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47691"
},
{
"name": "CVE-2024-47711",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47711"
},
{
"name": "CVE-2024-47726",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47726"
},
{
"name": "CVE-2024-49865",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49865"
},
{
"name": "CVE-2024-49880",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49880"
},
{
"name": "CVE-2024-49926",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49926"
},
{
"name": "CVE-2024-49988",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49988"
},
{
"name": "CVE-2024-50029",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50029"
},
{
"name": "CVE-2024-50030",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50030"
},
{
"name": "CVE-2024-50056",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50056"
},
{
"name": "CVE-2024-50057",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50057"
},
{
"name": "CVE-2024-50065",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50065"
},
{
"name": "CVE-2024-50066",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50066"
},
{
"name": "CVE-2024-50068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50068"
},
{
"name": "CVE-2024-50070",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50070"
},
{
"name": "CVE-2024-50090",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50090"
},
{
"name": "CVE-2024-50104",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50104"
},
{
"name": "CVE-2024-50105",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50105"
},
{
"name": "CVE-2024-50107",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50107"
},
{
"name": "CVE-2024-50111",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50111"
},
{
"name": "CVE-2024-50112",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50112"
},
{
"name": "CVE-2024-50118",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50118"
},
{
"name": "CVE-2024-50120",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50120"
},
{
"name": "CVE-2024-50137",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50137"
},
{
"name": "CVE-2024-50140",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50140"
},
{
"name": "CVE-2024-50152",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50152"
},
{
"name": "CVE-2024-50170",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50170"
},
{
"name": "CVE-2024-50197",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50197"
},
{
"name": "CVE-2024-50206",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50206"
},
{
"name": "CVE-2024-50207",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50207"
},
{
"name": "CVE-2024-50220",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50220"
},
{
"name": "CVE-2024-50222",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50222"
},
{
"name": "CVE-2024-50223",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50223"
},
{
"name": "CVE-2024-50238",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50238"
},
{
"name": "CVE-2024-50239",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50239"
},
{
"name": "CVE-2024-50263",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50263"
},
{
"name": "CVE-2024-50270",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50270"
},
{
"name": "CVE-2024-50285",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50285"
},
{
"name": "CVE-2024-50288",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50288"
},
{
"name": "CVE-2024-50291",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50291"
},
{
"name": "CVE-2024-50294",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50294"
},
{
"name": "CVE-2024-50297",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50297"
},
{
"name": "CVE-2024-50300",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50300"
},
{
"name": "CVE-2024-50303",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50303"
},
{
"name": "CVE-2024-53044",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53044"
},
{
"name": "CVE-2024-53046",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53046"
},
{
"name": "CVE-2024-53053",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53053"
},
{
"name": "CVE-2024-53062",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53062"
},
{
"name": "CVE-2024-53067",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53067"
},
{
"name": "CVE-2024-53083",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53083"
},
{
"name": "CVE-2024-53084",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53084"
},
{
"name": "CVE-2024-53086",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53086"
},
{
"name": "CVE-2024-53087",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53087"
},
{
"name": "CVE-2024-53089",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53089"
},
{
"name": "CVE-2024-53107",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53107"
},
{
"name": "CVE-2024-53109",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53109"
},
{
"name": "CVE-2024-53115",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53115"
},
{
"name": "CVE-2024-53139",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53139"
},
{
"name": "CVE-2024-53145",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53145"
},
{
"name": "CVE-2024-53147",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53147"
},
{
"name": "CVE-2024-53163",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53163"
},
{
"name": "CVE-2024-53165",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53165"
},
{
"name": "CVE-2024-53176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53176"
},
{
"name": "CVE-2024-53178",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53178"
},
{
"name": "CVE-2024-53181",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53181"
},
{
"name": "CVE-2024-53183",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53183"
},
{
"name": "CVE-2024-53184",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53184"
},
{
"name": "CVE-2024-53218",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53218"
},
{
"name": "CVE-2024-53219",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53219"
},
{
"name": "CVE-2024-53220",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53220"
},
{
"name": "CVE-2024-53221",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53221"
},
{
"name": "CVE-2024-53223",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53223"
},
{
"name": "CVE-2024-53226",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53226"
},
{
"name": "CVE-2024-53228",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53228"
},
{
"name": "CVE-2024-56540",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56540"
},
{
"name": "CVE-2024-56545",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56545"
},
{
"name": "CVE-2024-56685",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56685"
},
{
"name": "CVE-2024-56689",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56689"
},
{
"name": "CVE-2024-56692",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56692"
},
{
"name": "CVE-2024-56720",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56720"
},
{
"name": "CVE-2024-56721",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56721"
},
{
"name": "CVE-2024-56742",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56742"
},
{
"name": "CVE-2024-56744",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56744"
},
{
"name": "CVE-2024-56751",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56751"
},
{
"name": "CVE-2025-0927",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0927"
},
{
"name": "CVE-2024-56579",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56579"
},
{
"name": "CVE-2024-56647",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56647"
},
{
"name": "CVE-2024-57889",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57889"
},
{
"name": "CVE-2025-21687",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21687"
},
{
"name": "CVE-2025-21689",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21689"
},
{
"name": "CVE-2025-21690",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21690"
},
{
"name": "CVE-2025-21692",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21692"
},
{
"name": "CVE-2025-21697",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21697"
},
{
"name": "CVE-2025-21699",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21699"
},
{
"name": "CVE-2025-21700",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21700"
},
{
"name": "CVE-2024-43098",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43098"
},
{
"name": "CVE-2024-47408",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47408"
},
{
"name": "CVE-2024-49571",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49571"
},
{
"name": "CVE-2024-53680",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53680"
},
{
"name": "CVE-2024-56581",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56581"
},
{
"name": "CVE-2024-56586",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56586"
},
{
"name": "CVE-2024-56626",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56626"
},
{
"name": "CVE-2024-56627",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56627"
},
{
"name": "CVE-2024-56640",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56640"
},
{
"name": "CVE-2024-56770",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56770"
},
{
"name": "CVE-2024-56781",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56781"
},
{
"name": "CVE-2024-56785",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56785"
},
{
"name": "CVE-2024-57807",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57807"
},
{
"name": "CVE-2024-57841",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57841"
},
{
"name": "CVE-2024-57900",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57900"
},
{
"name": "CVE-2024-57901",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57901"
},
{
"name": "CVE-2024-57902",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57902"
},
{
"name": "CVE-2024-57951",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57951"
},
{
"name": "CVE-2025-21694",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21694"
},
{
"name": "CVE-2022-0995",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0995"
},
{
"name": "CVE-2024-41932",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41932"
},
{
"name": "CVE-2024-41935",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41935"
},
{
"name": "CVE-2024-47794",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47794"
},
{
"name": "CVE-2024-48875",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48875"
},
{
"name": "CVE-2024-48876",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48876"
},
{
"name": "CVE-2024-56550",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56550"
},
{
"name": "CVE-2024-56565",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56565"
},
{
"name": "CVE-2024-56580",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56580"
},
{
"name": "CVE-2024-56583",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56583"
},
{
"name": "CVE-2024-56613",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56613"
},
{
"name": "CVE-2024-56621",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56621"
},
{
"name": "CVE-2024-56638",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56638"
},
{
"name": "CVE-2024-56771",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56771"
},
{
"name": "CVE-2024-56772",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56772"
},
{
"name": "CVE-2024-56773",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56773"
},
{
"name": "CVE-2024-56782",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56782"
},
{
"name": "CVE-2024-56786",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56786"
},
{
"name": "CVE-2024-57843",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57843"
},
{
"name": "CVE-2024-57872",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57872"
},
{
"name": "CVE-2024-58087",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58087"
},
{
"name": "CVE-2025-21701",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21701"
},
{
"name": "CVE-2025-21703",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21703"
},
{
"name": "CVE-2025-21756",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21756"
},
{
"name": "CVE-2025-21831",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21831"
},
{
"name": "CVE-2025-21702",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21702"
},
{
"name": "CVE-2025-21993",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21993"
},
{
"name": "CVE-2024-44955",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44955"
},
{
"name": "CVE-2025-2312",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2312"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0366",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-05-02T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux d\u0027Ubuntu. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux d\u0027Ubuntu",
"vendor_advisories": [
{
"published_at": "2025-04-25",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7455-4",
"url": "https://ubuntu.com/security/notices/USN-7455-4"
},
{
"published_at": "2025-04-28",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7459-2",
"url": "https://ubuntu.com/security/notices/USN-7459-2"
},
{
"published_at": "2025-04-28",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7468-1",
"url": "https://ubuntu.com/security/notices/USN-7468-1"
},
{
"published_at": "2025-04-29",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7455-5",
"url": "https://ubuntu.com/security/notices/USN-7455-5"
}
]
}
CERTFR-2025-AVI-0168
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans le noyau Linux d'Ubuntu. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, une élévation de privilèges et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Ubuntu 16.04 ESM",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 24.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 18.04 ESM",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 20.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 14.04 ESM",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 22.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2023-21400",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21400"
},
{
"name": "CVE-2023-52458",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52458"
},
{
"name": "CVE-2024-26718",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26718"
},
{
"name": "CVE-2021-47469",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47469"
},
{
"name": "CVE-2024-35887",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35887"
},
{
"name": "CVE-2024-35896",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35896"
},
{
"name": "CVE-2024-38544",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38544"
},
{
"name": "CVE-2024-38553",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38553"
},
{
"name": "CVE-2024-38597",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38597"
},
{
"name": "CVE-2024-40911",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40911"
},
{
"name": "CVE-2024-40953",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40953"
},
{
"name": "CVE-2024-40967",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40967"
},
{
"name": "CVE-2024-39497",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39497"
},
{
"name": "CVE-2024-40982",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40982"
},
{
"name": "CVE-2024-41012",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41012"
},
{
"name": "CVE-2024-41016",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41016"
},
{
"name": "CVE-2024-41066",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41066"
},
{
"name": "CVE-2024-41020",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41020"
},
{
"name": "CVE-2024-40965",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40965"
},
{
"name": "CVE-2023-52913",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52913"
},
{
"name": "CVE-2024-41080",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41080"
},
{
"name": "CVE-2024-42291",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42291"
},
{
"name": "CVE-2024-42311",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42311"
},
{
"name": "CVE-2024-43863",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43863"
},
{
"name": "CVE-2024-44931",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44931"
},
{
"name": "CVE-2024-46731",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46731"
},
{
"name": "CVE-2024-46849",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46849"
},
{
"name": "CVE-2024-46853",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46853"
},
{
"name": "CVE-2024-46854",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46854"
},
{
"name": "CVE-2024-42252",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42252"
},
{
"name": "CVE-2024-43914",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43914"
},
{
"name": "CVE-2023-52917",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52917"
},
{
"name": "CVE-2024-47670",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47670"
},
{
"name": "CVE-2024-47671",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47671"
},
{
"name": "CVE-2024-47672",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47672"
},
{
"name": "CVE-2024-47673",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47673"
},
{
"name": "CVE-2024-47674",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47674"
},
{
"name": "CVE-2024-47675",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47675"
},
{
"name": "CVE-2024-47681",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47681"
},
{
"name": "CVE-2024-47682",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47682"
},
{
"name": "CVE-2024-47684",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47684"
},
{
"name": "CVE-2024-47685",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47685"
},
{
"name": "CVE-2024-47686",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47686"
},
{
"name": "CVE-2024-47687",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47687"
},
{
"name": "CVE-2024-47688",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47688"
},
{
"name": "CVE-2024-47692",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47692"
},
{
"name": "CVE-2024-47693",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47693"
},
{
"name": "CVE-2024-47695",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47695"
},
{
"name": "CVE-2024-47696",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47696"
},
{
"name": "CVE-2024-47697",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47697"
},
{
"name": "CVE-2024-47698",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47698"
},
{
"name": "CVE-2024-47699",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47699"
},
{
"name": "CVE-2024-47702",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47702"
},
{
"name": "CVE-2024-47704",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47704"
},
{
"name": "CVE-2024-47705",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47705"
},
{
"name": "CVE-2024-47706",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47706"
},
{
"name": "CVE-2024-47707",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47707"
},
{
"name": "CVE-2024-47709",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47709"
},
{
"name": "CVE-2024-47710",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47710"
},
{
"name": "CVE-2024-47712",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47712"
},
{
"name": "CVE-2024-47713",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47713"
},
{
"name": "CVE-2024-47714",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47714"
},
{
"name": "CVE-2024-47715",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47715"
},
{
"name": "CVE-2024-47718",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47718"
},
{
"name": "CVE-2024-47719",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47719"
},
{
"name": "CVE-2024-47720",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47720"
},
{
"name": "CVE-2024-47723",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47723"
},
{
"name": "CVE-2024-47727",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47727"
},
{
"name": "CVE-2024-47728",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47728"
},
{
"name": "CVE-2024-47730",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47730"
},
{
"name": "CVE-2024-47731",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47731"
},
{
"name": "CVE-2024-47732",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47732"
},
{
"name": "CVE-2024-47735",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47735"
},
{
"name": "CVE-2024-47737",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47737"
},
{
"name": "CVE-2024-47738",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47738"
},
{
"name": "CVE-2024-47739",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47739"
},
{
"name": "CVE-2024-47741",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47741"
},
{
"name": "CVE-2024-47742",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47742"
},
{
"name": "CVE-2024-47743",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47743"
},
{
"name": "CVE-2024-47744",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47744"
},
{
"name": "CVE-2024-47745",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47745"
},
{
"name": "CVE-2024-47747",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47747"
},
{
"name": "CVE-2024-47748",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47748"
},
{
"name": "CVE-2024-47749",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47749"
},
{
"name": "CVE-2024-47750",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47750"
},
{
"name": "CVE-2024-47751",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47751"
},
{
"name": "CVE-2024-47752",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47752"
},
{
"name": "CVE-2024-47753",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47753"
},
{
"name": "CVE-2024-47754",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47754"
},
{
"name": "CVE-2024-47756",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47756"
},
{
"name": "CVE-2024-47757",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47757"
},
{
"name": "CVE-2024-49850",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49850"
},
{
"name": "CVE-2024-49851",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49851"
},
{
"name": "CVE-2024-49852",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49852"
},
{
"name": "CVE-2024-49853",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49853"
},
{
"name": "CVE-2024-49855",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49855"
},
{
"name": "CVE-2024-49858",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49858"
},
{
"name": "CVE-2024-49860",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49860"
},
{
"name": "CVE-2024-49861",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49861"
},
{
"name": "CVE-2024-49862",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49862"
},
{
"name": "CVE-2024-49863",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49863"
},
{
"name": "CVE-2024-49864",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49864"
},
{
"name": "CVE-2024-49866",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49866"
},
{
"name": "CVE-2024-49867",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49867"
},
{
"name": "CVE-2024-49870",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49870"
},
{
"name": "CVE-2024-49871",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49871"
},
{
"name": "CVE-2024-49874",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49874"
},
{
"name": "CVE-2024-49875",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49875"
},
{
"name": "CVE-2024-49877",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49877"
},
{
"name": "CVE-2024-49878",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49878"
},
{
"name": "CVE-2024-49879",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49879"
},
{
"name": "CVE-2024-49881",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49881"
},
{
"name": "CVE-2024-49882",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49882"
},
{
"name": "CVE-2024-49883",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49883"
},
{
"name": "CVE-2024-49886",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49886"
},
{
"name": "CVE-2024-49888",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49888"
},
{
"name": "CVE-2024-49890",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49890"
},
{
"name": "CVE-2024-49891",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49891"
},
{
"name": "CVE-2024-49892",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49892"
},
{
"name": "CVE-2024-49894",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49894"
},
{
"name": "CVE-2024-49895",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49895"
},
{
"name": "CVE-2024-49896",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49896"
},
{
"name": "CVE-2024-49897",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49897"
},
{
"name": "CVE-2024-49898",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49898"
},
{
"name": "CVE-2024-49900",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49900"
},
{
"name": "CVE-2024-49901",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49901"
},
{
"name": "CVE-2024-49902",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49902"
},
{
"name": "CVE-2024-49903",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49903"
},
{
"name": "CVE-2024-49907",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49907"
},
{
"name": "CVE-2024-49909",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49909"
},
{
"name": "CVE-2024-49911",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49911"
},
{
"name": "CVE-2024-49912",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49912"
},
{
"name": "CVE-2024-49913",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49913"
},
{
"name": "CVE-2024-49917",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49917"
},
{
"name": "CVE-2024-49918",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49918"
},
{
"name": "CVE-2024-49919",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49919"
},
{
"name": "CVE-2024-49922",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49922"
},
{
"name": "CVE-2024-49923",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49923"
},
{
"name": "CVE-2024-49928",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49928"
},
{
"name": "CVE-2024-49929",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49929"
},
{
"name": "CVE-2024-49930",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49930"
},
{
"name": "CVE-2024-49931",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49931"
},
{
"name": "CVE-2024-49933",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49933"
},
{
"name": "CVE-2024-49935",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49935"
},
{
"name": "CVE-2024-49936",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49936"
},
{
"name": "CVE-2024-49937",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49937"
},
{
"name": "CVE-2024-49938",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49938"
},
{
"name": "CVE-2024-49939",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49939"
},
{
"name": "CVE-2024-49946",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49946"
},
{
"name": "CVE-2024-49947",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49947"
},
{
"name": "CVE-2024-49949",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49949"
},
{
"name": "CVE-2024-49950",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49950"
},
{
"name": "CVE-2024-49953",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49953"
},
{
"name": "CVE-2024-49954",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49954"
},
{
"name": "CVE-2024-49955",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49955"
},
{
"name": "CVE-2024-49957",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49957"
},
{
"name": "CVE-2024-49958",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49958"
},
{
"name": "CVE-2024-49959",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49959"
},
{
"name": "CVE-2024-49960",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49960"
},
{
"name": "CVE-2024-49961",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49961"
},
{
"name": "CVE-2024-49962",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49962"
},
{
"name": "CVE-2024-49963",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49963"
},
{
"name": "CVE-2024-49965",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49965"
},
{
"name": "CVE-2024-49966",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49966"
},
{
"name": "CVE-2024-49969",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49969"
},
{
"name": "CVE-2024-49973",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49973"
},
{
"name": "CVE-2024-49974",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49974"
},
{
"name": "CVE-2024-49975",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49975"
},
{
"name": "CVE-2024-49981",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49981"
},
{
"name": "CVE-2024-49982",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49982"
},
{
"name": "CVE-2024-49985",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49985"
},
{
"name": "CVE-2024-49986",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49986"
},
{
"name": "CVE-2024-49991",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49991"
},
{
"name": "CVE-2024-49995",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49995"
},
{
"name": "CVE-2024-49996",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49996"
},
{
"name": "CVE-2024-50000",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50000"
},
{
"name": "CVE-2024-50001",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50001"
},
{
"name": "CVE-2024-50002",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50002"
},
{
"name": "CVE-2024-50006",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50006"
},
{
"name": "CVE-2024-50007",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50007"
},
{
"name": "CVE-2024-50008",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50008"
},
{
"name": "CVE-2024-50013",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50013"
},
{
"name": "CVE-2024-50014",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50014"
},
{
"name": "CVE-2024-50015",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50015"
},
{
"name": "CVE-2024-50017",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50017"
},
{
"name": "CVE-2024-50024",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50024"
},
{
"name": "CVE-2024-50033",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50033"
},
{
"name": "CVE-2024-50035",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50035"
},
{
"name": "CVE-2024-50040",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50040"
},
{
"name": "CVE-2024-50044",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50044"
},
{
"name": "CVE-2024-50045",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50045"
},
{
"name": "CVE-2024-50058",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50058"
},
{
"name": "CVE-2024-50059",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50059"
},
{
"name": "CVE-2024-50074",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50074"
},
{
"name": "CVE-2024-50012",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50012"
},
{
"name": "CVE-2024-50036",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50036"
},
{
"name": "CVE-2024-50072",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50072"
},
{
"name": "CVE-2024-50218",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50218"
},
{
"name": "CVE-2024-50229",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50229"
},
{
"name": "CVE-2024-50230",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50230"
},
{
"name": "CVE-2024-50232",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50232"
},
{
"name": "CVE-2024-50233",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50233"
},
{
"name": "CVE-2024-50234",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50234"
},
{
"name": "CVE-2024-50236",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50236"
},
{
"name": "CVE-2024-50237",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50237"
},
{
"name": "CVE-2024-50244",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50244"
},
{
"name": "CVE-2024-50245",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50245"
},
{
"name": "CVE-2024-50247",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50247"
},
{
"name": "CVE-2024-50249",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50249"
},
{
"name": "CVE-2024-50251",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50251"
},
{
"name": "CVE-2024-50257",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50257"
},
{
"name": "CVE-2024-50259",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50259"
},
{
"name": "CVE-2024-50262",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50262"
},
{
"name": "CVE-2024-50265",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50265"
},
{
"name": "CVE-2024-50267",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50267"
},
{
"name": "CVE-2024-50268",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50268"
},
{
"name": "CVE-2024-50269",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50269"
},
{
"name": "CVE-2024-50273",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50273"
},
{
"name": "CVE-2024-50278",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50278"
},
{
"name": "CVE-2024-50279",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50279"
},
{
"name": "CVE-2024-50282",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50282"
},
{
"name": "CVE-2024-50287",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50287"
},
{
"name": "CVE-2024-50290",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50290"
},
{
"name": "CVE-2024-50292",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50292"
},
{
"name": "CVE-2024-50295",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50295"
},
{
"name": "CVE-2024-50296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50296"
},
{
"name": "CVE-2024-50299",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50299"
},
{
"name": "CVE-2024-50301",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50301"
},
{
"name": "CVE-2024-50302",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50302"
},
{
"name": "CVE-2024-53042",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53042"
},
{
"name": "CVE-2024-53052",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53052"
},
{
"name": "CVE-2024-53055",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53055"
},
{
"name": "CVE-2024-53058",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53058"
},
{
"name": "CVE-2024-53059",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53059"
},
{
"name": "CVE-2024-53061",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53061"
},
{
"name": "CVE-2024-53063",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53063"
},
{
"name": "CVE-2024-53066",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53066"
},
{
"name": "CVE-2024-53088",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53088"
},
{
"name": "CVE-2024-49925",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49925"
},
{
"name": "CVE-2024-49945",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49945"
},
{
"name": "CVE-2024-50208",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50208"
},
{
"name": "CVE-2024-50082",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50082"
},
{
"name": "CVE-2024-50099",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50099"
},
{
"name": "CVE-2024-50110",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50110"
},
{
"name": "CVE-2024-50142",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50142"
},
{
"name": "CVE-2024-50192",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50192"
},
{
"name": "CVE-2024-47679",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47679"
},
{
"name": "CVE-2024-47690",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47690"
},
{
"name": "CVE-2024-47701",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47701"
},
{
"name": "CVE-2024-47734",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47734"
},
{
"name": "CVE-2024-47740",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47740"
},
{
"name": "CVE-2024-49856",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49856"
},
{
"name": "CVE-2024-49868",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49868"
},
{
"name": "CVE-2024-49884",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49884"
},
{
"name": "CVE-2024-49889",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49889"
},
{
"name": "CVE-2024-49905",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49905"
},
{
"name": "CVE-2024-49915",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49915"
},
{
"name": "CVE-2024-49924",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49924"
},
{
"name": "CVE-2024-49927",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49927"
},
{
"name": "CVE-2024-49944",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49944"
},
{
"name": "CVE-2024-49948",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49948"
},
{
"name": "CVE-2024-49952",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49952"
},
{
"name": "CVE-2024-49977",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49977"
},
{
"name": "CVE-2024-49983",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49983"
},
{
"name": "CVE-2024-49997",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49997"
},
{
"name": "CVE-2024-50039",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50039"
},
{
"name": "CVE-2024-50096",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50096"
},
{
"name": "CVE-2024-50179",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50179"
},
{
"name": "CVE-2024-50180",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50180"
},
{
"name": "CVE-2024-50184",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50184"
},
{
"name": "CVE-2024-47703",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47703"
},
{
"name": "CVE-2024-49934",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49934"
},
{
"name": "CVE-2024-49976",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49976"
},
{
"name": "CVE-2024-49987",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49987"
},
{
"name": "CVE-2024-49989",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49989"
},
{
"name": "CVE-2024-50101",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50101"
},
{
"name": "CVE-2024-50103",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50103"
},
{
"name": "CVE-2024-50115",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50115"
},
{
"name": "CVE-2024-50116",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50116"
},
{
"name": "CVE-2024-50117",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50117"
},
{
"name": "CVE-2024-50127",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50127"
},
{
"name": "CVE-2024-50128",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50128"
},
{
"name": "CVE-2024-50131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50131"
},
{
"name": "CVE-2024-50134",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50134"
},
{
"name": "CVE-2024-50141",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50141"
},
{
"name": "CVE-2024-50148",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50148"
},
{
"name": "CVE-2024-50150",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50150"
},
{
"name": "CVE-2024-50153",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50153"
},
{
"name": "CVE-2024-50154",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50154"
},
{
"name": "CVE-2024-50156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50156"
},
{
"name": "CVE-2024-50160",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50160"
},
{
"name": "CVE-2024-50167",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50167"
},
{
"name": "CVE-2024-50171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50171"
},
{
"name": "CVE-2024-50175",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50175"
},
{
"name": "CVE-2024-50176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50176"
},
{
"name": "CVE-2024-50182",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50182"
},
{
"name": "CVE-2024-50194",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50194"
},
{
"name": "CVE-2024-50195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50195"
},
{
"name": "CVE-2024-50196",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50196"
},
{
"name": "CVE-2024-50198",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50198"
},
{
"name": "CVE-2024-50201",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50201"
},
{
"name": "CVE-2024-50205",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50205"
},
{
"name": "CVE-2024-50209",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50209"
},
{
"name": "CVE-2024-50274",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50274"
},
{
"name": "CVE-2024-53101",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53101"
},
{
"name": "CVE-2024-53104",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53104"
},
{
"name": "CVE-2024-47678",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47678"
},
{
"name": "CVE-2024-49859",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49859"
},
{
"name": "CVE-2024-49978",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49978"
},
{
"name": "CVE-2024-49992",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49992"
},
{
"name": "CVE-2024-50010",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50010"
},
{
"name": "CVE-2024-50083",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50083"
},
{
"name": "CVE-2024-50085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50085"
},
{
"name": "CVE-2024-50086",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50086"
},
{
"name": "CVE-2024-50143",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50143"
},
{
"name": "CVE-2024-50151",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50151"
},
{
"name": "CVE-2024-50162",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50162"
},
{
"name": "CVE-2024-50163",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50163"
},
{
"name": "CVE-2024-50168",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50168"
},
{
"name": "CVE-2024-50185",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50185"
},
{
"name": "CVE-2024-50193",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50193"
},
{
"name": "CVE-2024-50199",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50199"
},
{
"name": "CVE-2024-50202",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50202"
},
{
"name": "CVE-2024-53097",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53097"
},
{
"name": "CVE-2024-53103",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53103"
},
{
"name": "CVE-2024-53144",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53144"
},
{
"name": "CVE-2024-50016",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50016"
},
{
"name": "CVE-2024-53064",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53064"
},
{
"name": "CVE-2024-53141",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53141"
},
{
"name": "CVE-2024-49951",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49951"
},
{
"name": "CVE-2024-49998",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49998"
},
{
"name": "CVE-2024-53164",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53164"
},
{
"name": "CVE-2024-49994",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49994"
},
{
"name": "CVE-2024-47677",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47677"
},
{
"name": "CVE-2024-47689",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47689"
},
{
"name": "CVE-2024-47691",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47691"
},
{
"name": "CVE-2024-47700",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47700"
},
{
"name": "CVE-2024-47716",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47716"
},
{
"name": "CVE-2024-47733",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47733"
},
{
"name": "CVE-2024-49876",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49876"
},
{
"name": "CVE-2024-49880",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49880"
},
{
"name": "CVE-2024-49885",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49885"
},
{
"name": "CVE-2024-49926",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49926"
},
{
"name": "CVE-2024-49942",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49942"
},
{
"name": "CVE-2024-49980",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49980"
},
{
"name": "CVE-2024-49988",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49988"
},
{
"name": "CVE-2024-49999",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49999"
},
{
"name": "CVE-2024-50005",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50005"
},
{
"name": "CVE-2025-0927",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0927"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0168",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-02-28T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux d\u0027Ubuntu. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux d\u0027Ubuntu",
"vendor_advisories": [
{
"published_at": "2025-02-25",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7293-1",
"url": "https://ubuntu.com/security/notices/USN-7293-1"
},
{
"published_at": "2025-02-25",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7291-1",
"url": "https://ubuntu.com/security/notices/USN-7291-1"
},
{
"published_at": "2025-02-25",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7289-3",
"url": "https://ubuntu.com/security/notices/USN-7289-3"
},
{
"published_at": "2025-02-25",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7300-1",
"url": "https://ubuntu.com/security/notices/USN-7300-1"
},
{
"published_at": "2025-02-24",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7262-2",
"url": "https://ubuntu.com/security/notices/USN-7262-2"
},
{
"published_at": "2025-02-26",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7305-1",
"url": "https://ubuntu.com/security/notices/USN-7305-1"
},
{
"published_at": "2025-02-25",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7298-1",
"url": "https://ubuntu.com/security/notices/USN-7298-1"
},
{
"published_at": "2025-02-27",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7294-2",
"url": "https://ubuntu.com/security/notices/USN-7294-2"
},
{
"published_at": "2025-02-27",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7308-1",
"url": "https://ubuntu.com/security/notices/USN-7308-1"
},
{
"published_at": "2025-02-25",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7295-1",
"url": "https://ubuntu.com/security/notices/USN-7295-1"
},
{
"published_at": "2025-02-25",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7294-1",
"url": "https://ubuntu.com/security/notices/USN-7294-1"
},
{
"published_at": "2025-02-26",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7304-1",
"url": "https://ubuntu.com/security/notices/USN-7304-1"
},
{
"published_at": "2025-02-25",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7289-2",
"url": "https://ubuntu.com/security/notices/USN-7289-2"
},
{
"published_at": "2025-02-24",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7288-1",
"url": "https://ubuntu.com/security/notices/USN-7288-1"
},
{
"published_at": "2025-02-25",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7288-2",
"url": "https://ubuntu.com/security/notices/USN-7288-2"
},
{
"published_at": "2025-02-25",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7296-1",
"url": "https://ubuntu.com/security/notices/USN-7296-1"
},
{
"published_at": "2025-02-26",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7303-1",
"url": "https://ubuntu.com/security/notices/USN-7303-1"
},
{
"published_at": "2025-02-25",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7301-1",
"url": "https://ubuntu.com/security/notices/USN-7301-1"
},
{
"published_at": "2025-02-25",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7234-5",
"url": "https://ubuntu.com/security/notices/USN-7234-5"
},
{
"published_at": "2025-02-27",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7289-4",
"url": "https://ubuntu.com/security/notices/USN-7289-4"
},
{
"published_at": "2025-02-24",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7289-1",
"url": "https://ubuntu.com/security/notices/USN-7289-1"
}
]
}
CERTFR-2025-AVI-0168
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans le noyau Linux d'Ubuntu. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, une élévation de privilèges et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Ubuntu 16.04 ESM",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 24.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 18.04 ESM",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 20.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 14.04 ESM",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 22.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2023-21400",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21400"
},
{
"name": "CVE-2023-52458",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52458"
},
{
"name": "CVE-2024-26718",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26718"
},
{
"name": "CVE-2021-47469",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47469"
},
{
"name": "CVE-2024-35887",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35887"
},
{
"name": "CVE-2024-35896",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35896"
},
{
"name": "CVE-2024-38544",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38544"
},
{
"name": "CVE-2024-38553",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38553"
},
{
"name": "CVE-2024-38597",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38597"
},
{
"name": "CVE-2024-40911",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40911"
},
{
"name": "CVE-2024-40953",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40953"
},
{
"name": "CVE-2024-40967",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40967"
},
{
"name": "CVE-2024-39497",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39497"
},
{
"name": "CVE-2024-40982",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40982"
},
{
"name": "CVE-2024-41012",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41012"
},
{
"name": "CVE-2024-41016",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41016"
},
{
"name": "CVE-2024-41066",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41066"
},
{
"name": "CVE-2024-41020",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41020"
},
{
"name": "CVE-2024-40965",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40965"
},
{
"name": "CVE-2023-52913",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52913"
},
{
"name": "CVE-2024-41080",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41080"
},
{
"name": "CVE-2024-42291",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42291"
},
{
"name": "CVE-2024-42311",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42311"
},
{
"name": "CVE-2024-43863",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43863"
},
{
"name": "CVE-2024-44931",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44931"
},
{
"name": "CVE-2024-46731",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46731"
},
{
"name": "CVE-2024-46849",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46849"
},
{
"name": "CVE-2024-46853",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46853"
},
{
"name": "CVE-2024-46854",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46854"
},
{
"name": "CVE-2024-42252",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42252"
},
{
"name": "CVE-2024-43914",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43914"
},
{
"name": "CVE-2023-52917",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52917"
},
{
"name": "CVE-2024-47670",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47670"
},
{
"name": "CVE-2024-47671",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47671"
},
{
"name": "CVE-2024-47672",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47672"
},
{
"name": "CVE-2024-47673",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47673"
},
{
"name": "CVE-2024-47674",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47674"
},
{
"name": "CVE-2024-47675",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47675"
},
{
"name": "CVE-2024-47681",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47681"
},
{
"name": "CVE-2024-47682",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47682"
},
{
"name": "CVE-2024-47684",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47684"
},
{
"name": "CVE-2024-47685",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47685"
},
{
"name": "CVE-2024-47686",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47686"
},
{
"name": "CVE-2024-47687",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47687"
},
{
"name": "CVE-2024-47688",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47688"
},
{
"name": "CVE-2024-47692",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47692"
},
{
"name": "CVE-2024-47693",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47693"
},
{
"name": "CVE-2024-47695",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47695"
},
{
"name": "CVE-2024-47696",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47696"
},
{
"name": "CVE-2024-47697",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47697"
},
{
"name": "CVE-2024-47698",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47698"
},
{
"name": "CVE-2024-47699",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47699"
},
{
"name": "CVE-2024-47702",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47702"
},
{
"name": "CVE-2024-47704",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47704"
},
{
"name": "CVE-2024-47705",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47705"
},
{
"name": "CVE-2024-47706",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47706"
},
{
"name": "CVE-2024-47707",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47707"
},
{
"name": "CVE-2024-47709",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47709"
},
{
"name": "CVE-2024-47710",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47710"
},
{
"name": "CVE-2024-47712",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47712"
},
{
"name": "CVE-2024-47713",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47713"
},
{
"name": "CVE-2024-47714",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47714"
},
{
"name": "CVE-2024-47715",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47715"
},
{
"name": "CVE-2024-47718",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47718"
},
{
"name": "CVE-2024-47719",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47719"
},
{
"name": "CVE-2024-47720",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47720"
},
{
"name": "CVE-2024-47723",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47723"
},
{
"name": "CVE-2024-47727",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47727"
},
{
"name": "CVE-2024-47728",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47728"
},
{
"name": "CVE-2024-47730",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47730"
},
{
"name": "CVE-2024-47731",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47731"
},
{
"name": "CVE-2024-47732",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47732"
},
{
"name": "CVE-2024-47735",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47735"
},
{
"name": "CVE-2024-47737",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47737"
},
{
"name": "CVE-2024-47738",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47738"
},
{
"name": "CVE-2024-47739",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47739"
},
{
"name": "CVE-2024-47741",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47741"
},
{
"name": "CVE-2024-47742",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47742"
},
{
"name": "CVE-2024-47743",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47743"
},
{
"name": "CVE-2024-47744",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47744"
},
{
"name": "CVE-2024-47745",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47745"
},
{
"name": "CVE-2024-47747",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47747"
},
{
"name": "CVE-2024-47748",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47748"
},
{
"name": "CVE-2024-47749",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47749"
},
{
"name": "CVE-2024-47750",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47750"
},
{
"name": "CVE-2024-47751",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47751"
},
{
"name": "CVE-2024-47752",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47752"
},
{
"name": "CVE-2024-47753",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47753"
},
{
"name": "CVE-2024-47754",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47754"
},
{
"name": "CVE-2024-47756",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47756"
},
{
"name": "CVE-2024-47757",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47757"
},
{
"name": "CVE-2024-49850",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49850"
},
{
"name": "CVE-2024-49851",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49851"
},
{
"name": "CVE-2024-49852",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49852"
},
{
"name": "CVE-2024-49853",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49853"
},
{
"name": "CVE-2024-49855",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49855"
},
{
"name": "CVE-2024-49858",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49858"
},
{
"name": "CVE-2024-49860",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49860"
},
{
"name": "CVE-2024-49861",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49861"
},
{
"name": "CVE-2024-49862",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49862"
},
{
"name": "CVE-2024-49863",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49863"
},
{
"name": "CVE-2024-49864",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49864"
},
{
"name": "CVE-2024-49866",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49866"
},
{
"name": "CVE-2024-49867",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49867"
},
{
"name": "CVE-2024-49870",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49870"
},
{
"name": "CVE-2024-49871",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49871"
},
{
"name": "CVE-2024-49874",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49874"
},
{
"name": "CVE-2024-49875",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49875"
},
{
"name": "CVE-2024-49877",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49877"
},
{
"name": "CVE-2024-49878",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49878"
},
{
"name": "CVE-2024-49879",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49879"
},
{
"name": "CVE-2024-49881",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49881"
},
{
"name": "CVE-2024-49882",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49882"
},
{
"name": "CVE-2024-49883",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49883"
},
{
"name": "CVE-2024-49886",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49886"
},
{
"name": "CVE-2024-49888",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49888"
},
{
"name": "CVE-2024-49890",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49890"
},
{
"name": "CVE-2024-49891",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49891"
},
{
"name": "CVE-2024-49892",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49892"
},
{
"name": "CVE-2024-49894",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49894"
},
{
"name": "CVE-2024-49895",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49895"
},
{
"name": "CVE-2024-49896",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49896"
},
{
"name": "CVE-2024-49897",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49897"
},
{
"name": "CVE-2024-49898",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49898"
},
{
"name": "CVE-2024-49900",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49900"
},
{
"name": "CVE-2024-49901",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49901"
},
{
"name": "CVE-2024-49902",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49902"
},
{
"name": "CVE-2024-49903",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49903"
},
{
"name": "CVE-2024-49907",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49907"
},
{
"name": "CVE-2024-49909",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49909"
},
{
"name": "CVE-2024-49911",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49911"
},
{
"name": "CVE-2024-49912",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49912"
},
{
"name": "CVE-2024-49913",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49913"
},
{
"name": "CVE-2024-49917",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49917"
},
{
"name": "CVE-2024-49918",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49918"
},
{
"name": "CVE-2024-49919",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49919"
},
{
"name": "CVE-2024-49922",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49922"
},
{
"name": "CVE-2024-49923",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49923"
},
{
"name": "CVE-2024-49928",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49928"
},
{
"name": "CVE-2024-49929",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49929"
},
{
"name": "CVE-2024-49930",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49930"
},
{
"name": "CVE-2024-49931",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49931"
},
{
"name": "CVE-2024-49933",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49933"
},
{
"name": "CVE-2024-49935",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49935"
},
{
"name": "CVE-2024-49936",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49936"
},
{
"name": "CVE-2024-49937",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49937"
},
{
"name": "CVE-2024-49938",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49938"
},
{
"name": "CVE-2024-49939",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49939"
},
{
"name": "CVE-2024-49946",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49946"
},
{
"name": "CVE-2024-49947",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49947"
},
{
"name": "CVE-2024-49949",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49949"
},
{
"name": "CVE-2024-49950",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49950"
},
{
"name": "CVE-2024-49953",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49953"
},
{
"name": "CVE-2024-49954",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49954"
},
{
"name": "CVE-2024-49955",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49955"
},
{
"name": "CVE-2024-49957",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49957"
},
{
"name": "CVE-2024-49958",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49958"
},
{
"name": "CVE-2024-49959",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49959"
},
{
"name": "CVE-2024-49960",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49960"
},
{
"name": "CVE-2024-49961",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49961"
},
{
"name": "CVE-2024-49962",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49962"
},
{
"name": "CVE-2024-49963",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49963"
},
{
"name": "CVE-2024-49965",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49965"
},
{
"name": "CVE-2024-49966",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49966"
},
{
"name": "CVE-2024-49969",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49969"
},
{
"name": "CVE-2024-49973",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49973"
},
{
"name": "CVE-2024-49974",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49974"
},
{
"name": "CVE-2024-49975",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49975"
},
{
"name": "CVE-2024-49981",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49981"
},
{
"name": "CVE-2024-49982",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49982"
},
{
"name": "CVE-2024-49985",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49985"
},
{
"name": "CVE-2024-49986",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49986"
},
{
"name": "CVE-2024-49991",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49991"
},
{
"name": "CVE-2024-49995",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49995"
},
{
"name": "CVE-2024-49996",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49996"
},
{
"name": "CVE-2024-50000",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50000"
},
{
"name": "CVE-2024-50001",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50001"
},
{
"name": "CVE-2024-50002",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50002"
},
{
"name": "CVE-2024-50006",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50006"
},
{
"name": "CVE-2024-50007",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50007"
},
{
"name": "CVE-2024-50008",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50008"
},
{
"name": "CVE-2024-50013",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50013"
},
{
"name": "CVE-2024-50014",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50014"
},
{
"name": "CVE-2024-50015",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50015"
},
{
"name": "CVE-2024-50017",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50017"
},
{
"name": "CVE-2024-50024",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50024"
},
{
"name": "CVE-2024-50033",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50033"
},
{
"name": "CVE-2024-50035",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50035"
},
{
"name": "CVE-2024-50040",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50040"
},
{
"name": "CVE-2024-50044",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50044"
},
{
"name": "CVE-2024-50045",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50045"
},
{
"name": "CVE-2024-50058",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50058"
},
{
"name": "CVE-2024-50059",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50059"
},
{
"name": "CVE-2024-50074",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50074"
},
{
"name": "CVE-2024-50012",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50012"
},
{
"name": "CVE-2024-50036",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50036"
},
{
"name": "CVE-2024-50072",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50072"
},
{
"name": "CVE-2024-50218",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50218"
},
{
"name": "CVE-2024-50229",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50229"
},
{
"name": "CVE-2024-50230",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50230"
},
{
"name": "CVE-2024-50232",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50232"
},
{
"name": "CVE-2024-50233",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50233"
},
{
"name": "CVE-2024-50234",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50234"
},
{
"name": "CVE-2024-50236",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50236"
},
{
"name": "CVE-2024-50237",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50237"
},
{
"name": "CVE-2024-50244",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50244"
},
{
"name": "CVE-2024-50245",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50245"
},
{
"name": "CVE-2024-50247",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50247"
},
{
"name": "CVE-2024-50249",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50249"
},
{
"name": "CVE-2024-50251",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50251"
},
{
"name": "CVE-2024-50257",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50257"
},
{
"name": "CVE-2024-50259",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50259"
},
{
"name": "CVE-2024-50262",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50262"
},
{
"name": "CVE-2024-50265",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50265"
},
{
"name": "CVE-2024-50267",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50267"
},
{
"name": "CVE-2024-50268",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50268"
},
{
"name": "CVE-2024-50269",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50269"
},
{
"name": "CVE-2024-50273",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50273"
},
{
"name": "CVE-2024-50278",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50278"
},
{
"name": "CVE-2024-50279",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50279"
},
{
"name": "CVE-2024-50282",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50282"
},
{
"name": "CVE-2024-50287",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50287"
},
{
"name": "CVE-2024-50290",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50290"
},
{
"name": "CVE-2024-50292",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50292"
},
{
"name": "CVE-2024-50295",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50295"
},
{
"name": "CVE-2024-50296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50296"
},
{
"name": "CVE-2024-50299",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50299"
},
{
"name": "CVE-2024-50301",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50301"
},
{
"name": "CVE-2024-50302",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50302"
},
{
"name": "CVE-2024-53042",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53042"
},
{
"name": "CVE-2024-53052",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53052"
},
{
"name": "CVE-2024-53055",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53055"
},
{
"name": "CVE-2024-53058",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53058"
},
{
"name": "CVE-2024-53059",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53059"
},
{
"name": "CVE-2024-53061",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53061"
},
{
"name": "CVE-2024-53063",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53063"
},
{
"name": "CVE-2024-53066",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53066"
},
{
"name": "CVE-2024-53088",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53088"
},
{
"name": "CVE-2024-49925",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49925"
},
{
"name": "CVE-2024-49945",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49945"
},
{
"name": "CVE-2024-50208",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50208"
},
{
"name": "CVE-2024-50082",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50082"
},
{
"name": "CVE-2024-50099",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50099"
},
{
"name": "CVE-2024-50110",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50110"
},
{
"name": "CVE-2024-50142",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50142"
},
{
"name": "CVE-2024-50192",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50192"
},
{
"name": "CVE-2024-47679",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47679"
},
{
"name": "CVE-2024-47690",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47690"
},
{
"name": "CVE-2024-47701",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47701"
},
{
"name": "CVE-2024-47734",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47734"
},
{
"name": "CVE-2024-47740",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47740"
},
{
"name": "CVE-2024-49856",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49856"
},
{
"name": "CVE-2024-49868",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49868"
},
{
"name": "CVE-2024-49884",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49884"
},
{
"name": "CVE-2024-49889",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49889"
},
{
"name": "CVE-2024-49905",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49905"
},
{
"name": "CVE-2024-49915",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49915"
},
{
"name": "CVE-2024-49924",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49924"
},
{
"name": "CVE-2024-49927",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49927"
},
{
"name": "CVE-2024-49944",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49944"
},
{
"name": "CVE-2024-49948",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49948"
},
{
"name": "CVE-2024-49952",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49952"
},
{
"name": "CVE-2024-49977",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49977"
},
{
"name": "CVE-2024-49983",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49983"
},
{
"name": "CVE-2024-49997",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49997"
},
{
"name": "CVE-2024-50039",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50039"
},
{
"name": "CVE-2024-50096",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50096"
},
{
"name": "CVE-2024-50179",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50179"
},
{
"name": "CVE-2024-50180",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50180"
},
{
"name": "CVE-2024-50184",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50184"
},
{
"name": "CVE-2024-47703",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47703"
},
{
"name": "CVE-2024-49934",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49934"
},
{
"name": "CVE-2024-49976",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49976"
},
{
"name": "CVE-2024-49987",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49987"
},
{
"name": "CVE-2024-49989",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49989"
},
{
"name": "CVE-2024-50101",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50101"
},
{
"name": "CVE-2024-50103",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50103"
},
{
"name": "CVE-2024-50115",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50115"
},
{
"name": "CVE-2024-50116",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50116"
},
{
"name": "CVE-2024-50117",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50117"
},
{
"name": "CVE-2024-50127",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50127"
},
{
"name": "CVE-2024-50128",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50128"
},
{
"name": "CVE-2024-50131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50131"
},
{
"name": "CVE-2024-50134",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50134"
},
{
"name": "CVE-2024-50141",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50141"
},
{
"name": "CVE-2024-50148",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50148"
},
{
"name": "CVE-2024-50150",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50150"
},
{
"name": "CVE-2024-50153",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50153"
},
{
"name": "CVE-2024-50154",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50154"
},
{
"name": "CVE-2024-50156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50156"
},
{
"name": "CVE-2024-50160",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50160"
},
{
"name": "CVE-2024-50167",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50167"
},
{
"name": "CVE-2024-50171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50171"
},
{
"name": "CVE-2024-50175",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50175"
},
{
"name": "CVE-2024-50176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50176"
},
{
"name": "CVE-2024-50182",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50182"
},
{
"name": "CVE-2024-50194",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50194"
},
{
"name": "CVE-2024-50195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50195"
},
{
"name": "CVE-2024-50196",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50196"
},
{
"name": "CVE-2024-50198",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50198"
},
{
"name": "CVE-2024-50201",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50201"
},
{
"name": "CVE-2024-50205",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50205"
},
{
"name": "CVE-2024-50209",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50209"
},
{
"name": "CVE-2024-50274",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50274"
},
{
"name": "CVE-2024-53101",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53101"
},
{
"name": "CVE-2024-53104",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53104"
},
{
"name": "CVE-2024-47678",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47678"
},
{
"name": "CVE-2024-49859",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49859"
},
{
"name": "CVE-2024-49978",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49978"
},
{
"name": "CVE-2024-49992",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49992"
},
{
"name": "CVE-2024-50010",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50010"
},
{
"name": "CVE-2024-50083",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50083"
},
{
"name": "CVE-2024-50085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50085"
},
{
"name": "CVE-2024-50086",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50086"
},
{
"name": "CVE-2024-50143",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50143"
},
{
"name": "CVE-2024-50151",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50151"
},
{
"name": "CVE-2024-50162",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50162"
},
{
"name": "CVE-2024-50163",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50163"
},
{
"name": "CVE-2024-50168",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50168"
},
{
"name": "CVE-2024-50185",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50185"
},
{
"name": "CVE-2024-50193",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50193"
},
{
"name": "CVE-2024-50199",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50199"
},
{
"name": "CVE-2024-50202",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50202"
},
{
"name": "CVE-2024-53097",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53097"
},
{
"name": "CVE-2024-53103",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53103"
},
{
"name": "CVE-2024-53144",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53144"
},
{
"name": "CVE-2024-50016",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50016"
},
{
"name": "CVE-2024-53064",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53064"
},
{
"name": "CVE-2024-53141",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53141"
},
{
"name": "CVE-2024-49951",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49951"
},
{
"name": "CVE-2024-49998",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49998"
},
{
"name": "CVE-2024-53164",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53164"
},
{
"name": "CVE-2024-49994",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49994"
},
{
"name": "CVE-2024-47677",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47677"
},
{
"name": "CVE-2024-47689",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47689"
},
{
"name": "CVE-2024-47691",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47691"
},
{
"name": "CVE-2024-47700",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47700"
},
{
"name": "CVE-2024-47716",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47716"
},
{
"name": "CVE-2024-47733",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47733"
},
{
"name": "CVE-2024-49876",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49876"
},
{
"name": "CVE-2024-49880",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49880"
},
{
"name": "CVE-2024-49885",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49885"
},
{
"name": "CVE-2024-49926",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49926"
},
{
"name": "CVE-2024-49942",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49942"
},
{
"name": "CVE-2024-49980",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49980"
},
{
"name": "CVE-2024-49988",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49988"
},
{
"name": "CVE-2024-49999",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49999"
},
{
"name": "CVE-2024-50005",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50005"
},
{
"name": "CVE-2025-0927",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0927"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0168",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-02-28T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux d\u0027Ubuntu. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux d\u0027Ubuntu",
"vendor_advisories": [
{
"published_at": "2025-02-25",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7293-1",
"url": "https://ubuntu.com/security/notices/USN-7293-1"
},
{
"published_at": "2025-02-25",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7291-1",
"url": "https://ubuntu.com/security/notices/USN-7291-1"
},
{
"published_at": "2025-02-25",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7289-3",
"url": "https://ubuntu.com/security/notices/USN-7289-3"
},
{
"published_at": "2025-02-25",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7300-1",
"url": "https://ubuntu.com/security/notices/USN-7300-1"
},
{
"published_at": "2025-02-24",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7262-2",
"url": "https://ubuntu.com/security/notices/USN-7262-2"
},
{
"published_at": "2025-02-26",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7305-1",
"url": "https://ubuntu.com/security/notices/USN-7305-1"
},
{
"published_at": "2025-02-25",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7298-1",
"url": "https://ubuntu.com/security/notices/USN-7298-1"
},
{
"published_at": "2025-02-27",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7294-2",
"url": "https://ubuntu.com/security/notices/USN-7294-2"
},
{
"published_at": "2025-02-27",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7308-1",
"url": "https://ubuntu.com/security/notices/USN-7308-1"
},
{
"published_at": "2025-02-25",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7295-1",
"url": "https://ubuntu.com/security/notices/USN-7295-1"
},
{
"published_at": "2025-02-25",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7294-1",
"url": "https://ubuntu.com/security/notices/USN-7294-1"
},
{
"published_at": "2025-02-26",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7304-1",
"url": "https://ubuntu.com/security/notices/USN-7304-1"
},
{
"published_at": "2025-02-25",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7289-2",
"url": "https://ubuntu.com/security/notices/USN-7289-2"
},
{
"published_at": "2025-02-24",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7288-1",
"url": "https://ubuntu.com/security/notices/USN-7288-1"
},
{
"published_at": "2025-02-25",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7288-2",
"url": "https://ubuntu.com/security/notices/USN-7288-2"
},
{
"published_at": "2025-02-25",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7296-1",
"url": "https://ubuntu.com/security/notices/USN-7296-1"
},
{
"published_at": "2025-02-26",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7303-1",
"url": "https://ubuntu.com/security/notices/USN-7303-1"
},
{
"published_at": "2025-02-25",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7301-1",
"url": "https://ubuntu.com/security/notices/USN-7301-1"
},
{
"published_at": "2025-02-25",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7234-5",
"url": "https://ubuntu.com/security/notices/USN-7234-5"
},
{
"published_at": "2025-02-27",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7289-4",
"url": "https://ubuntu.com/security/notices/USN-7289-4"
},
{
"published_at": "2025-02-24",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7289-1",
"url": "https://ubuntu.com/security/notices/USN-7289-1"
}
]
}
CERTFR-2025-AVI-0677
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Siemens. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Siemens | N/A | SIMATIC PCS neo V6.0 versions antérieures à V6.0 SP1 | ||
| Siemens | N/A | SIMATIC WinCC V17, v18 et V20 toutes versions pour les vulnérabilités CVE-2024-54678 et CVE-2025-40759 | ||
| Siemens | N/A | SIMATIC Control Function Library (CFL) toutes versions pour la vulnérabilité CVE-2025-30033 | ||
| Siemens | N/A | SIPROTEC 5 versions antérieures à 10.0 | ||
| Siemens | N/A | SIMATIC MTP Integrator toutes versions pour la vulnérabilité CVE-2025-30033 | ||
| Siemens | N/A | SIMATIC ProSave V17 toutes versions pour la vulnérabilité CVE-2025-30033 | ||
| Siemens | N/A | SIMATIC WinCC Unified Line Coordination toutes versions pour la vulnérabilité CVE-2025-30033 | ||
| Siemens | N/A | SIMATIC WinCC TeleControl toutes versions pour la vulnérabilité CVE-2025-30033 | ||
| Siemens | N/A | SIMATIC WinCC OA V3.19 versions antérieures à V3.19 P020 | ||
| Siemens | N/A | SIMATIC WinCC flexible ES toutes versions pour la vulnérabilité CVE-2025-30033 | ||
| Siemens | N/A | SIMATIC S7-PLCSIM V17 toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2024-54678. | ||
| Siemens | N/A | SIMATIC S7-Fail-safe Configuration Tool (S7-FCT) versions antérieures à 4.0.1 | ||
| Siemens | N/A | SIMATIC PCS neo V6.0 toutes versions pour la vulnérabilité CVE-2024-54678 | ||
| Siemens | N/A | SIMATIC eaSie Core Package (6DL5424-0AX00-0AV8) toutes versions pour la vulnérabilité CVE-2025-30033 | ||
| Siemens | N/A | SIMATIC MTP CREATOR V2.x et V3.x toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2025-30033. | ||
| Siemens | N/A | SIMATIC WinCC OA V3.18 versions antérieures à V3.18 P032 | ||
| Siemens | N/A | TIA Portal Cloud V19 versions antérieures à 5.2.1.1 | ||
| Siemens | N/A | SIMATIC D7-SYS toutes versions pour la vulnérabilité CVE-2025-30033 | ||
| Siemens | N/A | SIMATIC BATCH V10.0 toutes versions pour la vulnérabilité CVE-2025-30033 | ||
| Siemens | N/A | SIMATIC ODK 1500S toutes versions pour la vulnérabilité CVE-2025-30033 | ||
| Siemens | N/A | SIMATIC Process Historian 2020 toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour les vulnérabilités CVE-2025-30033 et CVE-2025-47809 | ||
| Siemens | N/A | SIMATIC S7-1500 Software Controller V2 toutes versions pour la vulnérabilité CVE-2025-30033 | ||
| Siemens | N/A | TIA Portal Cloud Connector toutes versions pour la vulnérabilité CVE-2025-30033 | ||
| Siemens | N/A | SIMATIC WinCC Unified Sequence toutes versions pour la vulnérabilité CVE-2025-30033 | ||
| Siemens | N/A | SIMATIC S7-PLCSIM V17 toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2025-40759. | ||
| Siemens | N/A | SIMATIC WinCC Runtime Advanced toutes versions pour la vulnérabilité CVE-2025-30033 | ||
| Siemens | N/A | SIMATIC Logon V2.0 toutes versions pour la vulnérabilité CVE-2025-30033 | ||
| Siemens | N/A | SIMATIC ProSave V19 versions antérieures à V19 Update 4 | ||
| Siemens | N/A | SIMATIC PDM Maintenance Station V5.0 toutes versions pour les vulnérabilités CVE-2025-30033 et CVE-2025-47809 | ||
| Siemens | N/A | SIMATIC Safety Matrix toutes versions pour la vulnérabilité CVE-2025-30033 | ||
| Siemens | N/A | SIMATIC Management Console toutes versions pour la vulnérabilité CVE-2025-30033 | ||
| Siemens | N/A | SCALANCE XCM-/XRM-/XCH-/XRH-300 family versions antérieures à 3.2 | ||
| Siemens | N/A | SIMATIC BATCH V9.1 toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2025-30033. | ||
| Siemens | N/A | SIMATIC Process Function Library (PFL) V4.0 toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2025-30033. | ||
| Siemens | N/A | SIMATIC S7-1500 Software Controller V3 toutes versions pour la vulnérabilité CVE-2025-30033 | ||
| Siemens | N/A | SIMATIC STEP 7 CFC V20 toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2025-30033. | ||
| Siemens | N/A | SIMATIC NET PC Software toutes versions pour la vulnérabilité CVE-2025-30033 | ||
| Siemens | N/A | SIMATIC Route Control V9.1 toutes versions pour la vulnérabilité CVE-2025-30033 | ||
| Siemens | N/A | SIMATIC Process Historian 2022 toutes versions pour la vulnérabilité CVE-2025-30033 | ||
| Siemens | N/A | SIMATIC WinCC OA V3.20 versions antérieures à V3.20 P008 | ||
| Siemens | N/A | SIMATIC RTLS Locating Manager versions antérieures à 3.3 | ||
| Siemens | N/A | Siprotec 4 7SA6, 7SD5 et 7SD610 versions antérieures à 4.78 | ||
| Siemens | N/A | SIMATIC Automation Tool toutes versions pour la vulnérabilité CVE-2025-30033 | ||
| Siemens | N/A | TIA Portal Cloud V18 toutes versions pour les vulnérabilités CVE-2024-54678 et CVE-2025-40759 | ||
| Siemens | N/A | SIMATIC PDM V9.2 et V9.3 toutes versions pour la vulnérabilité CVE-2025-30033 | ||
| Siemens | N/A | SIMATIC WinCC Runtime Professional toutes versions pour la vulnérabilité CVE-2025-30033 | ||
| Siemens | N/A | SIMATIC WinCC Visualization Architect (SiVArc) toutes versions pour la vulnérabilité CVE-2025-30033 | ||
| Siemens | N/A | SIMATIC eaSie Workflow Skills toutes versions pour la vulnérabilité CVE-2025-30033 | ||
| Siemens | N/A | SIMATIC STEP 7 CFC V19 toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2025-30033. | ||
| Siemens | N/A | SIMATIC WinCC V19 versions antérieures à V19 Update 4 | ||
| Siemens | N/A | SIMATIC Management Agent toutes versions pour la vulnérabilité CVE-2025-30033 | ||
| Siemens | N/A | SIMATIC WinCC V7.5 et V8.0 toutes versions pour la vulnérabilité CVE-2025-30033 | ||
| Siemens | N/A | SIMATIC STEP 7 V5.7 toutes versions pour la vulnérabilité CVE-2025-30033 | ||
| Siemens | N/A | SIMATIC Automation Tool SDK Windows toutes versions pour la vulnérabilité CVE-2025-30033 | ||
| Siemens | N/A | SIMATIC Process Historian 2022 toutes versions pour la vulnérabilité CVE-2025-47809 | ||
| Siemens | N/A | SIMATIC S7-PLCSIM V20 versions antérieures à V20 Update 1 | ||
| Siemens | N/A | TIA Portal Cloud V17 toutes versions pour les vulnérabilités CVE-2024-54678 et CVE-2025-40759 | ||
| Siemens | N/A | SIMATIC Energy Suite toutes versions pour la vulnérabilité CVE-2025-30033 | ||
| Siemens | N/A | SIMATIC PCS 7 toutes versions pour la vulnérabilité CVE-2025-30033 | ||
| Siemens | N/A | SIMATIC Process Historian 2024 toutes versions pour la vulnérabilité CVE-2025-30033 | ||
| Siemens | N/A | SIMATIC STEP 7 V19 versions antérieures à V19 Update 4 | ||
| Siemens | N/A | TIA Portal Test Suite V17, v18, v19 et v20 toutes versions pour la vulnérabilité CVE-2025-30033 | ||
| Siemens | N/A | SIMATIC S7-PCT toutes versions pour la vulnérabilité CVE-2025-30033 | ||
| Siemens | N/A | SIMATIC Target toutes versions pour la vulnérabilité CVE-2025-30033 | ||
| Siemens | N/A | SIMATIC ProSave V18 toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2025-30033. | ||
| Siemens | N/A | SIMATIC Logon V1.6 toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2025-30033. | ||
| Siemens | N/A | SIMATIC STEP 7 V17 et V18 toutes versions pour les vulnérabilités CVE-2024-54678 et CVE-2025-40759 | ||
| Siemens | N/A | SIMATIC RTLS Locating Manager versions antérieures à 3.2 | ||
| Siemens | N/A | SIMATIC S7-PLCSIM Advanced versions antérieures à V7.0 Update 1 | ||
| Siemens | N/A | SIMATIC PCS neo V5.0 toutes versions pour la vulnérabilité CVE-2024-54678 | ||
| Siemens | N/A | SIMATIC STEP 7 V20 toutes versions pour les vulnérabilités CVE-2024-54678 et CVE-2025-40759 | ||
| Siemens | N/A | TIA Portal Cloud V20 toutes versions pour les vulnérabilités CVE-2024-54678 et CVE-2025-40759 | ||
| Siemens | N/A | Siprotec 4 toutes versions et tous modèles exceptés 7SA6, 7SD5, 7SD610 pour la vulnérabilité CVE-2024-52504. | ||
| Siemens | N/A | SIMATIC eaSie PCS 7 Skill Package (6DL5424-0BX00-0AV8) toutes versions pour la vulnérabilité CVE-2025-30033 | ||
| Siemens | N/A | SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 versions antérieures à 3.2 | ||
| Siemens | N/A | SIMATIC S7-PLCSIM V17, V18 et V19 toutes versions pour la vulnérabilité CVE-2025-30033 | ||
| Siemens | N/A | SIMATIC WinCC Unified PC Runtime V18, V19 et V20 toutes versions pour la vulnérabilité CVE-2025-30033 | ||
| Siemens | N/A | SIMATIC PCS 7 Advanced Process Faceplates V9.1 toutes versions pour la vulnérabilité CVE-2025-30033 | ||
| Siemens | N/A | SIMATIC S7 F Systems V6.4 toutes versions pour la vulnérabilité CVE-2025-30033 | ||
| Siemens | N/A | SIMATIC Information Server toutes versions pour la vulnérabilité CVE-2025-47809 | ||
| Siemens | N/A | SIMATIC S7 F Systems V6.3 toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2025-30033. | ||
| Siemens | N/A | SIMATIC ProSave V20 toutes versions pour la vulnérabilité CVE-2025-30033 | ||
| Siemens | N/A | SIMATIC PCS 7 Logic Matrix V9.1 toutes versions pour la vulnérabilité CVE-2025-30033 | ||
| Siemens | N/A | WinCC Panel Image Setup toutes versions pour la vulnérabilité CVE-2025-30033 | ||
| Siemens | N/A | SIMATIC PCS neo V4.1 et V5.0 toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2024-54678. | ||
| Siemens | N/A | SIMATIC Route Control V10.0 toutes versions pour la vulnérabilité CVE-2025-30033 | ||
| Siemens | N/A | SIMATIC WinCC V8.1 versions antérieures à V8.1 Update 3 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SIMATIC PCS neo V6.0 versions ant\u00e9rieures \u00e0 V6.0 SP1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC V17, v18 et V20 toutes versions pour les vuln\u00e9rabilit\u00e9s CVE-2024-54678 et CVE-2025-40759",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC Control Function Library (CFL) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-30033",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 5 versions ant\u00e9rieures \u00e0 10.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC MTP Integrator toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-30033",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ProSave V17 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-30033",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC Unified Line Coordination toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-30033",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC TeleControl toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-30033",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC OA V3.19 versions ant\u00e9rieures \u00e0 V3.19 P020",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC flexible ES toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-30033",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-PLCSIM V17 toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2024-54678.",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-Fail-safe Configuration Tool (S7-FCT) versions ant\u00e9rieures \u00e0 4.0.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC PCS neo V6.0 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-54678",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC eaSie Core Package (6DL5424-0AX00-0AV8) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-30033",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC MTP CREATOR V2.x et V3.x toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2025-30033.",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC OA V3.18 versions ant\u00e9rieures \u00e0 V3.18 P032",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "TIA Portal Cloud V19 versions ant\u00e9rieures \u00e0 5.2.1.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC D7-SYS toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-30033",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC BATCH V10.0 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-30033",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ODK 1500S toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-30033",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC Process Historian 2020 toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour les vuln\u00e9rabilit\u00e9s CVE-2025-30033 et CVE-2025-47809",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 Software Controller V2 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-30033",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "TIA Portal Cloud Connector toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-30033",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC Unified Sequence toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-30033",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-PLCSIM V17 toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2025-40759.",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC Runtime Advanced toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-30033",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC Logon V2.0 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-30033",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ProSave V19 versions ant\u00e9rieures \u00e0 V19 Update 4",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC PDM Maintenance Station V5.0 toutes versions pour les vuln\u00e9rabilit\u00e9s CVE-2025-30033 et CVE-2025-47809",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC Safety Matrix toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-30033",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC Management Console toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-30033",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XCM-/XRM-/XCH-/XRH-300 family versions ant\u00e9rieures \u00e0 3.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC BATCH V9.1 toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2025-30033.",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC Process Function Library (PFL) V4.0 toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2025-30033.",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 Software Controller V3 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-30033",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC STEP 7 CFC V20 toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2025-30033.",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC NET PC Software toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-30033",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC Route Control V9.1 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-30033",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC Process Historian 2022 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-30033",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC OA V3.20 versions ant\u00e9rieures \u00e0 V3.20 P008",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC RTLS Locating Manager versions ant\u00e9rieures \u00e0 3.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Siprotec 4 7SA6, 7SD5 et 7SD610 versions ant\u00e9rieures \u00e0 4.78",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC Automation Tool toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-30033",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "TIA Portal Cloud V18 toutes versions pour les vuln\u00e9rabilit\u00e9s CVE-2024-54678 et CVE-2025-40759",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC PDM V9.2 et V9.3 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-30033",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC Runtime Professional toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-30033",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC Visualization Architect (SiVArc) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-30033",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC eaSie Workflow Skills toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-30033",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC STEP 7 CFC V19 toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2025-30033.",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC V19 versions ant\u00e9rieures \u00e0 V19 Update 4",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC Management Agent toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-30033",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC V7.5 et V8.0 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-30033",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC STEP 7 V5.7 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-30033",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC Automation Tool SDK Windows toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-30033",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC Process Historian 2022 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-47809",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-PLCSIM V20 versions ant\u00e9rieures \u00e0 V20 Update 1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "TIA Portal Cloud V17 toutes versions pour les vuln\u00e9rabilit\u00e9s CVE-2024-54678 et CVE-2025-40759",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC Energy Suite toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-30033",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC PCS 7 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-30033",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC Process Historian 2024 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-30033",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC STEP 7 V19 versions ant\u00e9rieures \u00e0 V19 Update 4",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "TIA Portal Test Suite V17, v18, v19 et v20 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-30033",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-PCT toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-30033",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC Target toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-30033",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ProSave V18 toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2025-30033.",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC Logon V1.6 toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2025-30033.",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC STEP 7 V17 et V18 toutes versions pour les vuln\u00e9rabilit\u00e9s CVE-2024-54678 et CVE-2025-40759",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC RTLS Locating Manager versions ant\u00e9rieures \u00e0 3.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-PLCSIM Advanced versions ant\u00e9rieures \u00e0 V7.0 Update 1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC PCS neo V5.0 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-54678",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC STEP 7 V20 toutes versions pour les vuln\u00e9rabilit\u00e9s CVE-2024-54678 et CVE-2025-40759",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "TIA Portal Cloud V20 toutes versions pour les vuln\u00e9rabilit\u00e9s CVE-2024-54678 et CVE-2025-40759",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Siprotec 4 toutes versions et tous mod\u00e8les except\u00e9s 7SA6, 7SD5, 7SD610 pour la vuln\u00e9rabilit\u00e9 CVE-2024-52504. ",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC eaSie PCS 7 Skill Package (6DL5424-0BX00-0AV8) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-30033",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 versions ant\u00e9rieures \u00e0 3.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-PLCSIM V17, V18 et V19 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-30033",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC Unified PC Runtime V18, V19 et V20 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-30033",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC PCS 7 Advanced Process Faceplates V9.1 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-30033",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7 F Systems V6.4 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-30033",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC Information Server toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-47809",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7 F Systems V6.3 toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2025-30033.",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ProSave V20 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-30033",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC PCS 7 Logic Matrix V9.1 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-30033",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "WinCC Panel Image Setup toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-30033",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC PCS neo V4.1 et V5.0 toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2024-54678.",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC Route Control V10.0 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-30033",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC V8.1 versions ant\u00e9rieures \u00e0 V8.1 Update 3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2023-35827",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35827"
},
{
"name": "CVE-2024-40931",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40931"
},
{
"name": "CVE-2024-56596",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56596"
},
{
"name": "CVE-2024-43907",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43907"
},
{
"name": "CVE-2024-56645",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56645"
},
{
"name": "CVE-2024-56659",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56659"
},
{
"name": "CVE-2024-46755",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46755"
},
{
"name": "CVE-2024-47748",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47748"
},
{
"name": "CVE-2024-26825",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26825"
},
{
"name": "CVE-2024-49863",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49863"
},
{
"name": "CVE-2024-41022",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41022"
},
{
"name": "CVE-2024-49907",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49907"
},
{
"name": "CVE-2024-53061",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53061"
},
{
"name": "CVE-2024-53052",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53052"
},
{
"name": "CVE-2023-52477",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52477"
},
{
"name": "CVE-2024-53097",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53097"
},
{
"name": "CVE-2024-46713",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46713"
},
{
"name": "CVE-2023-52622",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52622"
},
{
"name": "CVE-2024-9681",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9681"
},
{
"name": "CVE-2024-46844",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46844"
},
{
"name": "CVE-2024-43914",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43914"
},
{
"name": "CVE-2024-26696",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26696"
},
{
"name": "CVE-2024-56670",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56670"
},
{
"name": "CVE-2024-41009",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41009"
},
{
"name": "CVE-2024-47697",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47697"
},
{
"name": "CVE-2024-46815",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46815"
},
{
"name": "CVE-2024-39503",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39503"
},
{
"name": "CVE-2025-40759",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40759"
},
{
"name": "CVE-2022-48666",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48666"
},
{
"name": "CVE-2024-49890",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49890"
},
{
"name": "CVE-2024-50262",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50262"
},
{
"name": "CVE-2024-40988",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40988"
},
{
"name": "CVE-2024-50268",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50268"
},
{
"name": "CVE-2024-49903",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49903"
},
{
"name": "CVE-2024-49969",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49969"
},
{
"name": "CVE-2023-52804",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52804"
},
{
"name": "CVE-2024-41004",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41004"
},
{
"name": "CVE-2024-46676",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46676"
},
{
"name": "CVE-2024-41070",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41070"
},
{
"name": "CVE-2024-46740",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46740"
},
{
"name": "CVE-2023-52845",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52845"
},
{
"name": "CVE-2021-44879",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44879"
},
{
"name": "CVE-2024-46798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46798"
},
{
"name": "CVE-2024-50195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50195"
},
{
"name": "CVE-2024-53172",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53172"
},
{
"name": "CVE-2024-46707",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46707"
},
{
"name": "CVE-2024-49967",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49967"
},
{
"name": "CVE-2024-41000",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41000"
},
{
"name": "CVE-2024-36974",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36974"
},
{
"name": "CVE-2023-52818",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52818"
},
{
"name": "CVE-2024-56606",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56606"
},
{
"name": "CVE-2023-52637",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52637"
},
{
"name": "CVE-2024-46747",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46747"
},
{
"name": "CVE-2024-49858",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49858"
},
{
"name": "CVE-2023-52873",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52873"
},
{
"name": "CVE-2024-49948",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49948"
},
{
"name": "CVE-2024-56594",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56594"
},
{
"name": "CVE-2024-26754",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26754"
},
{
"name": "CVE-2023-52858",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52858"
},
{
"name": "CVE-2024-46738",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46738"
},
{
"name": "CVE-2023-45863",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45863"
},
{
"name": "CVE-2024-56756",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56756"
},
{
"name": "CVE-2024-52332",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52332"
},
{
"name": "CVE-2024-46679",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46679"
},
{
"name": "CVE-2024-56724",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56724"
},
{
"name": "CVE-2024-53194",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53194"
},
{
"name": "CVE-2024-49878",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49878"
},
{
"name": "CVE-2023-51782",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51782"
},
{
"name": "CVE-2024-46673",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46673"
},
{
"name": "CVE-2024-41034",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41034"
},
{
"name": "CVE-2024-56723",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56723"
},
{
"name": "CVE-2024-53226",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53226"
},
{
"name": "CVE-2024-49884",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49884"
},
{
"name": "CVE-2024-46724",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46724"
},
{
"name": "CVE-2024-56569",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56569"
},
{
"name": "CVE-2024-50074",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50074"
},
{
"name": "CVE-2024-26790",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26790"
},
{
"name": "CVE-2024-46791",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46791"
},
{
"name": "CVE-2024-50024",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50024"
},
{
"name": "CVE-2024-47684",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47684"
},
{
"name": "CVE-2024-49965",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49965"
},
{
"name": "CVE-2024-44969",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44969"
},
{
"name": "CVE-2024-56634",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56634"
},
{
"name": "CVE-2024-43098",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43098"
},
{
"name": "CVE-2024-42236",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42236"
},
{
"name": "CVE-2024-56548",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56548"
},
{
"name": "CVE-2024-39469",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39469"
},
{
"name": "CVE-2024-39509",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39509"
},
{
"name": "CVE-2024-50202",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50202"
},
{
"name": "CVE-2023-5178",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5178"
},
{
"name": "CVE-2024-26845",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26845"
},
{
"name": "CVE-2024-26704",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26704"
},
{
"name": "CVE-2024-26671",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26671"
},
{
"name": "CVE-2024-46800",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46800"
},
{
"name": "CVE-2023-52810",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52810"
},
{
"name": "CVE-2024-46750",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46750"
},
{
"name": "CVE-2024-39484",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39484"
},
{
"name": "CVE-2024-53181",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53181"
},
{
"name": "CVE-2024-46722",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46722"
},
{
"name": "CVE-2024-26600",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26600"
},
{
"name": "CVE-2024-47701",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47701"
},
{
"name": "CVE-2024-40971",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40971"
},
{
"name": "CVE-2023-52847",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52847"
},
{
"name": "CVE-2024-39505",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39505"
},
{
"name": "CVE-2023-52864",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52864"
},
{
"name": "CVE-2024-0646",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0646"
},
{
"name": "CVE-2024-50302",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50302"
},
{
"name": "CVE-2024-47713",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47713"
},
{
"name": "CVE-2024-49936",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49936"
},
{
"name": "CVE-2024-50267",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50267"
},
{
"name": "CVE-2024-56637",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56637"
},
{
"name": "CVE-2024-47663",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47663"
},
{
"name": "CVE-2024-40932",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40932"
},
{
"name": "CVE-2024-49881",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49881"
},
{
"name": "CVE-2023-52478",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52478"
},
{
"name": "CVE-2024-41006",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41006"
},
{
"name": "CVE-2023-46343",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46343"
},
{
"name": "CVE-2024-46745",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46745"
},
{
"name": "CVE-2024-46819",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46819"
},
{
"name": "CVE-2024-49896",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49896"
},
{
"name": "CVE-2024-40904",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40904"
},
{
"name": "CVE-2024-42084",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42084"
},
{
"name": "CVE-2024-49959",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49959"
},
{
"name": "CVE-2024-49913",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49913"
},
{
"name": "CVE-2024-56691",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56691"
},
{
"name": "CVE-2024-46721",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46721"
},
{
"name": "CVE-2024-50045",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50045"
},
{
"name": "CVE-2024-26805",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26805"
},
{
"name": "CVE-2024-42153",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42153"
},
{
"name": "CVE-2024-46822",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46822"
},
{
"name": "CVE-2024-40960",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40960"
},
{
"name": "CVE-2024-49995",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49995"
},
{
"name": "CVE-2024-56643",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56643"
},
{
"name": "CVE-2025-40570",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40570"
},
{
"name": "CVE-2024-56661",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56661"
},
{
"name": "CVE-2024-49977",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49977"
},
{
"name": "CVE-2024-42154",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42154"
},
{
"name": "CVE-2024-49900",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49900"
},
{
"name": "CVE-2024-46685",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46685"
},
{
"name": "CVE-2024-47679",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47679"
},
{
"name": "CVE-2024-36484",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36484"
},
{
"name": "CVE-2024-43889",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43889"
},
{
"name": "CVE-2024-44998",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44998"
},
{
"name": "CVE-2024-46723",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46723"
},
{
"name": "CVE-2024-42229",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42229"
},
{
"name": "CVE-2024-26839",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26839"
},
{
"name": "CVE-2024-46828",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46828"
},
{
"name": "CVE-2024-50269",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50269"
},
{
"name": "CVE-2024-53150",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53150"
},
{
"name": "CVE-2024-47735",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47735"
},
{
"name": "CVE-2024-49952",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49952"
},
{
"name": "CVE-2024-49981",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49981"
},
{
"name": "CVE-2024-56595",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56595"
},
{
"name": "CVE-2024-42086",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42086"
},
{
"name": "CVE-2024-26581",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26581"
},
{
"name": "CVE-2022-48935",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48935"
},
{
"name": "CVE-2023-52433",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52433"
},
{
"name": "CVE-2024-41007",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41007"
},
{
"name": "CVE-2024-41095",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41095"
},
{
"name": "CVE-2024-56601",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56601"
},
{
"name": "CVE-2023-52600",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52600"
},
{
"name": "CVE-2024-53057",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53057"
},
{
"name": "CVE-2024-26910",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26910"
},
{
"name": "CVE-2024-50181",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50181"
},
{
"name": "CVE-2023-52507",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52507"
},
{
"name": "CVE-2024-56571",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56571"
},
{
"name": "CVE-2023-52764",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52764"
},
{
"name": "CVE-2023-52587",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52587"
},
{
"name": "CVE-2023-52887",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52887"
},
{
"name": "CVE-2024-46675",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46675"
},
{
"name": "CVE-2024-26645",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26645"
},
{
"name": "CVE-2024-26702",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26702"
},
{
"name": "CVE-2024-46783",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46783"
},
{
"name": "CVE-2023-51779",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51779"
},
{
"name": "CVE-2024-42076",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42076"
},
{
"name": "CVE-2024-26673",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26673"
},
{
"name": "CVE-2024-49997",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49997"
},
{
"name": "CVE-2024-42092",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42092"
},
{
"name": "CVE-2024-26720",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26720"
},
{
"name": "CVE-2024-0584",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0584"
},
{
"name": "CVE-2024-42093",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42093"
},
{
"name": "CVE-2024-42247",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42247"
},
{
"name": "CVE-2024-43871",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43871"
},
{
"name": "CVE-2024-53066",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53066"
},
{
"name": "CVE-2023-52784",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52784"
},
{
"name": "CVE-2024-43880",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43880"
},
{
"name": "CVE-2024-27413",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27413"
},
{
"name": "CVE-2024-56629",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56629"
},
{
"name": "CVE-2024-50304",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50304"
},
{
"name": "CVE-2024-40959",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40959"
},
{
"name": "CVE-2024-26615",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26615"
},
{
"name": "CVE-2023-52853",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52853"
},
{
"name": "CVE-2024-46689",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46689"
},
{
"name": "CVE-2024-50295",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50295"
},
{
"name": "CVE-2024-26801",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26801"
},
{
"name": "CVE-2024-50051",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50051"
},
{
"name": "CVE-2024-41078",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41078"
},
{
"name": "CVE-2024-53063",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53063"
},
{
"name": "CVE-2024-53171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53171"
},
{
"name": "CVE-2024-56602",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56602"
},
{
"name": "CVE-2024-46781",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46781"
},
{
"name": "CVE-2024-56770",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56770"
},
{
"name": "CVE-2024-53157",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53157"
},
{
"name": "CVE-2025-30034",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30034"
},
{
"name": "CVE-2024-46777",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46777"
},
{
"name": "CVE-2023-52340",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52340"
},
{
"name": "CVE-2024-50199",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50199"
},
{
"name": "CVE-2024-26779",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26779"
},
{
"name": "CVE-2024-40916",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40916"
},
{
"name": "CVE-2024-0193",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0193"
},
{
"name": "CVE-2023-52604",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52604"
},
{
"name": "CVE-2024-50040",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50040"
},
{
"name": "CVE-2024-38586",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38586"
},
{
"name": "CVE-2024-56739",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56739"
},
{
"name": "CVE-2024-50292",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50292"
},
{
"name": "CVE-2024-53103",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53103"
},
{
"name": "CVE-2024-46714",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46714"
},
{
"name": "CVE-2024-40976",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40976"
},
{
"name": "CVE-2024-41081",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41081"
},
{
"name": "CVE-2025-40746",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40746"
},
{
"name": "CVE-2024-49983",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49983"
},
{
"name": "CVE-2023-52601",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52601"
},
{
"name": "CVE-2024-41072",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41072"
},
{
"name": "CVE-2024-44960",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44960"
},
{
"name": "CVE-2024-26773",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26773"
},
{
"name": "CVE-2024-26722",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26722"
},
{
"name": "CVE-2024-54678",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54678"
},
{
"name": "CVE-2024-26598",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26598"
},
{
"name": "CVE-2024-53197",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53197"
},
{
"name": "CVE-2024-26679",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26679"
},
{
"name": "CVE-2024-39468",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39468"
},
{
"name": "CVE-2024-26763",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26763"
},
{
"name": "CVE-2024-49889",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49889"
},
{
"name": "CVE-2023-52435",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52435"
},
{
"name": "CVE-2024-40980",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40980"
},
{
"name": "CVE-2023-52654",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52654"
},
{
"name": "CVE-2024-36938",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36938"
},
{
"name": "CVE-2024-40974",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40974"
},
{
"name": "CVE-2023-52855",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52855"
},
{
"name": "CVE-2024-56779",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56779"
},
{
"name": "CVE-2024-26749",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26749"
},
{
"name": "CVE-2024-44971",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44971"
},
{
"name": "CVE-2023-52603",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52603"
},
{
"name": "CVE-2024-43894",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43894"
},
{
"name": "CVE-2023-52486",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52486"
},
{
"name": "CVE-2024-43867",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43867"
},
{
"name": "CVE-2023-52868",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52868"
},
{
"name": "CVE-2023-52619",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52619"
},
{
"name": "CVE-2023-52796",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52796"
},
{
"name": "CVE-2023-52475",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52475"
},
{
"name": "CVE-2024-50013",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50013"
},
{
"name": "CVE-2024-50185",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50185"
},
{
"name": "CVE-2024-53239",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53239"
},
{
"name": "CVE-2023-52617",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52617"
},
{
"name": "CVE-2024-49957",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49957"
},
{
"name": "CVE-2024-49962",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49962"
},
{
"name": "CVE-2024-46731",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46731"
},
{
"name": "CVE-2024-39502",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39502"
},
{
"name": "CVE-2024-46674",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46674"
},
{
"name": "CVE-2023-52836",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52836"
},
{
"name": "CVE-2024-26804",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26804"
},
{
"name": "CVE-2024-26593",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26593"
},
{
"name": "CVE-2024-26751",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26751"
},
{
"name": "CVE-2024-49958",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49958"
},
{
"name": "CVE-2024-50082",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50082"
},
{
"name": "CVE-2024-47723",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47723"
},
{
"name": "CVE-2024-49955",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49955"
},
{
"name": "CVE-2024-42087",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42087"
},
{
"name": "CVE-2024-44944",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44944"
},
{
"name": "CVE-2024-43893",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43893"
},
{
"name": "CVE-2024-50095",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50095"
},
{
"name": "CVE-2024-40983",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40983"
},
{
"name": "CVE-2024-50296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50296"
},
{
"name": "CVE-2024-57874",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57874"
},
{
"name": "CVE-2024-53145",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53145"
},
{
"name": "CVE-2024-50006",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50006"
},
{
"name": "CVE-2022-49034",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49034"
},
{
"name": "CVE-2024-50049",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50049"
},
{
"name": "CVE-2024-27412",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27412"
},
{
"name": "CVE-2024-26636",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26636"
},
{
"name": "CVE-2024-56642",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56642"
},
{
"name": "CVE-2024-50007",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50007"
},
{
"name": "CVE-2024-56586",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56586"
},
{
"name": "CVE-2023-39198",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39198"
},
{
"name": "CVE-2024-40963",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40963"
},
{
"name": "CVE-2025-40752",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40752"
},
{
"name": "CVE-2024-41041",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41041"
},
{
"name": "CVE-2024-50096",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50096"
},
{
"name": "CVE-2023-52789",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52789"
},
{
"name": "CVE-2024-49868",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49868"
},
{
"name": "CVE-2024-40947",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40947"
},
{
"name": "CVE-2024-53173",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53173"
},
{
"name": "CVE-2024-50237",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50237"
},
{
"name": "CVE-2023-52867",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52867"
},
{
"name": "CVE-2024-44995",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44995"
},
{
"name": "CVE-2024-46757",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46757"
},
{
"name": "CVE-2024-42232",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42232"
},
{
"name": "CVE-2024-47699",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47699"
},
{
"name": "CVE-2024-56581",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56581"
},
{
"name": "CVE-2024-46677",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46677"
},
{
"name": "CVE-2024-50059",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50059"
},
{
"name": "CVE-2024-50264",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50264"
},
{
"name": "CVE-2024-26606",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26606"
},
{
"name": "CVE-2024-35833",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35833"
},
{
"name": "CVE-2024-41005",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41005"
},
{
"name": "CVE-2024-43883",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43883"
},
{
"name": "CVE-2024-56623",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56623"
},
{
"name": "CVE-2024-26625",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26625"
},
{
"name": "CVE-2024-44935",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44935"
},
{
"name": "CVE-2024-44999",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44999"
},
{
"name": "CVE-2024-47712",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47712"
},
{
"name": "CVE-2024-56610",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56610"
},
{
"name": "CVE-2024-26748",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26748"
},
{
"name": "CVE-2023-52809",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52809"
},
{
"name": "CVE-2024-42223",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42223"
},
{
"name": "CVE-2024-49963",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49963"
},
{
"name": "CVE-2024-49971",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49971"
},
{
"name": "CVE-2024-56562",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56562"
},
{
"name": "CVE-2024-26635",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26635"
},
{
"name": "CVE-2023-52805",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52805"
},
{
"name": "CVE-2024-41097",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41097"
},
{
"name": "CVE-2024-49875",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49875"
},
{
"name": "CVE-2024-47739",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47739"
},
{
"name": "CVE-2024-47705",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47705"
},
{
"name": "CVE-2024-53161",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53161"
},
{
"name": "CVE-2023-52919",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52919"
},
{
"name": "CVE-2024-50035",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50035"
},
{
"name": "CVE-2024-56600",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56600"
},
{
"name": "CVE-2024-36978",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36978"
},
{
"name": "CVE-2024-44988",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44988"
},
{
"name": "CVE-2024-47660",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47660"
},
{
"name": "CVE-2024-56690",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56690"
},
{
"name": "CVE-2024-56597",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56597"
},
{
"name": "CVE-2024-40905",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40905"
},
{
"name": "CVE-2024-56574",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56574"
},
{
"name": "CVE-2024-47740",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47740"
},
{
"name": "CVE-2024-41063",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41063"
},
{
"name": "CVE-2024-41017",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41017"
},
{
"name": "CVE-2024-26697",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26697"
},
{
"name": "CVE-2024-42244",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42244"
},
{
"name": "CVE-2024-49924",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49924"
},
{
"name": "CVE-2024-46758",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46758"
},
{
"name": "CVE-2024-53217",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53217"
},
{
"name": "CVE-2024-53183",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53183"
},
{
"name": "CVE-2024-49938",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49938"
},
{
"name": "CVE-2024-41012",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41012"
},
{
"name": "CVE-2024-40902",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40902"
},
{
"name": "CVE-2024-47756",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47756"
},
{
"name": "CVE-2024-40934",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40934"
},
{
"name": "CVE-2024-47667",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47667"
},
{
"name": "CVE-2024-46756",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46756"
},
{
"name": "CVE-2024-56615",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56615"
},
{
"name": "CVE-2024-47737",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47737"
},
{
"name": "CVE-2024-46739",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46739"
},
{
"name": "CVE-2024-47669",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47669"
},
{
"name": "CVE-2024-56705",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56705"
},
{
"name": "CVE-2024-50290",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50290"
},
{
"name": "CVE-2024-50008",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50008"
},
{
"name": "CVE-2024-42082",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42082"
},
{
"name": "CVE-2024-26685",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26685"
},
{
"name": "CVE-2024-56704",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56704"
},
{
"name": "CVE-2024-45006",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45006"
},
{
"name": "CVE-2024-46725",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46725"
},
{
"name": "CVE-2024-46829",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46829"
},
{
"name": "CVE-2024-40912",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40912"
},
{
"name": "CVE-2023-52599",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52599"
},
{
"name": "CVE-2024-56589",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56589"
},
{
"name": "CVE-2024-50265",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50265"
},
{
"name": "CVE-2024-56636",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56636"
},
{
"name": "CVE-2024-41089",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41089"
},
{
"name": "CVE-2024-39487",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39487"
},
{
"name": "CVE-2024-56567",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56567"
},
{
"name": "CVE-2024-44954",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44954"
},
{
"name": "CVE-2024-43908",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43908"
},
{
"name": "CVE-2023-3567",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3567"
},
{
"name": "CVE-2024-50033",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50033"
},
{
"name": "CVE-2024-43890",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43890"
},
{
"name": "CVE-2024-26688",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26688"
},
{
"name": "CVE-2023-52865",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52865"
},
{
"name": "CVE-2024-49901",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49901"
},
{
"name": "CVE-2024-36901",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36901"
},
{
"name": "CVE-2024-56688",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56688"
},
{
"name": "CVE-2024-41090",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41090"
},
{
"name": "CVE-2024-50180",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50180"
},
{
"name": "CVE-2024-26663",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26663"
},
{
"name": "CVE-2024-50282",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50282"
},
{
"name": "CVE-2024-50273",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50273"
},
{
"name": "CVE-2024-26675",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26675"
},
{
"name": "CVE-2024-56532",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56532"
},
{
"name": "CVE-2024-41077",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41077"
},
{
"name": "CVE-2024-47143",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47143"
},
{
"name": "CVE-2024-49949",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49949"
},
{
"name": "CVE-2023-52509",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52509"
},
{
"name": "CVE-2024-44952",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44952"
},
{
"name": "CVE-2023-52753",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52753"
},
{
"name": "CVE-2024-26840",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26840"
},
{
"name": "CVE-2024-50046",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50046"
},
{
"name": "CVE-2023-52583",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52583"
},
{
"name": "CVE-2024-50099",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50099"
},
{
"name": "CVE-2024-50193",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50193"
},
{
"name": "CVE-2024-46743",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46743"
},
{
"name": "CVE-2024-49944",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49944"
},
{
"name": "CVE-2023-52602",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52602"
},
{
"name": "CVE-2024-50198",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50198"
},
{
"name": "CVE-2023-52832",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52832"
},
{
"name": "CVE-2024-56746",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56746"
},
{
"name": "CVE-2024-47749",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47749"
},
{
"name": "CVE-2024-41092",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41092"
},
{
"name": "CVE-2024-49966",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49966"
},
{
"name": "CVE-2024-40995",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40995"
},
{
"name": "CVE-2024-41087",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41087"
},
{
"name": "CVE-2023-52819",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52819"
},
{
"name": "CVE-2023-52876",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52876"
},
{
"name": "CVE-2024-42095",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42095"
},
{
"name": "CVE-2024-49902",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49902"
},
{
"name": "CVE-2024-47757",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47757"
},
{
"name": "CVE-2025-30033",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30033"
},
{
"name": "CVE-2024-27417",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27417"
},
{
"name": "CVE-2024-48881",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48881"
},
{
"name": "CVE-2024-47692",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47692"
},
{
"name": "CVE-2024-46744",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46744"
},
{
"name": "CVE-2024-0841",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0841"
},
{
"name": "CVE-2025-40753",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40753"
},
{
"name": "CVE-2024-50184",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50184"
},
{
"name": "CVE-2024-40929",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40929"
},
{
"name": "CVE-2024-39501",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39501"
},
{
"name": "CVE-2024-52504",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52504"
},
{
"name": "CVE-2024-50287",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50287"
},
{
"name": "CVE-2024-56747",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56747"
},
{
"name": "CVE-2024-49851",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49851"
},
{
"name": "CVE-2023-6040",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6040"
},
{
"name": "CVE-2023-52510",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52510"
},
{
"name": "CVE-2023-51781",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51781"
},
{
"name": "CVE-2024-56603",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56603"
},
{
"name": "CVE-2024-53158",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53158"
},
{
"name": "CVE-2024-43882",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43882"
},
{
"name": "CVE-2024-41068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41068"
},
{
"name": "CVE-2024-56644",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56644"
},
{
"name": "CVE-2024-46780",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46780"
},
{
"name": "CVE-2024-46817",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46817"
},
{
"name": "CVE-2024-42101",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42101"
},
{
"name": "CVE-2025-40751",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40751"
},
{
"name": "CVE-2024-50278",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50278"
},
{
"name": "CVE-2024-50201",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50201"
},
{
"name": "CVE-2024-35835",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35835"
},
{
"name": "CVE-2024-56701",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56701"
},
{
"name": "CVE-2024-42077",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42077"
},
{
"name": "CVE-2023-52670",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52670"
},
{
"name": "CVE-2024-40943",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40943"
},
{
"name": "CVE-2024-26735",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26735"
},
{
"name": "CVE-2024-49933",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49933"
},
{
"name": "CVE-2024-53184",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53184"
},
{
"name": "CVE-2024-47685",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47685"
},
{
"name": "CVE-2024-40901",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40901"
},
{
"name": "CVE-2022-48829",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48829"
},
{
"name": "CVE-2024-53174",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53174"
},
{
"name": "CVE-2024-49879",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49879"
},
{
"name": "CVE-2024-39495",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39495"
},
{
"name": "CVE-2024-50044",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50044"
},
{
"name": "CVE-2024-49894",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49894"
},
{
"name": "CVE-2024-56700",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56700"
},
{
"name": "CVE-2024-47718",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47718"
},
{
"name": "CVE-2024-49867",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49867"
},
{
"name": "CVE-2023-51780",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51780"
},
{
"name": "CVE-2024-49985",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49985"
},
{
"name": "CVE-2024-50001",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50001"
},
{
"name": "CVE-2023-52881",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52881"
},
{
"name": "CVE-2024-49993",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49993"
},
{
"name": "CVE-2024-56728",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56728"
},
{
"name": "CVE-2024-43861",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43861"
},
{
"name": "CVE-2024-53241",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53241"
},
{
"name": "CVE-2023-52838",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52838"
},
{
"name": "CVE-2024-47710",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47710"
},
{
"name": "CVE-2024-46771",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46771"
},
{
"name": "CVE-2024-50083",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50083"
},
{
"name": "CVE-2023-52774",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52774"
},
{
"name": "CVE-2024-56531",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56531"
},
{
"name": "CVE-2024-49892",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49892"
},
{
"name": "CVE-2024-49930",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49930"
},
{
"name": "CVE-2024-53148",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53148"
},
{
"name": "CVE-2024-47698",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47698"
},
{
"name": "CVE-2023-52879",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52879"
},
{
"name": "CVE-2024-56681",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56681"
},
{
"name": "CVE-2024-26602",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26602"
},
{
"name": "CVE-2023-52799",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52799"
},
{
"name": "CVE-2024-38619",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38619"
},
{
"name": "CVE-2024-50039",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50039"
},
{
"name": "CVE-2024-50251",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50251"
},
{
"name": "CVE-2024-56754",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56754"
},
{
"name": "CVE-2024-49973",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49973"
},
{
"name": "CVE-2024-53214",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53214"
},
{
"name": "CVE-2024-39476",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39476"
},
{
"name": "CVE-2024-46804",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46804"
},
{
"name": "CVE-2024-56619",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56619"
},
{
"name": "CVE-2024-47668",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47668"
},
{
"name": "CVE-2024-49883",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49883"
},
{
"name": "CVE-2024-53165",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53165"
},
{
"name": "CVE-2024-50236",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50236"
},
{
"name": "CVE-2024-46840",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46840"
},
{
"name": "CVE-2022-48828",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48828"
},
{
"name": "CVE-2024-56568",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56568"
},
{
"name": "CVE-2024-46763",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46763"
},
{
"name": "CVE-2024-41059",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41059"
},
{
"name": "CVE-2024-42094",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42094"
},
{
"name": "CVE-2024-53146",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53146"
},
{
"name": "CVE-2024-46759",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46759"
},
{
"name": "CVE-2024-27416",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27416"
},
{
"name": "CVE-2023-52598",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52598"
},
{
"name": "CVE-2024-46737",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46737"
},
{
"name": "CVE-2024-41040",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41040"
},
{
"name": "CVE-2023-6606",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6606"
},
{
"name": "CVE-2024-40987",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40987"
},
{
"name": "CVE-2024-56539",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56539"
},
{
"name": "CVE-2023-52806",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52806"
},
{
"name": "CVE-2024-56662",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56662"
},
{
"name": "CVE-2024-46814",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46814"
},
{
"name": "CVE-2024-56572",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56572"
},
{
"name": "CVE-2024-56570",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56570"
},
{
"name": "CVE-2024-26793",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26793"
},
{
"name": "CVE-2024-40945",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40945"
},
{
"name": "CVE-2024-46818",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46818"
},
{
"name": "CVE-2023-6932",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6932"
},
{
"name": "CVE-2024-50602",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50602"
},
{
"name": "CVE-2024-40941",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40941"
},
{
"name": "CVE-2022-48827",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48827"
},
{
"name": "CVE-2023-52594",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52594"
},
{
"name": "CVE-2024-53198",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53198"
},
{
"name": "CVE-2024-44965",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44965"
},
{
"name": "CVE-2024-49860",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49860"
},
{
"name": "CVE-2024-45003",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45003"
},
{
"name": "CVE-2024-41055",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41055"
},
{
"name": "CVE-2023-52595",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52595"
},
{
"name": "CVE-2025-47809",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47809"
},
{
"name": "CVE-2024-50234",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50234"
},
{
"name": "CVE-2024-56720",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56720"
},
{
"name": "CVE-2024-26752",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26752"
},
{
"name": "CVE-2024-41015",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41015"
},
{
"name": "CVE-2024-53155",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53155"
},
{
"name": "CVE-2024-40984",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40984"
},
{
"name": "CVE-2024-42224",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42224"
},
{
"name": "CVE-2024-50194",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50194"
},
{
"name": "CVE-2024-46832",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46832"
},
{
"name": "CVE-2023-52871",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52871"
},
{
"name": "CVE-2024-49895",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49895"
},
{
"name": "CVE-2024-56785",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56785"
},
{
"name": "CVE-2023-52623",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52623"
},
{
"name": "CVE-2024-26736",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26736"
},
{
"name": "CVE-2024-56587",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56587"
},
{
"name": "CVE-2024-45021",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45021"
},
{
"name": "CVE-2023-52655",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52655"
},
{
"name": "CVE-2024-49882",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49882"
},
{
"name": "CVE-2024-47659",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47659"
},
{
"name": "CVE-2024-42161",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42161"
},
{
"name": "CVE-2023-52813",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52813"
},
{
"name": "CVE-2024-56741",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56741"
},
{
"name": "CVE-2023-52504",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52504"
},
{
"name": "CVE-2024-39506",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39506"
},
{
"name": "CVE-2024-40990",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40990"
},
{
"name": "CVE-2024-40978",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40978"
},
{
"name": "CVE-2024-53104",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53104"
},
{
"name": "CVE-2023-52615",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52615"
},
{
"name": "CVE-2024-40968",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40968"
},
{
"name": "CVE-2024-45025",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45025"
},
{
"name": "CVE-2024-27414",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27414"
},
{
"name": "CVE-2024-56748",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56748"
},
{
"name": "CVE-2024-41035",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41035"
},
{
"name": "CVE-2024-56648",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56648"
},
{
"name": "CVE-2024-26777",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26777"
},
{
"name": "CVE-2024-41049",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41049"
},
{
"name": "CVE-2024-26764",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26764"
},
{
"name": "CVE-2024-42143",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42143"
},
{
"name": "CVE-2021-47316",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47316"
},
{
"name": "CVE-2024-56558",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56558"
},
{
"name": "CVE-2024-41065",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41065"
},
{
"name": "CVE-2024-43879",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43879"
},
{
"name": "CVE-2024-46761",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46761"
},
{
"name": "CVE-2023-52606",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52606"
},
{
"name": "CVE-2024-50301",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50301"
},
{
"name": "CVE-2024-26778",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26778"
},
{
"name": "CVE-2024-37078",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37078"
},
{
"name": "CVE-2024-49975",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49975"
},
{
"name": "CVE-2024-53240",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53240"
},
{
"name": "CVE-2024-50179",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50179"
},
{
"name": "CVE-2024-53101",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53101"
},
{
"name": "CVE-2024-47696",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47696"
},
{
"name": "CVE-2023-52840",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52840"
},
{
"name": "CVE-2024-53156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53156"
},
{
"name": "CVE-2023-52502",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52502"
},
{
"name": "CVE-2024-41091",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41091"
},
{
"name": "CVE-2024-42105",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42105"
},
{
"name": "CVE-2024-50015",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50015"
},
{
"name": "CVE-2023-52597",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52597"
},
{
"name": "CVE-2024-41044",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41044"
},
{
"name": "CVE-2024-40958",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40958"
},
{
"name": "CVE-2023-52581",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52581"
},
{
"name": "CVE-2024-45008",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45008"
},
{
"name": "CVE-2024-50188",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50188"
},
{
"name": "CVE-2024-56533",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56533"
},
{
"name": "CVE-2024-40981",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40981"
},
{
"name": "CVE-2023-52917",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52917"
},
{
"name": "CVE-2024-56598",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56598"
},
{
"name": "CVE-2024-1086",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1086"
},
{
"name": "CVE-2024-53060",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53060"
},
{
"name": "CVE-2023-52875",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52875"
},
{
"name": "CVE-2024-44990",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44990"
},
{
"name": "CVE-2024-44987",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44987"
},
{
"name": "CVE-2024-56781",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56781"
},
{
"name": "CVE-2024-41046",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41046"
},
{
"name": "CVE-2024-50089",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50089"
},
{
"name": "CVE-2024-56630",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56630"
},
{
"name": "CVE-2024-42152",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42152"
},
{
"name": "CVE-2024-49982",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49982"
},
{
"name": "CVE-2023-52835",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52835"
},
{
"name": "CVE-2024-53059",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53059"
},
{
"name": "CVE-2024-50299",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50299"
},
{
"name": "CVE-2024-50218",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50218"
},
{
"name": "CVE-2024-42148",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42148"
},
{
"name": "CVE-2024-39482",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39482"
},
{
"name": "CVE-2024-39499",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39499"
},
{
"name": "CVE-2024-56633",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56633"
},
{
"name": "CVE-2024-56593",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56593"
},
{
"name": "CVE-2024-56605",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56605"
},
{
"name": "CVE-2024-53680",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53680"
},
{
"name": "CVE-2024-26835",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26835"
},
{
"name": "CVE-2024-26791",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26791"
},
{
"name": "CVE-2023-52843",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52843"
},
{
"name": "CVE-2024-50279",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50279"
},
{
"name": "CVE-2024-41064",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41064"
},
{
"name": "CVE-2024-36894",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36894"
},
{
"name": "CVE-2024-56698",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56698"
},
{
"name": "CVE-2024-47742",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47742"
},
{
"name": "CVE-2024-47709",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47709"
},
{
"name": "CVE-2024-41020",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41020"
},
{
"name": "CVE-2024-26772",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26772"
},
{
"name": "CVE-2024-46782",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46782"
},
{
"name": "CVE-2024-56780",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56780"
},
{
"name": "CVE-2024-47706",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47706"
},
{
"name": "CVE-2024-27405",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27405"
},
{
"name": "CVE-2024-46702",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46702"
},
{
"name": "CVE-2023-5717",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5717"
},
{
"name": "CVE-2024-47747",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47747"
},
{
"name": "CVE-2024-40942",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40942"
},
{
"name": "CVE-2024-26766",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26766"
},
{
"name": "CVE-2023-5678",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5678"
},
{
"name": "CVE-2024-26664",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26664"
},
{
"name": "CVE-2024-46719",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46719"
},
{
"name": "CVE-2024-49877",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49877"
},
{
"name": "CVE-2023-52791",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52791"
},
{
"name": "CVE-2024-44949",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44949"
},
{
"name": "CVE-2023-6121",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6121"
},
{
"name": "CVE-2023-52607",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52607"
},
{
"name": "CVE-2024-56650",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56650"
},
{
"name": "CVE-2024-44989",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44989"
},
{
"name": "CVE-2024-26788",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26788"
},
{
"name": "CVE-2023-52817",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52817"
},
{
"name": "CVE-2024-27410",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27410"
},
{
"name": "CVE-2024-26684",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26684"
},
{
"name": "CVE-2024-53237",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53237"
},
{
"name": "CVE-2023-6931",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6931"
},
{
"name": "CVE-2024-56576",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56576"
},
{
"name": "CVE-2024-42145",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42145"
},
{
"name": "CVE-2024-40961",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40961"
},
{
"name": "CVE-2024-53227",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53227"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0677",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-08-12T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Siemens. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
"vendor_advisories": [
{
"published_at": "2025-08-12",
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-707630",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-707630.html"
},
{
"published_at": "2025-08-12",
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-331739",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-331739.html"
},
{
"published_at": "2025-08-12",
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-693808",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-693808.html"
},
{
"published_at": "2025-08-12",
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-613116",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-613116.html"
},
{
"published_at": "2025-08-12",
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-493396",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-493396.html"
},
{
"published_at": "2025-08-11",
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-400089",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-400089.html"
},
{
"published_at": "2025-08-12",
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-493787",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-493787.html"
},
{
"published_at": "2025-08-12",
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-894058",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-894058.html"
},
{
"published_at": "2025-08-12",
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-355557",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-355557.html"
},
{
"published_at": "2025-08-12",
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-529291",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-529291.html"
},
{
"published_at": "2025-08-12",
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-282044",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-282044.html"
}
]
}
CERTFR-2025-AVI-0185
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans le noyau Linux d'Ubuntu. Elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service et un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Ubuntu 16.04 ESM",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 24.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 20.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 24.10",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 14.04 ESM",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 22.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2023-52458",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52458"
},
{
"name": "CVE-2024-26718",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26718"
},
{
"name": "CVE-2024-26685",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26685"
},
{
"name": "CVE-2023-52488",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52488"
},
{
"name": "CVE-2023-52522",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52522"
},
{
"name": "CVE-2024-36886",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36886"
},
{
"name": "CVE-2021-47469",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47469"
},
{
"name": "CVE-2023-52799",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52799"
},
{
"name": "CVE-2023-52818",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52818"
},
{
"name": "CVE-2023-52880",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52880"
},
{
"name": "CVE-2024-35887",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35887"
},
{
"name": "CVE-2024-36952",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36952"
},
{
"name": "CVE-2024-35896",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35896"
},
{
"name": "CVE-2024-36964",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36964"
},
{
"name": "CVE-2024-38567",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38567"
},
{
"name": "CVE-2021-47103",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47103"
},
{
"name": "CVE-2024-38544",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38544"
},
{
"name": "CVE-2024-40910",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40910"
},
{
"name": "CVE-2024-40911",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40911"
},
{
"name": "CVE-2024-40943",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40943"
},
{
"name": "CVE-2024-40953",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40953"
},
{
"name": "CVE-2024-40981",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40981"
},
{
"name": "CVE-2021-47606",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47606"
},
{
"name": "CVE-2024-39497",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39497"
},
{
"name": "CVE-2024-41016",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41016"
},
{
"name": "CVE-2024-41063",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41063"
},
{
"name": "CVE-2024-41064",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41064"
},
{
"name": "CVE-2024-41066",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41066"
},
{
"name": "CVE-2024-42070",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42070"
},
{
"name": "CVE-2024-40965",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40965"
},
{
"name": "CVE-2024-42068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42068"
},
{
"name": "CVE-2023-52913",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52913"
},
{
"name": "CVE-2024-41080",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41080"
},
{
"name": "CVE-2024-42291",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42291"
},
{
"name": "CVE-2024-43854",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43854"
},
{
"name": "CVE-2024-43863",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43863"
},
{
"name": "CVE-2024-43892",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43892"
},
{
"name": "CVE-2024-43893",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43893"
},
{
"name": "CVE-2024-43900",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43900"
},
{
"name": "CVE-2024-44931",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44931"
},
{
"name": "CVE-2024-44938",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44938"
},
{
"name": "CVE-2024-46731",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46731"
},
{
"name": "CVE-2024-46849",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46849"
},
{
"name": "CVE-2024-46853",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46853"
},
{
"name": "CVE-2024-46854",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46854"
},
{
"name": "CVE-2024-42252",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42252"
},
{
"name": "CVE-2022-48994",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48994"
},
{
"name": "CVE-2023-52917",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52917"
},
{
"name": "CVE-2024-47670",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47670"
},
{
"name": "CVE-2024-47671",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47671"
},
{
"name": "CVE-2024-47672",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47672"
},
{
"name": "CVE-2024-47673",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47673"
},
{
"name": "CVE-2024-47674",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47674"
},
{
"name": "CVE-2024-47675",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47675"
},
{
"name": "CVE-2024-47681",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47681"
},
{
"name": "CVE-2024-47682",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47682"
},
{
"name": "CVE-2024-47684",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47684"
},
{
"name": "CVE-2024-47685",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47685"
},
{
"name": "CVE-2024-47686",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47686"
},
{
"name": "CVE-2024-47687",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47687"
},
{
"name": "CVE-2024-47688",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47688"
},
{
"name": "CVE-2024-47692",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47692"
},
{
"name": "CVE-2024-47693",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47693"
},
{
"name": "CVE-2024-47695",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47695"
},
{
"name": "CVE-2024-47696",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47696"
},
{
"name": "CVE-2024-47697",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47697"
},
{
"name": "CVE-2024-47698",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47698"
},
{
"name": "CVE-2024-47699",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47699"
},
{
"name": "CVE-2024-47702",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47702"
},
{
"name": "CVE-2024-47704",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47704"
},
{
"name": "CVE-2024-47705",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47705"
},
{
"name": "CVE-2024-47706",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47706"
},
{
"name": "CVE-2024-47707",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47707"
},
{
"name": "CVE-2024-47709",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47709"
},
{
"name": "CVE-2024-47710",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47710"
},
{
"name": "CVE-2024-47712",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47712"
},
{
"name": "CVE-2024-47713",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47713"
},
{
"name": "CVE-2024-47714",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47714"
},
{
"name": "CVE-2024-47715",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47715"
},
{
"name": "CVE-2024-47718",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47718"
},
{
"name": "CVE-2024-47719",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47719"
},
{
"name": "CVE-2024-47720",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47720"
},
{
"name": "CVE-2024-47723",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47723"
},
{
"name": "CVE-2024-47727",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47727"
},
{
"name": "CVE-2024-47728",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47728"
},
{
"name": "CVE-2024-47730",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47730"
},
{
"name": "CVE-2024-47731",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47731"
},
{
"name": "CVE-2024-47732",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47732"
},
{
"name": "CVE-2024-47735",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47735"
},
{
"name": "CVE-2024-47737",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47737"
},
{
"name": "CVE-2024-47738",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47738"
},
{
"name": "CVE-2024-47739",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47739"
},
{
"name": "CVE-2024-47741",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47741"
},
{
"name": "CVE-2024-47742",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47742"
},
{
"name": "CVE-2024-47743",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47743"
},
{
"name": "CVE-2024-47744",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47744"
},
{
"name": "CVE-2024-47745",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47745"
},
{
"name": "CVE-2024-47747",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47747"
},
{
"name": "CVE-2024-47748",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47748"
},
{
"name": "CVE-2024-47749",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47749"
},
{
"name": "CVE-2024-47750",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47750"
},
{
"name": "CVE-2024-47751",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47751"
},
{
"name": "CVE-2024-47752",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47752"
},
{
"name": "CVE-2024-47753",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47753"
},
{
"name": "CVE-2024-47754",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47754"
},
{
"name": "CVE-2024-47756",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47756"
},
{
"name": "CVE-2024-47757",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47757"
},
{
"name": "CVE-2024-49850",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49850"
},
{
"name": "CVE-2024-49851",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49851"
},
{
"name": "CVE-2024-49852",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49852"
},
{
"name": "CVE-2024-49853",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49853"
},
{
"name": "CVE-2024-49855",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49855"
},
{
"name": "CVE-2024-49858",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49858"
},
{
"name": "CVE-2024-49860",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49860"
},
{
"name": "CVE-2024-49861",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49861"
},
{
"name": "CVE-2024-49862",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49862"
},
{
"name": "CVE-2024-49863",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49863"
},
{
"name": "CVE-2024-49864",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49864"
},
{
"name": "CVE-2024-49866",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49866"
},
{
"name": "CVE-2024-49867",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49867"
},
{
"name": "CVE-2024-49870",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49870"
},
{
"name": "CVE-2024-49871",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49871"
},
{
"name": "CVE-2024-49874",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49874"
},
{
"name": "CVE-2024-49875",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49875"
},
{
"name": "CVE-2024-49877",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49877"
},
{
"name": "CVE-2024-49878",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49878"
},
{
"name": "CVE-2024-49879",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49879"
},
{
"name": "CVE-2024-49881",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49881"
},
{
"name": "CVE-2024-49882",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49882"
},
{
"name": "CVE-2024-49883",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49883"
},
{
"name": "CVE-2024-49886",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49886"
},
{
"name": "CVE-2024-49888",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49888"
},
{
"name": "CVE-2024-49890",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49890"
},
{
"name": "CVE-2024-49891",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49891"
},
{
"name": "CVE-2024-49892",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49892"
},
{
"name": "CVE-2024-49894",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49894"
},
{
"name": "CVE-2024-49895",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49895"
},
{
"name": "CVE-2024-49896",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49896"
},
{
"name": "CVE-2024-49897",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49897"
},
{
"name": "CVE-2024-49898",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49898"
},
{
"name": "CVE-2024-49900",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49900"
},
{
"name": "CVE-2024-49901",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49901"
},
{
"name": "CVE-2024-49902",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49902"
},
{
"name": "CVE-2024-49903",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49903"
},
{
"name": "CVE-2024-49907",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49907"
},
{
"name": "CVE-2024-49909",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49909"
},
{
"name": "CVE-2024-49911",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49911"
},
{
"name": "CVE-2024-49912",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49912"
},
{
"name": "CVE-2024-49913",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49913"
},
{
"name": "CVE-2024-49917",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49917"
},
{
"name": "CVE-2024-49918",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49918"
},
{
"name": "CVE-2024-49919",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49919"
},
{
"name": "CVE-2024-49922",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49922"
},
{
"name": "CVE-2024-49923",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49923"
},
{
"name": "CVE-2024-49928",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49928"
},
{
"name": "CVE-2024-49929",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49929"
},
{
"name": "CVE-2024-49930",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49930"
},
{
"name": "CVE-2024-49931",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49931"
},
{
"name": "CVE-2024-49933",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49933"
},
{
"name": "CVE-2024-49935",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49935"
},
{
"name": "CVE-2024-49936",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49936"
},
{
"name": "CVE-2024-49937",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49937"
},
{
"name": "CVE-2024-49938",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49938"
},
{
"name": "CVE-2024-49939",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49939"
},
{
"name": "CVE-2024-49946",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49946"
},
{
"name": "CVE-2024-49947",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49947"
},
{
"name": "CVE-2024-49949",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49949"
},
{
"name": "CVE-2024-49950",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49950"
},
{
"name": "CVE-2024-49953",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49953"
},
{
"name": "CVE-2024-49954",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49954"
},
{
"name": "CVE-2024-49955",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49955"
},
{
"name": "CVE-2024-49957",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49957"
},
{
"name": "CVE-2024-49958",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49958"
},
{
"name": "CVE-2024-49959",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49959"
},
{
"name": "CVE-2024-49960",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49960"
},
{
"name": "CVE-2024-49961",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49961"
},
{
"name": "CVE-2024-49962",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49962"
},
{
"name": "CVE-2024-49963",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49963"
},
{
"name": "CVE-2024-49965",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49965"
},
{
"name": "CVE-2024-49966",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49966"
},
{
"name": "CVE-2024-49969",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49969"
},
{
"name": "CVE-2024-49972",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49972"
},
{
"name": "CVE-2024-49973",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49973"
},
{
"name": "CVE-2024-49974",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49974"
},
{
"name": "CVE-2024-49975",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49975"
},
{
"name": "CVE-2024-49981",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49981"
},
{
"name": "CVE-2024-49982",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49982"
},
{
"name": "CVE-2024-49985",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49985"
},
{
"name": "CVE-2024-49986",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49986"
},
{
"name": "CVE-2024-49991",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49991"
},
{
"name": "CVE-2024-49995",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49995"
},
{
"name": "CVE-2024-49996",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49996"
},
{
"name": "CVE-2024-50000",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50000"
},
{
"name": "CVE-2024-50001",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50001"
},
{
"name": "CVE-2024-50002",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50002"
},
{
"name": "CVE-2024-50006",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50006"
},
{
"name": "CVE-2024-50007",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50007"
},
{
"name": "CVE-2024-50008",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50008"
},
{
"name": "CVE-2024-50013",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50013"
},
{
"name": "CVE-2024-50014",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50014"
},
{
"name": "CVE-2024-50015",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50015"
},
{
"name": "CVE-2024-50017",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50017"
},
{
"name": "CVE-2024-50019",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50019"
},
{
"name": "CVE-2024-50020",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50020"
},
{
"name": "CVE-2024-50021",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50021"
},
{
"name": "CVE-2024-50022",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50022"
},
{
"name": "CVE-2024-50023",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50023"
},
{
"name": "CVE-2024-50024",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50024"
},
{
"name": "CVE-2024-50025",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50025"
},
{
"name": "CVE-2024-50027",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50027"
},
{
"name": "CVE-2024-50028",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50028"
},
{
"name": "CVE-2024-50031",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50031"
},
{
"name": "CVE-2024-50033",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50033"
},
{
"name": "CVE-2024-50035",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50035"
},
{
"name": "CVE-2024-50040",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50040"
},
{
"name": "CVE-2024-50041",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50041"
},
{
"name": "CVE-2024-50042",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50042"
},
{
"name": "CVE-2024-50044",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50044"
},
{
"name": "CVE-2024-50045",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50045"
},
{
"name": "CVE-2024-50046",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50046"
},
{
"name": "CVE-2024-50047",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50047"
},
{
"name": "CVE-2024-50048",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50048"
},
{
"name": "CVE-2024-50049",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50049"
},
{
"name": "CVE-2024-50055",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50055"
},
{
"name": "CVE-2024-50058",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50058"
},
{
"name": "CVE-2024-50059",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50059"
},
{
"name": "CVE-2024-50060",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50060"
},
{
"name": "CVE-2024-50061",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50061"
},
{
"name": "CVE-2024-50062",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50062"
},
{
"name": "CVE-2024-50063",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50063"
},
{
"name": "CVE-2024-50064",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50064"
},
{
"name": "CVE-2024-50069",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50069"
},
{
"name": "CVE-2024-50073",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50073"
},
{
"name": "CVE-2024-50074",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50074"
},
{
"name": "CVE-2024-50075",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50075"
},
{
"name": "CVE-2024-50076",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50076"
},
{
"name": "CVE-2024-50077",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50077"
},
{
"name": "CVE-2024-50078",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50078"
},
{
"name": "CVE-2024-50080",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50080"
},
{
"name": "CVE-2024-50081",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50081"
},
{
"name": "CVE-2024-50012",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50012"
},
{
"name": "CVE-2024-50036",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50036"
},
{
"name": "CVE-2024-50067",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50067"
},
{
"name": "CVE-2024-50072",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50072"
},
{
"name": "CVE-2024-50126",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50126"
},
{
"name": "CVE-2024-50215",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50215"
},
{
"name": "CVE-2024-50218",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50218"
},
{
"name": "CVE-2024-50229",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50229"
},
{
"name": "CVE-2024-50230",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50230"
},
{
"name": "CVE-2024-50232",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50232"
},
{
"name": "CVE-2024-50233",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50233"
},
{
"name": "CVE-2024-50234",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50234"
},
{
"name": "CVE-2024-50235",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50235"
},
{
"name": "CVE-2024-50236",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50236"
},
{
"name": "CVE-2024-50237",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50237"
},
{
"name": "CVE-2024-50242",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50242"
},
{
"name": "CVE-2024-50243",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50243"
},
{
"name": "CVE-2024-50244",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50244"
},
{
"name": "CVE-2024-50245",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50245"
},
{
"name": "CVE-2024-50247",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50247"
},
{
"name": "CVE-2024-50249",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50249"
},
{
"name": "CVE-2024-50250",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50250"
},
{
"name": "CVE-2024-50251",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50251"
},
{
"name": "CVE-2024-50252",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50252"
},
{
"name": "CVE-2024-50255",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50255"
},
{
"name": "CVE-2024-50256",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50256"
},
{
"name": "CVE-2024-50257",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50257"
},
{
"name": "CVE-2024-50259",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50259"
},
{
"name": "CVE-2024-50261",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50261"
},
{
"name": "CVE-2024-50262",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50262"
},
{
"name": "CVE-2024-50265",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50265"
},
{
"name": "CVE-2024-50267",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50267"
},
{
"name": "CVE-2024-50268",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50268"
},
{
"name": "CVE-2024-50269",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50269"
},
{
"name": "CVE-2024-50271",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50271"
},
{
"name": "CVE-2024-50272",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50272"
},
{
"name": "CVE-2024-50273",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50273"
},
{
"name": "CVE-2024-50276",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50276"
},
{
"name": "CVE-2024-50278",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50278"
},
{
"name": "CVE-2024-50279",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50279"
},
{
"name": "CVE-2024-50280",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50280"
},
{
"name": "CVE-2024-50282",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50282"
},
{
"name": "CVE-2024-50283",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50283"
},
{
"name": "CVE-2024-50284",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50284"
},
{
"name": "CVE-2024-50286",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50286"
},
{
"name": "CVE-2024-50287",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50287"
},
{
"name": "CVE-2024-50290",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50290"
},
{
"name": "CVE-2024-50292",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50292"
},
{
"name": "CVE-2024-50295",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50295"
},
{
"name": "CVE-2024-50296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50296"
},
{
"name": "CVE-2024-50299",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50299"
},
{
"name": "CVE-2024-50301",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50301"
},
{
"name": "CVE-2024-50302",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50302"
},
{
"name": "CVE-2024-53042",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53042"
},
{
"name": "CVE-2024-53043",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53043"
},
{
"name": "CVE-2024-53052",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53052"
},
{
"name": "CVE-2024-53055",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53055"
},
{
"name": "CVE-2024-53058",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53058"
},
{
"name": "CVE-2024-53059",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53059"
},
{
"name": "CVE-2024-53061",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53061"
},
{
"name": "CVE-2024-53063",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53063"
},
{
"name": "CVE-2024-53066",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53066"
},
{
"name": "CVE-2024-53072",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53072"
},
{
"name": "CVE-2024-53081",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53081"
},
{
"name": "CVE-2024-53082",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53082"
},
{
"name": "CVE-2024-53088",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53088"
},
{
"name": "CVE-2024-53093",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53093"
},
{
"name": "CVE-2024-50226",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50226"
},
{
"name": "CVE-2024-49925",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49925"
},
{
"name": "CVE-2024-49945",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49945"
},
{
"name": "CVE-2024-50208",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50208"
},
{
"name": "CVE-2024-50082",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50082"
},
{
"name": "CVE-2024-50099",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50099"
},
{
"name": "CVE-2024-50110",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50110"
},
{
"name": "CVE-2024-50142",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50142"
},
{
"name": "CVE-2024-50192",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50192"
},
{
"name": "CVE-2024-47679",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47679"
},
{
"name": "CVE-2024-47690",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47690"
},
{
"name": "CVE-2024-47701",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47701"
},
{
"name": "CVE-2024-47734",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47734"
},
{
"name": "CVE-2024-47740",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47740"
},
{
"name": "CVE-2024-49856",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49856"
},
{
"name": "CVE-2024-49868",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49868"
},
{
"name": "CVE-2024-49884",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49884"
},
{
"name": "CVE-2024-49889",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49889"
},
{
"name": "CVE-2024-49905",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49905"
},
{
"name": "CVE-2024-49915",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49915"
},
{
"name": "CVE-2024-49924",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49924"
},
{
"name": "CVE-2024-49927",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49927"
},
{
"name": "CVE-2024-49944",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49944"
},
{
"name": "CVE-2024-49948",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49948"
},
{
"name": "CVE-2024-49952",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49952"
},
{
"name": "CVE-2024-49977",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49977"
},
{
"name": "CVE-2024-49983",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49983"
},
{
"name": "CVE-2024-49997",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49997"
},
{
"name": "CVE-2024-50003",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50003"
},
{
"name": "CVE-2024-50038",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50038"
},
{
"name": "CVE-2024-50039",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50039"
},
{
"name": "CVE-2024-50093",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50093"
},
{
"name": "CVE-2024-50095",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50095"
},
{
"name": "CVE-2024-50096",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50096"
},
{
"name": "CVE-2024-50179",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50179"
},
{
"name": "CVE-2024-50180",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50180"
},
{
"name": "CVE-2024-50181",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50181"
},
{
"name": "CVE-2024-50184",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50184"
},
{
"name": "CVE-2024-50186",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50186"
},
{
"name": "CVE-2024-50188",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50188"
},
{
"name": "CVE-2024-50189",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50189"
},
{
"name": "CVE-2024-50191",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50191"
},
{
"name": "CVE-2024-47703",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47703"
},
{
"name": "CVE-2024-49934",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49934"
},
{
"name": "CVE-2024-49968",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49968"
},
{
"name": "CVE-2024-49976",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49976"
},
{
"name": "CVE-2024-49987",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49987"
},
{
"name": "CVE-2024-49989",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49989"
},
{
"name": "CVE-2024-50009",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50009"
},
{
"name": "CVE-2024-50026",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50026"
},
{
"name": "CVE-2024-50084",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50084"
},
{
"name": "CVE-2024-50087",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50087"
},
{
"name": "CVE-2024-50088",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50088"
},
{
"name": "CVE-2024-50098",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50098"
},
{
"name": "CVE-2024-50100",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50100"
},
{
"name": "CVE-2024-50101",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50101"
},
{
"name": "CVE-2024-50102",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50102"
},
{
"name": "CVE-2024-50103",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50103"
},
{
"name": "CVE-2024-50108",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50108"
},
{
"name": "CVE-2024-50115",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50115"
},
{
"name": "CVE-2024-50116",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50116"
},
{
"name": "CVE-2024-50117",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50117"
},
{
"name": "CVE-2024-50121",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50121"
},
{
"name": "CVE-2024-50124",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50124"
},
{
"name": "CVE-2024-50125",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50125"
},
{
"name": "CVE-2024-50127",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50127"
},
{
"name": "CVE-2024-50128",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50128"
},
{
"name": "CVE-2024-50130",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50130"
},
{
"name": "CVE-2024-50131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50131"
},
{
"name": "CVE-2024-50134",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50134"
},
{
"name": "CVE-2024-50135",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50135"
},
{
"name": "CVE-2024-50136",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50136"
},
{
"name": "CVE-2024-50138",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50138"
},
{
"name": "CVE-2024-50139",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50139"
},
{
"name": "CVE-2024-50141",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50141"
},
{
"name": "CVE-2024-50145",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50145"
},
{
"name": "CVE-2024-50146",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50146"
},
{
"name": "CVE-2024-50147",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50147"
},
{
"name": "CVE-2024-50148",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50148"
},
{
"name": "CVE-2024-50150",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50150"
},
{
"name": "CVE-2024-50153",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50153"
},
{
"name": "CVE-2024-50154",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50154"
},
{
"name": "CVE-2024-50155",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50155"
},
{
"name": "CVE-2024-50156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50156"
},
{
"name": "CVE-2024-50157",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50157"
},
{
"name": "CVE-2024-50158",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50158"
},
{
"name": "CVE-2024-50159",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50159"
},
{
"name": "CVE-2024-50160",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50160"
},
{
"name": "CVE-2024-50166",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50166"
},
{
"name": "CVE-2024-50167",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50167"
},
{
"name": "CVE-2024-50169",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50169"
},
{
"name": "CVE-2024-50171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50171"
},
{
"name": "CVE-2024-50172",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50172"
},
{
"name": "CVE-2024-50175",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50175"
},
{
"name": "CVE-2024-50176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50176"
},
{
"name": "CVE-2024-50177",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50177"
},
{
"name": "CVE-2024-50182",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50182"
},
{
"name": "CVE-2024-50183",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50183"
},
{
"name": "CVE-2024-50187",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50187"
},
{
"name": "CVE-2024-50194",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50194"
},
{
"name": "CVE-2024-50195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50195"
},
{
"name": "CVE-2024-50196",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50196"
},
{
"name": "CVE-2024-50198",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50198"
},
{
"name": "CVE-2024-50200",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50200"
},
{
"name": "CVE-2024-50201",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50201"
},
{
"name": "CVE-2024-50205",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50205"
},
{
"name": "CVE-2024-50209",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50209"
},
{
"name": "CVE-2024-50216",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50216"
},
{
"name": "CVE-2024-50221",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50221"
},
{
"name": "CVE-2024-50224",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50224"
},
{
"name": "CVE-2024-50225",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50225"
},
{
"name": "CVE-2024-50231",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50231"
},
{
"name": "CVE-2024-50240",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50240"
},
{
"name": "CVE-2024-50246",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50246"
},
{
"name": "CVE-2024-50248",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50248"
},
{
"name": "CVE-2024-50274",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50274"
},
{
"name": "CVE-2024-50275",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50275"
},
{
"name": "CVE-2024-50289",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50289"
},
{
"name": "CVE-2024-50298",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50298"
},
{
"name": "CVE-2024-53045",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53045"
},
{
"name": "CVE-2024-53048",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53048"
},
{
"name": "CVE-2024-53056",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53056"
},
{
"name": "CVE-2024-53068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53068"
},
{
"name": "CVE-2024-53074",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53074"
},
{
"name": "CVE-2024-53076",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53076"
},
{
"name": "CVE-2024-53079",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53079"
},
{
"name": "CVE-2024-53085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53085"
},
{
"name": "CVE-2024-53094",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53094"
},
{
"name": "CVE-2024-53095",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53095"
},
{
"name": "CVE-2024-53100",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53100"
},
{
"name": "CVE-2024-53101",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53101"
},
{
"name": "CVE-2024-53104",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53104"
},
{
"name": "CVE-2024-53106",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53106"
},
{
"name": "CVE-2024-53108",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53108"
},
{
"name": "CVE-2024-53110",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53110"
},
{
"name": "CVE-2024-53112",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53112"
},
{
"name": "CVE-2024-53114",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53114"
},
{
"name": "CVE-2024-53121",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53121"
},
{
"name": "CVE-2024-53138",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53138"
},
{
"name": "CVE-2024-53142",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53142"
},
{
"name": "CVE-2024-47678",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47678"
},
{
"name": "CVE-2024-49859",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49859"
},
{
"name": "CVE-2024-49978",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49978"
},
{
"name": "CVE-2024-49992",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49992"
},
{
"name": "CVE-2024-50010",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50010"
},
{
"name": "CVE-2024-50083",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50083"
},
{
"name": "CVE-2024-50085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50085"
},
{
"name": "CVE-2024-50086",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50086"
},
{
"name": "CVE-2024-50133",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50133"
},
{
"name": "CVE-2024-50143",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50143"
},
{
"name": "CVE-2024-50151",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50151"
},
{
"name": "CVE-2024-50162",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50162"
},
{
"name": "CVE-2024-50163",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50163"
},
{
"name": "CVE-2024-50168",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50168"
},
{
"name": "CVE-2024-50185",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50185"
},
{
"name": "CVE-2024-50193",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50193"
},
{
"name": "CVE-2024-50199",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50199"
},
{
"name": "CVE-2024-50202",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50202"
},
{
"name": "CVE-2024-53097",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53097"
},
{
"name": "CVE-2024-53103",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53103"
},
{
"name": "CVE-2024-53113",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53113"
},
{
"name": "CVE-2024-53119",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53119"
},
{
"name": "CVE-2024-53120",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53120"
},
{
"name": "CVE-2024-53122",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53122"
},
{
"name": "CVE-2024-53123",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53123"
},
{
"name": "CVE-2024-53127",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53127"
},
{
"name": "CVE-2024-53129",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53129"
},
{
"name": "CVE-2024-53130",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53130"
},
{
"name": "CVE-2024-53131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53131"
},
{
"name": "CVE-2024-53135",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53135"
},
{
"name": "CVE-2024-53140",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53140"
},
{
"name": "CVE-2024-53144",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53144"
},
{
"name": "CVE-2024-50016",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50016"
},
{
"name": "CVE-2024-50203",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50203"
},
{
"name": "CVE-2024-50211",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50211"
},
{
"name": "CVE-2024-53064",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53064"
},
{
"name": "CVE-2024-53090",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53090"
},
{
"name": "CVE-2024-53099",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53099"
},
{
"name": "CVE-2024-53105",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53105"
},
{
"name": "CVE-2024-53111",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53111"
},
{
"name": "CVE-2024-53117",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53117"
},
{
"name": "CVE-2024-53118",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53118"
},
{
"name": "CVE-2024-53125",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53125"
},
{
"name": "CVE-2024-53126",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53126"
},
{
"name": "CVE-2024-53133",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53133"
},
{
"name": "CVE-2024-53134",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53134"
},
{
"name": "CVE-2024-53141",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53141"
},
{
"name": "CVE-2024-53146",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53146"
},
{
"name": "CVE-2024-53148",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53148"
},
{
"name": "CVE-2024-53150",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53150"
},
{
"name": "CVE-2024-53151",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53151"
},
{
"name": "CVE-2024-53154",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53154"
},
{
"name": "CVE-2024-53155",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53155"
},
{
"name": "CVE-2024-53156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53156"
},
{
"name": "CVE-2024-53157",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53157"
},
{
"name": "CVE-2024-53158",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53158"
},
{
"name": "CVE-2024-53160",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53160"
},
{
"name": "CVE-2024-53161",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53161"
},
{
"name": "CVE-2024-53162",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53162"
},
{
"name": "CVE-2024-53166",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53166"
},
{
"name": "CVE-2024-53169",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53169"
},
{
"name": "CVE-2024-53171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53171"
},
{
"name": "CVE-2024-53173",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53173"
},
{
"name": "CVE-2024-53174",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53174"
},
{
"name": "CVE-2024-53180",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53180"
},
{
"name": "CVE-2024-53188",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53188"
},
{
"name": "CVE-2024-53190",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53190"
},
{
"name": "CVE-2024-53191",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53191"
},
{
"name": "CVE-2024-53200",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53200"
},
{
"name": "CVE-2024-53201",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53201"
},
{
"name": "CVE-2024-53202",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53202"
},
{
"name": "CVE-2024-53208",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53208"
},
{
"name": "CVE-2024-53209",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53209"
},
{
"name": "CVE-2024-53210",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53210"
},
{
"name": "CVE-2024-53213",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53213"
},
{
"name": "CVE-2024-53214",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53214"
},
{
"name": "CVE-2024-53215",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53215"
},
{
"name": "CVE-2024-53216",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53216"
},
{
"name": "CVE-2024-53217",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53217"
},
{
"name": "CVE-2024-53224",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53224"
},
{
"name": "CVE-2024-53229",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53229"
},
{
"name": "CVE-2024-53234",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53234"
},
{
"name": "CVE-2024-53237",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53237"
},
{
"name": "CVE-2024-56536",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56536"
},
{
"name": "CVE-2024-56539",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56539"
},
{
"name": "CVE-2024-56549",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56549"
},
{
"name": "CVE-2024-56752",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56752"
},
{
"name": "CVE-2024-56754",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56754"
},
{
"name": "CVE-2024-56755",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56755"
},
{
"name": "CVE-2024-56756",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56756"
},
{
"name": "CVE-2024-53239",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53239"
},
{
"name": "CVE-2024-56548",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56548"
},
{
"name": "CVE-2024-56704",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56704"
},
{
"name": "CVE-2024-49951",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49951"
},
{
"name": "CVE-2024-49998",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49998"
},
{
"name": "CVE-2024-50106",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50106"
},
{
"name": "CVE-2024-53091",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53091"
},
{
"name": "CVE-2024-53168",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53168"
},
{
"name": "CVE-2024-53170",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53170"
},
{
"name": "CVE-2024-53172",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53172"
},
{
"name": "CVE-2024-53175",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53175"
},
{
"name": "CVE-2024-53194",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53194"
},
{
"name": "CVE-2024-53195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53195"
},
{
"name": "CVE-2024-53196",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53196"
},
{
"name": "CVE-2024-53197",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53197"
},
{
"name": "CVE-2024-53198",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53198"
},
{
"name": "CVE-2024-53227",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53227"
},
{
"name": "CVE-2024-53230",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53230"
},
{
"name": "CVE-2024-53231",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53231"
},
{
"name": "CVE-2024-53232",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53232"
},
{
"name": "CVE-2024-53233",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53233"
},
{
"name": "CVE-2024-53236",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53236"
},
{
"name": "CVE-2024-56531",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56531"
},
{
"name": "CVE-2024-56532",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56532"
},
{
"name": "CVE-2024-56533",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56533"
},
{
"name": "CVE-2024-56538",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56538"
},
{
"name": "CVE-2024-56543",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56543"
},
{
"name": "CVE-2024-56546",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56546"
},
{
"name": "CVE-2024-53164",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53164"
},
{
"name": "CVE-2024-56672",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56672"
},
{
"name": "CVE-2024-56677",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56677"
},
{
"name": "CVE-2024-56678",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56678"
},
{
"name": "CVE-2024-56681",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56681"
},
{
"name": "CVE-2024-56683",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56683"
},
{
"name": "CVE-2024-56687",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56687"
},
{
"name": "CVE-2024-56688",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56688"
},
{
"name": "CVE-2024-56690",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56690"
},
{
"name": "CVE-2024-56691",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56691"
},
{
"name": "CVE-2024-56694",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56694"
},
{
"name": "CVE-2024-56698",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56698"
},
{
"name": "CVE-2024-56700",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56700"
},
{
"name": "CVE-2024-56701",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56701"
},
{
"name": "CVE-2024-56705",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56705"
},
{
"name": "CVE-2024-56708",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56708"
},
{
"name": "CVE-2024-56722",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56722"
},
{
"name": "CVE-2024-56723",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56723"
},
{
"name": "CVE-2024-56724",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56724"
},
{
"name": "CVE-2024-56729",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56729"
},
{
"name": "CVE-2024-56739",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56739"
},
{
"name": "CVE-2024-56741",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56741"
},
{
"name": "CVE-2024-56745",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56745"
},
{
"name": "CVE-2024-56746",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56746"
},
{
"name": "CVE-2024-56747",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56747"
},
{
"name": "CVE-2024-56748",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56748"
},
{
"name": "CVE-2024-53047",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53047"
},
{
"name": "CVE-2024-50258",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50258"
},
{
"name": "CVE-2024-50304",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50304"
},
{
"name": "CVE-2024-53187",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53187"
},
{
"name": "CVE-2024-53203",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53203"
},
{
"name": "CVE-2024-56658",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56658"
},
{
"name": "CVE-2024-56679",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56679"
},
{
"name": "CVE-2024-56693",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56693"
},
{
"name": "CVE-2024-56707",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56707"
},
{
"name": "CVE-2024-56725",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56725"
},
{
"name": "CVE-2024-56726",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56726"
},
{
"name": "CVE-2024-56727",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56727"
},
{
"name": "CVE-2024-56728",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56728"
},
{
"name": "CVE-2024-49994",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49994"
},
{
"name": "CVE-2024-50164",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50164"
},
{
"name": "CVE-2024-53124",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53124"
},
{
"name": "CVE-2024-53128",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53128"
},
{
"name": "CVE-2024-56703",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56703"
},
{
"name": "CVE-2024-53177",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53177"
},
{
"name": "CVE-2022-49034",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49034"
},
{
"name": "CVE-2024-46869",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46869"
},
{
"name": "CVE-2024-47676",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47676"
},
{
"name": "CVE-2024-47677",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47677"
},
{
"name": "CVE-2024-47680",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47680"
},
{
"name": "CVE-2024-47689",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47689"
},
{
"name": "CVE-2024-47691",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47691"
},
{
"name": "CVE-2024-47694",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47694"
},
{
"name": "CVE-2024-47700",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47700"
},
{
"name": "CVE-2024-47708",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47708"
},
{
"name": "CVE-2024-47711",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47711"
},
{
"name": "CVE-2024-47716",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47716"
},
{
"name": "CVE-2024-47717",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47717"
},
{
"name": "CVE-2024-47721",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47721"
},
{
"name": "CVE-2024-47724",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47724"
},
{
"name": "CVE-2024-47726",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47726"
},
{
"name": "CVE-2024-47733",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47733"
},
{
"name": "CVE-2024-47736",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47736"
},
{
"name": "CVE-2024-47746",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47746"
},
{
"name": "CVE-2024-49857",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49857"
},
{
"name": "CVE-2024-49865",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49865"
},
{
"name": "CVE-2024-49869",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49869"
},
{
"name": "CVE-2024-49872",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49872"
},
{
"name": "CVE-2024-49873",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49873"
},
{
"name": "CVE-2024-49876",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49876"
},
{
"name": "CVE-2024-49880",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49880"
},
{
"name": "CVE-2024-49885",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49885"
},
{
"name": "CVE-2024-49887",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49887"
},
{
"name": "CVE-2024-49926",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49926"
},
{
"name": "CVE-2024-49932",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49932"
},
{
"name": "CVE-2024-49940",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49940"
},
{
"name": "CVE-2024-49941",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49941"
},
{
"name": "CVE-2024-49942",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49942"
},
{
"name": "CVE-2024-49943",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49943"
},
{
"name": "CVE-2024-49956",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49956"
},
{
"name": "CVE-2024-49964",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49964"
},
{
"name": "CVE-2024-49970",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49970"
},
{
"name": "CVE-2024-49971",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49971"
},
{
"name": "CVE-2024-49979",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49979"
},
{
"name": "CVE-2024-49980",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49980"
},
{
"name": "CVE-2024-49988",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49988"
},
{
"name": "CVE-2024-49999",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49999"
},
{
"name": "CVE-2024-50005",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50005"
},
{
"name": "CVE-2024-50029",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50029"
},
{
"name": "CVE-2024-50030",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50030"
},
{
"name": "CVE-2024-50034",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50034"
},
{
"name": "CVE-2024-50037",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50037"
},
{
"name": "CVE-2024-50043",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50043"
},
{
"name": "CVE-2024-50056",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50056"
},
{
"name": "CVE-2024-50057",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50057"
},
{
"name": "CVE-2024-50065",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50065"
},
{
"name": "CVE-2024-50066",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50066"
},
{
"name": "CVE-2024-50068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50068"
},
{
"name": "CVE-2024-50070",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50070"
},
{
"name": "CVE-2024-50071",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50071"
},
{
"name": "CVE-2024-50079",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50079"
},
{
"name": "CVE-2024-50090",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50090"
},
{
"name": "CVE-2024-50091",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50091"
},
{
"name": "CVE-2024-50092",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50092"
},
{
"name": "CVE-2024-50094",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50094"
},
{
"name": "CVE-2024-50104",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50104"
},
{
"name": "CVE-2024-50105",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50105"
},
{
"name": "CVE-2024-50107",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50107"
},
{
"name": "CVE-2024-50109",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50109"
},
{
"name": "CVE-2024-50111",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50111"
},
{
"name": "CVE-2024-50112",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50112"
},
{
"name": "CVE-2024-50113",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50113"
},
{
"name": "CVE-2024-50114",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50114"
},
{
"name": "CVE-2024-50118",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50118"
},
{
"name": "CVE-2024-50119",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50119"
},
{
"name": "CVE-2024-50120",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50120"
},
{
"name": "CVE-2024-50122",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50122"
},
{
"name": "CVE-2024-50123",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50123"
},
{
"name": "CVE-2024-50129",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50129"
},
{
"name": "CVE-2024-50132",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50132"
},
{
"name": "CVE-2024-50137",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50137"
},
{
"name": "CVE-2024-50140",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50140"
},
{
"name": "CVE-2024-50144",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50144"
},
{
"name": "CVE-2024-50149",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50149"
},
{
"name": "CVE-2024-50152",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50152"
},
{
"name": "CVE-2024-50161",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50161"
},
{
"name": "CVE-2024-50165",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50165"
},
{
"name": "CVE-2024-50170",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50170"
},
{
"name": "CVE-2024-50173",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50173"
},
{
"name": "CVE-2024-50174",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50174"
},
{
"name": "CVE-2024-50178",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50178"
},
{
"name": "CVE-2024-50190",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50190"
},
{
"name": "CVE-2024-50197",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50197"
},
{
"name": "CVE-2024-50204",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50204"
},
{
"name": "CVE-2024-50206",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50206"
},
{
"name": "CVE-2024-50207",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50207"
},
{
"name": "CVE-2024-50212",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50212"
},
{
"name": "CVE-2024-50213",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50213"
},
{
"name": "CVE-2024-50214",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50214"
},
{
"name": "CVE-2024-50217",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50217"
},
{
"name": "CVE-2024-50220",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50220"
},
{
"name": "CVE-2024-50222",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50222"
},
{
"name": "CVE-2024-50223",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50223"
},
{
"name": "CVE-2024-50227",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50227"
},
{
"name": "CVE-2024-50238",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50238"
},
{
"name": "CVE-2024-50239",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50239"
},
{
"name": "CVE-2024-50253",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50253"
},
{
"name": "CVE-2024-50254",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50254"
},
{
"name": "CVE-2024-50260",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50260"
},
{
"name": "CVE-2024-50263",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50263"
},
{
"name": "CVE-2024-50266",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50266"
},
{
"name": "CVE-2024-50270",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50270"
},
{
"name": "CVE-2024-50277",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50277"
},
{
"name": "CVE-2024-50281",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50281"
},
{
"name": "CVE-2024-50285",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50285"
},
{
"name": "CVE-2024-50288",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50288"
},
{
"name": "CVE-2024-50291",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50291"
},
{
"name": "CVE-2024-50293",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50293"
},
{
"name": "CVE-2024-50294",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50294"
},
{
"name": "CVE-2024-50297",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50297"
},
{
"name": "CVE-2024-50300",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50300"
},
{
"name": "CVE-2024-50303",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50303"
},
{
"name": "CVE-2024-53044",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53044"
},
{
"name": "CVE-2024-53046",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53046"
},
{
"name": "CVE-2024-53049",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53049"
},
{
"name": "CVE-2024-53053",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53053"
},
{
"name": "CVE-2024-53062",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53062"
},
{
"name": "CVE-2024-53065",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53065"
},
{
"name": "CVE-2024-53067",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53067"
},
{
"name": "CVE-2024-53069",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53069"
},
{
"name": "CVE-2024-53071",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53071"
},
{
"name": "CVE-2024-53075",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53075"
},
{
"name": "CVE-2024-53077",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53077"
},
{
"name": "CVE-2024-53078",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53078"
},
{
"name": "CVE-2024-53080",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53080"
},
{
"name": "CVE-2024-53083",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53083"
},
{
"name": "CVE-2024-53084",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53084"
},
{
"name": "CVE-2024-53086",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53086"
},
{
"name": "CVE-2024-53087",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53087"
},
{
"name": "CVE-2024-53089",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53089"
},
{
"name": "CVE-2024-53092",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53092"
},
{
"name": "CVE-2024-53098",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53098"
},
{
"name": "CVE-2024-53107",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53107"
},
{
"name": "CVE-2024-53109",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53109"
},
{
"name": "CVE-2024-53115",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53115"
},
{
"name": "CVE-2024-53116",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53116"
},
{
"name": "CVE-2024-53132",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53132"
},
{
"name": "CVE-2024-53137",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53137"
},
{
"name": "CVE-2024-53139",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53139"
},
{
"name": "CVE-2024-53143",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53143"
},
{
"name": "CVE-2024-53145",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53145"
},
{
"name": "CVE-2024-53147",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53147"
},
{
"name": "CVE-2024-53149",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53149"
},
{
"name": "CVE-2024-53152",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53152"
},
{
"name": "CVE-2024-53153",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53153"
},
{
"name": "CVE-2024-53163",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53163"
},
{
"name": "CVE-2024-53165",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53165"
},
{
"name": "CVE-2024-53167",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53167"
},
{
"name": "CVE-2024-53176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53176"
},
{
"name": "CVE-2024-53178",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53178"
},
{
"name": "CVE-2024-53181",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53181"
},
{
"name": "CVE-2024-53183",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53183"
},
{
"name": "CVE-2024-53184",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53184"
},
{
"name": "CVE-2024-53189",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53189"
},
{
"name": "CVE-2024-53192",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53192"
},
{
"name": "CVE-2024-53193",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53193"
},
{
"name": "CVE-2024-53199",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53199"
},
{
"name": "CVE-2024-53212",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53212"
},
{
"name": "CVE-2024-53218",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53218"
},
{
"name": "CVE-2024-53219",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53219"
},
{
"name": "CVE-2024-53220",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53220"
},
{
"name": "CVE-2024-53221",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53221"
},
{
"name": "CVE-2024-53223",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53223"
},
{
"name": "CVE-2024-53226",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53226"
},
{
"name": "CVE-2024-53228",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53228"
},
{
"name": "CVE-2024-56534",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56534"
},
{
"name": "CVE-2024-56535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56535"
},
{
"name": "CVE-2024-56537",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56537"
},
{
"name": "CVE-2024-56540",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56540"
},
{
"name": "CVE-2024-56541",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56541"
},
{
"name": "CVE-2024-56544",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56544"
},
{
"name": "CVE-2024-56545",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56545"
},
{
"name": "CVE-2024-56674",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56674"
},
{
"name": "CVE-2024-56680",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56680"
},
{
"name": "CVE-2024-56684",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56684"
},
{
"name": "CVE-2024-56685",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56685"
},
{
"name": "CVE-2024-56689",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56689"
},
{
"name": "CVE-2024-56692",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56692"
},
{
"name": "CVE-2024-56696",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56696"
},
{
"name": "CVE-2024-56697",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56697"
},
{
"name": "CVE-2024-56699",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56699"
},
{
"name": "CVE-2024-56702",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56702"
},
{
"name": "CVE-2024-56720",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56720"
},
{
"name": "CVE-2024-56721",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56721"
},
{
"name": "CVE-2024-56742",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56742"
},
{
"name": "CVE-2024-56744",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56744"
},
{
"name": "CVE-2024-56749",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56749"
},
{
"name": "CVE-2024-56751",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56751"
},
{
"name": "CVE-2025-0927",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0927"
},
{
"name": "CVE-2024-56542",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56542"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0185",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-03-07T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "D\u00e9ni de service"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux d\u0027Ubuntu. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire, un d\u00e9ni de service et un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux d\u0027Ubuntu",
"vendor_advisories": [
{
"published_at": "2025-03-05",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7327-1",
"url": "https://ubuntu.com/security/notices/USN-7327-1"
},
{
"published_at": "2025-03-05",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7325-1",
"url": "https://ubuntu.com/security/notices/USN-7325-1"
},
{
"published_at": "2025-03-05",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7324-1",
"url": "https://ubuntu.com/security/notices/USN-7324-1"
},
{
"published_at": "2025-03-05",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7328-1",
"url": "https://ubuntu.com/security/notices/USN-7328-1"
},
{
"published_at": "2025-03-03",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7294-4",
"url": "https://ubuntu.com/security/notices/USN-7294-4"
},
{
"published_at": "2025-03-05",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7323-1",
"url": "https://ubuntu.com/security/notices/USN-7323-1"
},
{
"published_at": "2025-03-05",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7332-1",
"url": "https://ubuntu.com/security/notices/USN-7332-1"
},
{
"published_at": "2025-03-03",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7303-3",
"url": "https://ubuntu.com/security/notices/USN-7303-3"
},
{
"published_at": "2025-02-28",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7311-1",
"url": "https://ubuntu.com/security/notices/USN-7311-1"
},
{
"published_at": "2025-03-05",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7322-1",
"url": "https://ubuntu.com/security/notices/USN-7322-1"
},
{
"published_at": "2025-03-06",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7323-2",
"url": "https://ubuntu.com/security/notices/USN-7323-2"
},
{
"published_at": "2025-03-05",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7333-1",
"url": "https://ubuntu.com/security/notices/USN-7333-1"
},
{
"published_at": "2025-02-28",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7303-2",
"url": "https://ubuntu.com/security/notices/USN-7303-2"
},
{
"published_at": "2025-03-05",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7329-1",
"url": "https://ubuntu.com/security/notices/USN-7329-1"
},
{
"published_at": "2025-02-28",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7310-1",
"url": "https://ubuntu.com/security/notices/USN-7310-1"
},
{
"published_at": "2025-03-05",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7331-1",
"url": "https://ubuntu.com/security/notices/USN-7331-1"
},
{
"published_at": "2025-03-05",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7326-1",
"url": "https://ubuntu.com/security/notices/USN-7326-1"
},
{
"published_at": "2025-02-28",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7294-3",
"url": "https://ubuntu.com/security/notices/USN-7294-3"
}
]
}
CERTFR-2025-AVI-0185
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans le noyau Linux d'Ubuntu. Elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service et un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Ubuntu 16.04 ESM",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 24.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 20.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 24.10",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 14.04 ESM",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 22.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2023-52458",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52458"
},
{
"name": "CVE-2024-26718",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26718"
},
{
"name": "CVE-2024-26685",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26685"
},
{
"name": "CVE-2023-52488",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52488"
},
{
"name": "CVE-2023-52522",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52522"
},
{
"name": "CVE-2024-36886",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36886"
},
{
"name": "CVE-2021-47469",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47469"
},
{
"name": "CVE-2023-52799",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52799"
},
{
"name": "CVE-2023-52818",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52818"
},
{
"name": "CVE-2023-52880",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52880"
},
{
"name": "CVE-2024-35887",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35887"
},
{
"name": "CVE-2024-36952",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36952"
},
{
"name": "CVE-2024-35896",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35896"
},
{
"name": "CVE-2024-36964",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36964"
},
{
"name": "CVE-2024-38567",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38567"
},
{
"name": "CVE-2021-47103",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47103"
},
{
"name": "CVE-2024-38544",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38544"
},
{
"name": "CVE-2024-40910",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40910"
},
{
"name": "CVE-2024-40911",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40911"
},
{
"name": "CVE-2024-40943",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40943"
},
{
"name": "CVE-2024-40953",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40953"
},
{
"name": "CVE-2024-40981",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40981"
},
{
"name": "CVE-2021-47606",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47606"
},
{
"name": "CVE-2024-39497",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39497"
},
{
"name": "CVE-2024-41016",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41016"
},
{
"name": "CVE-2024-41063",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41063"
},
{
"name": "CVE-2024-41064",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41064"
},
{
"name": "CVE-2024-41066",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41066"
},
{
"name": "CVE-2024-42070",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42070"
},
{
"name": "CVE-2024-40965",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40965"
},
{
"name": "CVE-2024-42068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42068"
},
{
"name": "CVE-2023-52913",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52913"
},
{
"name": "CVE-2024-41080",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41080"
},
{
"name": "CVE-2024-42291",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42291"
},
{
"name": "CVE-2024-43854",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43854"
},
{
"name": "CVE-2024-43863",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43863"
},
{
"name": "CVE-2024-43892",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43892"
},
{
"name": "CVE-2024-43893",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43893"
},
{
"name": "CVE-2024-43900",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43900"
},
{
"name": "CVE-2024-44931",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44931"
},
{
"name": "CVE-2024-44938",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44938"
},
{
"name": "CVE-2024-46731",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46731"
},
{
"name": "CVE-2024-46849",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46849"
},
{
"name": "CVE-2024-46853",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46853"
},
{
"name": "CVE-2024-46854",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46854"
},
{
"name": "CVE-2024-42252",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42252"
},
{
"name": "CVE-2022-48994",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48994"
},
{
"name": "CVE-2023-52917",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52917"
},
{
"name": "CVE-2024-47670",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47670"
},
{
"name": "CVE-2024-47671",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47671"
},
{
"name": "CVE-2024-47672",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47672"
},
{
"name": "CVE-2024-47673",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47673"
},
{
"name": "CVE-2024-47674",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47674"
},
{
"name": "CVE-2024-47675",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47675"
},
{
"name": "CVE-2024-47681",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47681"
},
{
"name": "CVE-2024-47682",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47682"
},
{
"name": "CVE-2024-47684",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47684"
},
{
"name": "CVE-2024-47685",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47685"
},
{
"name": "CVE-2024-47686",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47686"
},
{
"name": "CVE-2024-47687",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47687"
},
{
"name": "CVE-2024-47688",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47688"
},
{
"name": "CVE-2024-47692",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47692"
},
{
"name": "CVE-2024-47693",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47693"
},
{
"name": "CVE-2024-47695",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47695"
},
{
"name": "CVE-2024-47696",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47696"
},
{
"name": "CVE-2024-47697",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47697"
},
{
"name": "CVE-2024-47698",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47698"
},
{
"name": "CVE-2024-47699",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47699"
},
{
"name": "CVE-2024-47702",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47702"
},
{
"name": "CVE-2024-47704",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47704"
},
{
"name": "CVE-2024-47705",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47705"
},
{
"name": "CVE-2024-47706",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47706"
},
{
"name": "CVE-2024-47707",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47707"
},
{
"name": "CVE-2024-47709",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47709"
},
{
"name": "CVE-2024-47710",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47710"
},
{
"name": "CVE-2024-47712",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47712"
},
{
"name": "CVE-2024-47713",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47713"
},
{
"name": "CVE-2024-47714",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47714"
},
{
"name": "CVE-2024-47715",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47715"
},
{
"name": "CVE-2024-47718",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47718"
},
{
"name": "CVE-2024-47719",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47719"
},
{
"name": "CVE-2024-47720",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47720"
},
{
"name": "CVE-2024-47723",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47723"
},
{
"name": "CVE-2024-47727",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47727"
},
{
"name": "CVE-2024-47728",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47728"
},
{
"name": "CVE-2024-47730",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47730"
},
{
"name": "CVE-2024-47731",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47731"
},
{
"name": "CVE-2024-47732",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47732"
},
{
"name": "CVE-2024-47735",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47735"
},
{
"name": "CVE-2024-47737",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47737"
},
{
"name": "CVE-2024-47738",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47738"
},
{
"name": "CVE-2024-47739",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47739"
},
{
"name": "CVE-2024-47741",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47741"
},
{
"name": "CVE-2024-47742",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47742"
},
{
"name": "CVE-2024-47743",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47743"
},
{
"name": "CVE-2024-47744",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47744"
},
{
"name": "CVE-2024-47745",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47745"
},
{
"name": "CVE-2024-47747",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47747"
},
{
"name": "CVE-2024-47748",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47748"
},
{
"name": "CVE-2024-47749",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47749"
},
{
"name": "CVE-2024-47750",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47750"
},
{
"name": "CVE-2024-47751",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47751"
},
{
"name": "CVE-2024-47752",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47752"
},
{
"name": "CVE-2024-47753",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47753"
},
{
"name": "CVE-2024-47754",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47754"
},
{
"name": "CVE-2024-47756",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47756"
},
{
"name": "CVE-2024-47757",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47757"
},
{
"name": "CVE-2024-49850",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49850"
},
{
"name": "CVE-2024-49851",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49851"
},
{
"name": "CVE-2024-49852",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49852"
},
{
"name": "CVE-2024-49853",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49853"
},
{
"name": "CVE-2024-49855",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49855"
},
{
"name": "CVE-2024-49858",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49858"
},
{
"name": "CVE-2024-49860",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49860"
},
{
"name": "CVE-2024-49861",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49861"
},
{
"name": "CVE-2024-49862",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49862"
},
{
"name": "CVE-2024-49863",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49863"
},
{
"name": "CVE-2024-49864",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49864"
},
{
"name": "CVE-2024-49866",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49866"
},
{
"name": "CVE-2024-49867",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49867"
},
{
"name": "CVE-2024-49870",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49870"
},
{
"name": "CVE-2024-49871",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49871"
},
{
"name": "CVE-2024-49874",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49874"
},
{
"name": "CVE-2024-49875",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49875"
},
{
"name": "CVE-2024-49877",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49877"
},
{
"name": "CVE-2024-49878",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49878"
},
{
"name": "CVE-2024-49879",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49879"
},
{
"name": "CVE-2024-49881",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49881"
},
{
"name": "CVE-2024-49882",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49882"
},
{
"name": "CVE-2024-49883",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49883"
},
{
"name": "CVE-2024-49886",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49886"
},
{
"name": "CVE-2024-49888",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49888"
},
{
"name": "CVE-2024-49890",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49890"
},
{
"name": "CVE-2024-49891",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49891"
},
{
"name": "CVE-2024-49892",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49892"
},
{
"name": "CVE-2024-49894",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49894"
},
{
"name": "CVE-2024-49895",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49895"
},
{
"name": "CVE-2024-49896",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49896"
},
{
"name": "CVE-2024-49897",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49897"
},
{
"name": "CVE-2024-49898",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49898"
},
{
"name": "CVE-2024-49900",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49900"
},
{
"name": "CVE-2024-49901",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49901"
},
{
"name": "CVE-2024-49902",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49902"
},
{
"name": "CVE-2024-49903",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49903"
},
{
"name": "CVE-2024-49907",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49907"
},
{
"name": "CVE-2024-49909",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49909"
},
{
"name": "CVE-2024-49911",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49911"
},
{
"name": "CVE-2024-49912",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49912"
},
{
"name": "CVE-2024-49913",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49913"
},
{
"name": "CVE-2024-49917",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49917"
},
{
"name": "CVE-2024-49918",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49918"
},
{
"name": "CVE-2024-49919",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49919"
},
{
"name": "CVE-2024-49922",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49922"
},
{
"name": "CVE-2024-49923",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49923"
},
{
"name": "CVE-2024-49928",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49928"
},
{
"name": "CVE-2024-49929",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49929"
},
{
"name": "CVE-2024-49930",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49930"
},
{
"name": "CVE-2024-49931",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49931"
},
{
"name": "CVE-2024-49933",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49933"
},
{
"name": "CVE-2024-49935",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49935"
},
{
"name": "CVE-2024-49936",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49936"
},
{
"name": "CVE-2024-49937",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49937"
},
{
"name": "CVE-2024-49938",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49938"
},
{
"name": "CVE-2024-49939",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49939"
},
{
"name": "CVE-2024-49946",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49946"
},
{
"name": "CVE-2024-49947",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49947"
},
{
"name": "CVE-2024-49949",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49949"
},
{
"name": "CVE-2024-49950",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49950"
},
{
"name": "CVE-2024-49953",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49953"
},
{
"name": "CVE-2024-49954",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49954"
},
{
"name": "CVE-2024-49955",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49955"
},
{
"name": "CVE-2024-49957",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49957"
},
{
"name": "CVE-2024-49958",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49958"
},
{
"name": "CVE-2024-49959",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49959"
},
{
"name": "CVE-2024-49960",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49960"
},
{
"name": "CVE-2024-49961",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49961"
},
{
"name": "CVE-2024-49962",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49962"
},
{
"name": "CVE-2024-49963",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49963"
},
{
"name": "CVE-2024-49965",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49965"
},
{
"name": "CVE-2024-49966",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49966"
},
{
"name": "CVE-2024-49969",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49969"
},
{
"name": "CVE-2024-49972",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49972"
},
{
"name": "CVE-2024-49973",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49973"
},
{
"name": "CVE-2024-49974",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49974"
},
{
"name": "CVE-2024-49975",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49975"
},
{
"name": "CVE-2024-49981",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49981"
},
{
"name": "CVE-2024-49982",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49982"
},
{
"name": "CVE-2024-49985",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49985"
},
{
"name": "CVE-2024-49986",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49986"
},
{
"name": "CVE-2024-49991",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49991"
},
{
"name": "CVE-2024-49995",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49995"
},
{
"name": "CVE-2024-49996",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49996"
},
{
"name": "CVE-2024-50000",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50000"
},
{
"name": "CVE-2024-50001",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50001"
},
{
"name": "CVE-2024-50002",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50002"
},
{
"name": "CVE-2024-50006",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50006"
},
{
"name": "CVE-2024-50007",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50007"
},
{
"name": "CVE-2024-50008",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50008"
},
{
"name": "CVE-2024-50013",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50013"
},
{
"name": "CVE-2024-50014",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50014"
},
{
"name": "CVE-2024-50015",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50015"
},
{
"name": "CVE-2024-50017",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50017"
},
{
"name": "CVE-2024-50019",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50019"
},
{
"name": "CVE-2024-50020",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50020"
},
{
"name": "CVE-2024-50021",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50021"
},
{
"name": "CVE-2024-50022",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50022"
},
{
"name": "CVE-2024-50023",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50023"
},
{
"name": "CVE-2024-50024",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50024"
},
{
"name": "CVE-2024-50025",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50025"
},
{
"name": "CVE-2024-50027",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50027"
},
{
"name": "CVE-2024-50028",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50028"
},
{
"name": "CVE-2024-50031",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50031"
},
{
"name": "CVE-2024-50033",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50033"
},
{
"name": "CVE-2024-50035",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50035"
},
{
"name": "CVE-2024-50040",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50040"
},
{
"name": "CVE-2024-50041",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50041"
},
{
"name": "CVE-2024-50042",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50042"
},
{
"name": "CVE-2024-50044",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50044"
},
{
"name": "CVE-2024-50045",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50045"
},
{
"name": "CVE-2024-50046",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50046"
},
{
"name": "CVE-2024-50047",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50047"
},
{
"name": "CVE-2024-50048",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50048"
},
{
"name": "CVE-2024-50049",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50049"
},
{
"name": "CVE-2024-50055",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50055"
},
{
"name": "CVE-2024-50058",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50058"
},
{
"name": "CVE-2024-50059",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50059"
},
{
"name": "CVE-2024-50060",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50060"
},
{
"name": "CVE-2024-50061",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50061"
},
{
"name": "CVE-2024-50062",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50062"
},
{
"name": "CVE-2024-50063",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50063"
},
{
"name": "CVE-2024-50064",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50064"
},
{
"name": "CVE-2024-50069",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50069"
},
{
"name": "CVE-2024-50073",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50073"
},
{
"name": "CVE-2024-50074",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50074"
},
{
"name": "CVE-2024-50075",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50075"
},
{
"name": "CVE-2024-50076",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50076"
},
{
"name": "CVE-2024-50077",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50077"
},
{
"name": "CVE-2024-50078",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50078"
},
{
"name": "CVE-2024-50080",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50080"
},
{
"name": "CVE-2024-50081",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50081"
},
{
"name": "CVE-2024-50012",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50012"
},
{
"name": "CVE-2024-50036",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50036"
},
{
"name": "CVE-2024-50067",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50067"
},
{
"name": "CVE-2024-50072",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50072"
},
{
"name": "CVE-2024-50126",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50126"
},
{
"name": "CVE-2024-50215",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50215"
},
{
"name": "CVE-2024-50218",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50218"
},
{
"name": "CVE-2024-50229",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50229"
},
{
"name": "CVE-2024-50230",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50230"
},
{
"name": "CVE-2024-50232",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50232"
},
{
"name": "CVE-2024-50233",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50233"
},
{
"name": "CVE-2024-50234",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50234"
},
{
"name": "CVE-2024-50235",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50235"
},
{
"name": "CVE-2024-50236",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50236"
},
{
"name": "CVE-2024-50237",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50237"
},
{
"name": "CVE-2024-50242",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50242"
},
{
"name": "CVE-2024-50243",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50243"
},
{
"name": "CVE-2024-50244",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50244"
},
{
"name": "CVE-2024-50245",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50245"
},
{
"name": "CVE-2024-50247",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50247"
},
{
"name": "CVE-2024-50249",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50249"
},
{
"name": "CVE-2024-50250",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50250"
},
{
"name": "CVE-2024-50251",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50251"
},
{
"name": "CVE-2024-50252",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50252"
},
{
"name": "CVE-2024-50255",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50255"
},
{
"name": "CVE-2024-50256",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50256"
},
{
"name": "CVE-2024-50257",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50257"
},
{
"name": "CVE-2024-50259",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50259"
},
{
"name": "CVE-2024-50261",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50261"
},
{
"name": "CVE-2024-50262",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50262"
},
{
"name": "CVE-2024-50265",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50265"
},
{
"name": "CVE-2024-50267",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50267"
},
{
"name": "CVE-2024-50268",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50268"
},
{
"name": "CVE-2024-50269",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50269"
},
{
"name": "CVE-2024-50271",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50271"
},
{
"name": "CVE-2024-50272",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50272"
},
{
"name": "CVE-2024-50273",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50273"
},
{
"name": "CVE-2024-50276",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50276"
},
{
"name": "CVE-2024-50278",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50278"
},
{
"name": "CVE-2024-50279",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50279"
},
{
"name": "CVE-2024-50280",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50280"
},
{
"name": "CVE-2024-50282",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50282"
},
{
"name": "CVE-2024-50283",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50283"
},
{
"name": "CVE-2024-50284",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50284"
},
{
"name": "CVE-2024-50286",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50286"
},
{
"name": "CVE-2024-50287",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50287"
},
{
"name": "CVE-2024-50290",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50290"
},
{
"name": "CVE-2024-50292",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50292"
},
{
"name": "CVE-2024-50295",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50295"
},
{
"name": "CVE-2024-50296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50296"
},
{
"name": "CVE-2024-50299",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50299"
},
{
"name": "CVE-2024-50301",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50301"
},
{
"name": "CVE-2024-50302",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50302"
},
{
"name": "CVE-2024-53042",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53042"
},
{
"name": "CVE-2024-53043",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53043"
},
{
"name": "CVE-2024-53052",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53052"
},
{
"name": "CVE-2024-53055",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53055"
},
{
"name": "CVE-2024-53058",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53058"
},
{
"name": "CVE-2024-53059",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53059"
},
{
"name": "CVE-2024-53061",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53061"
},
{
"name": "CVE-2024-53063",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53063"
},
{
"name": "CVE-2024-53066",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53066"
},
{
"name": "CVE-2024-53072",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53072"
},
{
"name": "CVE-2024-53081",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53081"
},
{
"name": "CVE-2024-53082",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53082"
},
{
"name": "CVE-2024-53088",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53088"
},
{
"name": "CVE-2024-53093",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53093"
},
{
"name": "CVE-2024-50226",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50226"
},
{
"name": "CVE-2024-49925",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49925"
},
{
"name": "CVE-2024-49945",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49945"
},
{
"name": "CVE-2024-50208",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50208"
},
{
"name": "CVE-2024-50082",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50082"
},
{
"name": "CVE-2024-50099",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50099"
},
{
"name": "CVE-2024-50110",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50110"
},
{
"name": "CVE-2024-50142",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50142"
},
{
"name": "CVE-2024-50192",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50192"
},
{
"name": "CVE-2024-47679",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47679"
},
{
"name": "CVE-2024-47690",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47690"
},
{
"name": "CVE-2024-47701",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47701"
},
{
"name": "CVE-2024-47734",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47734"
},
{
"name": "CVE-2024-47740",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47740"
},
{
"name": "CVE-2024-49856",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49856"
},
{
"name": "CVE-2024-49868",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49868"
},
{
"name": "CVE-2024-49884",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49884"
},
{
"name": "CVE-2024-49889",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49889"
},
{
"name": "CVE-2024-49905",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49905"
},
{
"name": "CVE-2024-49915",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49915"
},
{
"name": "CVE-2024-49924",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49924"
},
{
"name": "CVE-2024-49927",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49927"
},
{
"name": "CVE-2024-49944",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49944"
},
{
"name": "CVE-2024-49948",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49948"
},
{
"name": "CVE-2024-49952",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49952"
},
{
"name": "CVE-2024-49977",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49977"
},
{
"name": "CVE-2024-49983",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49983"
},
{
"name": "CVE-2024-49997",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49997"
},
{
"name": "CVE-2024-50003",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50003"
},
{
"name": "CVE-2024-50038",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50038"
},
{
"name": "CVE-2024-50039",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50039"
},
{
"name": "CVE-2024-50093",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50093"
},
{
"name": "CVE-2024-50095",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50095"
},
{
"name": "CVE-2024-50096",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50096"
},
{
"name": "CVE-2024-50179",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50179"
},
{
"name": "CVE-2024-50180",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50180"
},
{
"name": "CVE-2024-50181",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50181"
},
{
"name": "CVE-2024-50184",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50184"
},
{
"name": "CVE-2024-50186",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50186"
},
{
"name": "CVE-2024-50188",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50188"
},
{
"name": "CVE-2024-50189",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50189"
},
{
"name": "CVE-2024-50191",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50191"
},
{
"name": "CVE-2024-47703",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47703"
},
{
"name": "CVE-2024-49934",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49934"
},
{
"name": "CVE-2024-49968",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49968"
},
{
"name": "CVE-2024-49976",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49976"
},
{
"name": "CVE-2024-49987",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49987"
},
{
"name": "CVE-2024-49989",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49989"
},
{
"name": "CVE-2024-50009",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50009"
},
{
"name": "CVE-2024-50026",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50026"
},
{
"name": "CVE-2024-50084",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50084"
},
{
"name": "CVE-2024-50087",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50087"
},
{
"name": "CVE-2024-50088",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50088"
},
{
"name": "CVE-2024-50098",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50098"
},
{
"name": "CVE-2024-50100",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50100"
},
{
"name": "CVE-2024-50101",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50101"
},
{
"name": "CVE-2024-50102",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50102"
},
{
"name": "CVE-2024-50103",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50103"
},
{
"name": "CVE-2024-50108",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50108"
},
{
"name": "CVE-2024-50115",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50115"
},
{
"name": "CVE-2024-50116",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50116"
},
{
"name": "CVE-2024-50117",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50117"
},
{
"name": "CVE-2024-50121",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50121"
},
{
"name": "CVE-2024-50124",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50124"
},
{
"name": "CVE-2024-50125",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50125"
},
{
"name": "CVE-2024-50127",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50127"
},
{
"name": "CVE-2024-50128",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50128"
},
{
"name": "CVE-2024-50130",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50130"
},
{
"name": "CVE-2024-50131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50131"
},
{
"name": "CVE-2024-50134",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50134"
},
{
"name": "CVE-2024-50135",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50135"
},
{
"name": "CVE-2024-50136",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50136"
},
{
"name": "CVE-2024-50138",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50138"
},
{
"name": "CVE-2024-50139",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50139"
},
{
"name": "CVE-2024-50141",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50141"
},
{
"name": "CVE-2024-50145",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50145"
},
{
"name": "CVE-2024-50146",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50146"
},
{
"name": "CVE-2024-50147",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50147"
},
{
"name": "CVE-2024-50148",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50148"
},
{
"name": "CVE-2024-50150",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50150"
},
{
"name": "CVE-2024-50153",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50153"
},
{
"name": "CVE-2024-50154",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50154"
},
{
"name": "CVE-2024-50155",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50155"
},
{
"name": "CVE-2024-50156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50156"
},
{
"name": "CVE-2024-50157",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50157"
},
{
"name": "CVE-2024-50158",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50158"
},
{
"name": "CVE-2024-50159",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50159"
},
{
"name": "CVE-2024-50160",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50160"
},
{
"name": "CVE-2024-50166",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50166"
},
{
"name": "CVE-2024-50167",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50167"
},
{
"name": "CVE-2024-50169",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50169"
},
{
"name": "CVE-2024-50171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50171"
},
{
"name": "CVE-2024-50172",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50172"
},
{
"name": "CVE-2024-50175",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50175"
},
{
"name": "CVE-2024-50176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50176"
},
{
"name": "CVE-2024-50177",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50177"
},
{
"name": "CVE-2024-50182",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50182"
},
{
"name": "CVE-2024-50183",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50183"
},
{
"name": "CVE-2024-50187",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50187"
},
{
"name": "CVE-2024-50194",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50194"
},
{
"name": "CVE-2024-50195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50195"
},
{
"name": "CVE-2024-50196",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50196"
},
{
"name": "CVE-2024-50198",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50198"
},
{
"name": "CVE-2024-50200",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50200"
},
{
"name": "CVE-2024-50201",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50201"
},
{
"name": "CVE-2024-50205",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50205"
},
{
"name": "CVE-2024-50209",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50209"
},
{
"name": "CVE-2024-50216",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50216"
},
{
"name": "CVE-2024-50221",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50221"
},
{
"name": "CVE-2024-50224",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50224"
},
{
"name": "CVE-2024-50225",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50225"
},
{
"name": "CVE-2024-50231",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50231"
},
{
"name": "CVE-2024-50240",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50240"
},
{
"name": "CVE-2024-50246",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50246"
},
{
"name": "CVE-2024-50248",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50248"
},
{
"name": "CVE-2024-50274",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50274"
},
{
"name": "CVE-2024-50275",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50275"
},
{
"name": "CVE-2024-50289",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50289"
},
{
"name": "CVE-2024-50298",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50298"
},
{
"name": "CVE-2024-53045",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53045"
},
{
"name": "CVE-2024-53048",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53048"
},
{
"name": "CVE-2024-53056",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53056"
},
{
"name": "CVE-2024-53068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53068"
},
{
"name": "CVE-2024-53074",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53074"
},
{
"name": "CVE-2024-53076",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53076"
},
{
"name": "CVE-2024-53079",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53079"
},
{
"name": "CVE-2024-53085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53085"
},
{
"name": "CVE-2024-53094",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53094"
},
{
"name": "CVE-2024-53095",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53095"
},
{
"name": "CVE-2024-53100",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53100"
},
{
"name": "CVE-2024-53101",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53101"
},
{
"name": "CVE-2024-53104",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53104"
},
{
"name": "CVE-2024-53106",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53106"
},
{
"name": "CVE-2024-53108",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53108"
},
{
"name": "CVE-2024-53110",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53110"
},
{
"name": "CVE-2024-53112",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53112"
},
{
"name": "CVE-2024-53114",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53114"
},
{
"name": "CVE-2024-53121",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53121"
},
{
"name": "CVE-2024-53138",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53138"
},
{
"name": "CVE-2024-53142",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53142"
},
{
"name": "CVE-2024-47678",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47678"
},
{
"name": "CVE-2024-49859",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49859"
},
{
"name": "CVE-2024-49978",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49978"
},
{
"name": "CVE-2024-49992",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49992"
},
{
"name": "CVE-2024-50010",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50010"
},
{
"name": "CVE-2024-50083",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50083"
},
{
"name": "CVE-2024-50085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50085"
},
{
"name": "CVE-2024-50086",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50086"
},
{
"name": "CVE-2024-50133",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50133"
},
{
"name": "CVE-2024-50143",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50143"
},
{
"name": "CVE-2024-50151",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50151"
},
{
"name": "CVE-2024-50162",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50162"
},
{
"name": "CVE-2024-50163",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50163"
},
{
"name": "CVE-2024-50168",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50168"
},
{
"name": "CVE-2024-50185",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50185"
},
{
"name": "CVE-2024-50193",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50193"
},
{
"name": "CVE-2024-50199",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50199"
},
{
"name": "CVE-2024-50202",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50202"
},
{
"name": "CVE-2024-53097",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53097"
},
{
"name": "CVE-2024-53103",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53103"
},
{
"name": "CVE-2024-53113",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53113"
},
{
"name": "CVE-2024-53119",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53119"
},
{
"name": "CVE-2024-53120",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53120"
},
{
"name": "CVE-2024-53122",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53122"
},
{
"name": "CVE-2024-53123",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53123"
},
{
"name": "CVE-2024-53127",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53127"
},
{
"name": "CVE-2024-53129",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53129"
},
{
"name": "CVE-2024-53130",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53130"
},
{
"name": "CVE-2024-53131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53131"
},
{
"name": "CVE-2024-53135",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53135"
},
{
"name": "CVE-2024-53140",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53140"
},
{
"name": "CVE-2024-53144",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53144"
},
{
"name": "CVE-2024-50016",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50016"
},
{
"name": "CVE-2024-50203",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50203"
},
{
"name": "CVE-2024-50211",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50211"
},
{
"name": "CVE-2024-53064",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53064"
},
{
"name": "CVE-2024-53090",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53090"
},
{
"name": "CVE-2024-53099",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53099"
},
{
"name": "CVE-2024-53105",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53105"
},
{
"name": "CVE-2024-53111",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53111"
},
{
"name": "CVE-2024-53117",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53117"
},
{
"name": "CVE-2024-53118",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53118"
},
{
"name": "CVE-2024-53125",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53125"
},
{
"name": "CVE-2024-53126",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53126"
},
{
"name": "CVE-2024-53133",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53133"
},
{
"name": "CVE-2024-53134",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53134"
},
{
"name": "CVE-2024-53141",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53141"
},
{
"name": "CVE-2024-53146",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53146"
},
{
"name": "CVE-2024-53148",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53148"
},
{
"name": "CVE-2024-53150",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53150"
},
{
"name": "CVE-2024-53151",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53151"
},
{
"name": "CVE-2024-53154",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53154"
},
{
"name": "CVE-2024-53155",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53155"
},
{
"name": "CVE-2024-53156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53156"
},
{
"name": "CVE-2024-53157",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53157"
},
{
"name": "CVE-2024-53158",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53158"
},
{
"name": "CVE-2024-53160",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53160"
},
{
"name": "CVE-2024-53161",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53161"
},
{
"name": "CVE-2024-53162",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53162"
},
{
"name": "CVE-2024-53166",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53166"
},
{
"name": "CVE-2024-53169",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53169"
},
{
"name": "CVE-2024-53171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53171"
},
{
"name": "CVE-2024-53173",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53173"
},
{
"name": "CVE-2024-53174",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53174"
},
{
"name": "CVE-2024-53180",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53180"
},
{
"name": "CVE-2024-53188",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53188"
},
{
"name": "CVE-2024-53190",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53190"
},
{
"name": "CVE-2024-53191",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53191"
},
{
"name": "CVE-2024-53200",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53200"
},
{
"name": "CVE-2024-53201",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53201"
},
{
"name": "CVE-2024-53202",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53202"
},
{
"name": "CVE-2024-53208",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53208"
},
{
"name": "CVE-2024-53209",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53209"
},
{
"name": "CVE-2024-53210",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53210"
},
{
"name": "CVE-2024-53213",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53213"
},
{
"name": "CVE-2024-53214",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53214"
},
{
"name": "CVE-2024-53215",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53215"
},
{
"name": "CVE-2024-53216",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53216"
},
{
"name": "CVE-2024-53217",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53217"
},
{
"name": "CVE-2024-53224",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53224"
},
{
"name": "CVE-2024-53229",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53229"
},
{
"name": "CVE-2024-53234",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53234"
},
{
"name": "CVE-2024-53237",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53237"
},
{
"name": "CVE-2024-56536",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56536"
},
{
"name": "CVE-2024-56539",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56539"
},
{
"name": "CVE-2024-56549",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56549"
},
{
"name": "CVE-2024-56752",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56752"
},
{
"name": "CVE-2024-56754",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56754"
},
{
"name": "CVE-2024-56755",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56755"
},
{
"name": "CVE-2024-56756",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56756"
},
{
"name": "CVE-2024-53239",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53239"
},
{
"name": "CVE-2024-56548",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56548"
},
{
"name": "CVE-2024-56704",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56704"
},
{
"name": "CVE-2024-49951",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49951"
},
{
"name": "CVE-2024-49998",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49998"
},
{
"name": "CVE-2024-50106",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50106"
},
{
"name": "CVE-2024-53091",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53091"
},
{
"name": "CVE-2024-53168",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53168"
},
{
"name": "CVE-2024-53170",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53170"
},
{
"name": "CVE-2024-53172",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53172"
},
{
"name": "CVE-2024-53175",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53175"
},
{
"name": "CVE-2024-53194",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53194"
},
{
"name": "CVE-2024-53195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53195"
},
{
"name": "CVE-2024-53196",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53196"
},
{
"name": "CVE-2024-53197",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53197"
},
{
"name": "CVE-2024-53198",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53198"
},
{
"name": "CVE-2024-53227",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53227"
},
{
"name": "CVE-2024-53230",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53230"
},
{
"name": "CVE-2024-53231",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53231"
},
{
"name": "CVE-2024-53232",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53232"
},
{
"name": "CVE-2024-53233",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53233"
},
{
"name": "CVE-2024-53236",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53236"
},
{
"name": "CVE-2024-56531",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56531"
},
{
"name": "CVE-2024-56532",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56532"
},
{
"name": "CVE-2024-56533",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56533"
},
{
"name": "CVE-2024-56538",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56538"
},
{
"name": "CVE-2024-56543",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56543"
},
{
"name": "CVE-2024-56546",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56546"
},
{
"name": "CVE-2024-53164",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53164"
},
{
"name": "CVE-2024-56672",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56672"
},
{
"name": "CVE-2024-56677",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56677"
},
{
"name": "CVE-2024-56678",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56678"
},
{
"name": "CVE-2024-56681",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56681"
},
{
"name": "CVE-2024-56683",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56683"
},
{
"name": "CVE-2024-56687",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56687"
},
{
"name": "CVE-2024-56688",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56688"
},
{
"name": "CVE-2024-56690",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56690"
},
{
"name": "CVE-2024-56691",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56691"
},
{
"name": "CVE-2024-56694",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56694"
},
{
"name": "CVE-2024-56698",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56698"
},
{
"name": "CVE-2024-56700",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56700"
},
{
"name": "CVE-2024-56701",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56701"
},
{
"name": "CVE-2024-56705",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56705"
},
{
"name": "CVE-2024-56708",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56708"
},
{
"name": "CVE-2024-56722",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56722"
},
{
"name": "CVE-2024-56723",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56723"
},
{
"name": "CVE-2024-56724",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56724"
},
{
"name": "CVE-2024-56729",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56729"
},
{
"name": "CVE-2024-56739",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56739"
},
{
"name": "CVE-2024-56741",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56741"
},
{
"name": "CVE-2024-56745",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56745"
},
{
"name": "CVE-2024-56746",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56746"
},
{
"name": "CVE-2024-56747",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56747"
},
{
"name": "CVE-2024-56748",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56748"
},
{
"name": "CVE-2024-53047",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53047"
},
{
"name": "CVE-2024-50258",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50258"
},
{
"name": "CVE-2024-50304",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50304"
},
{
"name": "CVE-2024-53187",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53187"
},
{
"name": "CVE-2024-53203",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53203"
},
{
"name": "CVE-2024-56658",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56658"
},
{
"name": "CVE-2024-56679",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56679"
},
{
"name": "CVE-2024-56693",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56693"
},
{
"name": "CVE-2024-56707",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56707"
},
{
"name": "CVE-2024-56725",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56725"
},
{
"name": "CVE-2024-56726",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56726"
},
{
"name": "CVE-2024-56727",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56727"
},
{
"name": "CVE-2024-56728",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56728"
},
{
"name": "CVE-2024-49994",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49994"
},
{
"name": "CVE-2024-50164",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50164"
},
{
"name": "CVE-2024-53124",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53124"
},
{
"name": "CVE-2024-53128",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53128"
},
{
"name": "CVE-2024-56703",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56703"
},
{
"name": "CVE-2024-53177",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53177"
},
{
"name": "CVE-2022-49034",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49034"
},
{
"name": "CVE-2024-46869",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46869"
},
{
"name": "CVE-2024-47676",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47676"
},
{
"name": "CVE-2024-47677",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47677"
},
{
"name": "CVE-2024-47680",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47680"
},
{
"name": "CVE-2024-47689",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47689"
},
{
"name": "CVE-2024-47691",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47691"
},
{
"name": "CVE-2024-47694",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47694"
},
{
"name": "CVE-2024-47700",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47700"
},
{
"name": "CVE-2024-47708",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47708"
},
{
"name": "CVE-2024-47711",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47711"
},
{
"name": "CVE-2024-47716",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47716"
},
{
"name": "CVE-2024-47717",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47717"
},
{
"name": "CVE-2024-47721",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47721"
},
{
"name": "CVE-2024-47724",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47724"
},
{
"name": "CVE-2024-47726",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47726"
},
{
"name": "CVE-2024-47733",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47733"
},
{
"name": "CVE-2024-47736",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47736"
},
{
"name": "CVE-2024-47746",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47746"
},
{
"name": "CVE-2024-49857",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49857"
},
{
"name": "CVE-2024-49865",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49865"
},
{
"name": "CVE-2024-49869",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49869"
},
{
"name": "CVE-2024-49872",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49872"
},
{
"name": "CVE-2024-49873",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49873"
},
{
"name": "CVE-2024-49876",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49876"
},
{
"name": "CVE-2024-49880",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49880"
},
{
"name": "CVE-2024-49885",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49885"
},
{
"name": "CVE-2024-49887",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49887"
},
{
"name": "CVE-2024-49926",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49926"
},
{
"name": "CVE-2024-49932",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49932"
},
{
"name": "CVE-2024-49940",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49940"
},
{
"name": "CVE-2024-49941",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49941"
},
{
"name": "CVE-2024-49942",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49942"
},
{
"name": "CVE-2024-49943",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49943"
},
{
"name": "CVE-2024-49956",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49956"
},
{
"name": "CVE-2024-49964",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49964"
},
{
"name": "CVE-2024-49970",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49970"
},
{
"name": "CVE-2024-49971",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49971"
},
{
"name": "CVE-2024-49979",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49979"
},
{
"name": "CVE-2024-49980",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49980"
},
{
"name": "CVE-2024-49988",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49988"
},
{
"name": "CVE-2024-49999",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49999"
},
{
"name": "CVE-2024-50005",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50005"
},
{
"name": "CVE-2024-50029",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50029"
},
{
"name": "CVE-2024-50030",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50030"
},
{
"name": "CVE-2024-50034",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50034"
},
{
"name": "CVE-2024-50037",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50037"
},
{
"name": "CVE-2024-50043",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50043"
},
{
"name": "CVE-2024-50056",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50056"
},
{
"name": "CVE-2024-50057",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50057"
},
{
"name": "CVE-2024-50065",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50065"
},
{
"name": "CVE-2024-50066",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50066"
},
{
"name": "CVE-2024-50068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50068"
},
{
"name": "CVE-2024-50070",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50070"
},
{
"name": "CVE-2024-50071",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50071"
},
{
"name": "CVE-2024-50079",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50079"
},
{
"name": "CVE-2024-50090",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50090"
},
{
"name": "CVE-2024-50091",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50091"
},
{
"name": "CVE-2024-50092",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50092"
},
{
"name": "CVE-2024-50094",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50094"
},
{
"name": "CVE-2024-50104",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50104"
},
{
"name": "CVE-2024-50105",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50105"
},
{
"name": "CVE-2024-50107",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50107"
},
{
"name": "CVE-2024-50109",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50109"
},
{
"name": "CVE-2024-50111",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50111"
},
{
"name": "CVE-2024-50112",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50112"
},
{
"name": "CVE-2024-50113",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50113"
},
{
"name": "CVE-2024-50114",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50114"
},
{
"name": "CVE-2024-50118",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50118"
},
{
"name": "CVE-2024-50119",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50119"
},
{
"name": "CVE-2024-50120",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50120"
},
{
"name": "CVE-2024-50122",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50122"
},
{
"name": "CVE-2024-50123",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50123"
},
{
"name": "CVE-2024-50129",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50129"
},
{
"name": "CVE-2024-50132",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50132"
},
{
"name": "CVE-2024-50137",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50137"
},
{
"name": "CVE-2024-50140",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50140"
},
{
"name": "CVE-2024-50144",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50144"
},
{
"name": "CVE-2024-50149",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50149"
},
{
"name": "CVE-2024-50152",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50152"
},
{
"name": "CVE-2024-50161",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50161"
},
{
"name": "CVE-2024-50165",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50165"
},
{
"name": "CVE-2024-50170",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50170"
},
{
"name": "CVE-2024-50173",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50173"
},
{
"name": "CVE-2024-50174",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50174"
},
{
"name": "CVE-2024-50178",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50178"
},
{
"name": "CVE-2024-50190",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50190"
},
{
"name": "CVE-2024-50197",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50197"
},
{
"name": "CVE-2024-50204",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50204"
},
{
"name": "CVE-2024-50206",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50206"
},
{
"name": "CVE-2024-50207",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50207"
},
{
"name": "CVE-2024-50212",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50212"
},
{
"name": "CVE-2024-50213",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50213"
},
{
"name": "CVE-2024-50214",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50214"
},
{
"name": "CVE-2024-50217",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50217"
},
{
"name": "CVE-2024-50220",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50220"
},
{
"name": "CVE-2024-50222",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50222"
},
{
"name": "CVE-2024-50223",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50223"
},
{
"name": "CVE-2024-50227",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50227"
},
{
"name": "CVE-2024-50238",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50238"
},
{
"name": "CVE-2024-50239",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50239"
},
{
"name": "CVE-2024-50253",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50253"
},
{
"name": "CVE-2024-50254",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50254"
},
{
"name": "CVE-2024-50260",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50260"
},
{
"name": "CVE-2024-50263",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50263"
},
{
"name": "CVE-2024-50266",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50266"
},
{
"name": "CVE-2024-50270",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50270"
},
{
"name": "CVE-2024-50277",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50277"
},
{
"name": "CVE-2024-50281",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50281"
},
{
"name": "CVE-2024-50285",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50285"
},
{
"name": "CVE-2024-50288",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50288"
},
{
"name": "CVE-2024-50291",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50291"
},
{
"name": "CVE-2024-50293",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50293"
},
{
"name": "CVE-2024-50294",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50294"
},
{
"name": "CVE-2024-50297",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50297"
},
{
"name": "CVE-2024-50300",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50300"
},
{
"name": "CVE-2024-50303",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50303"
},
{
"name": "CVE-2024-53044",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53044"
},
{
"name": "CVE-2024-53046",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53046"
},
{
"name": "CVE-2024-53049",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53049"
},
{
"name": "CVE-2024-53053",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53053"
},
{
"name": "CVE-2024-53062",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53062"
},
{
"name": "CVE-2024-53065",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53065"
},
{
"name": "CVE-2024-53067",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53067"
},
{
"name": "CVE-2024-53069",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53069"
},
{
"name": "CVE-2024-53071",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53071"
},
{
"name": "CVE-2024-53075",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53075"
},
{
"name": "CVE-2024-53077",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53077"
},
{
"name": "CVE-2024-53078",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53078"
},
{
"name": "CVE-2024-53080",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53080"
},
{
"name": "CVE-2024-53083",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53083"
},
{
"name": "CVE-2024-53084",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53084"
},
{
"name": "CVE-2024-53086",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53086"
},
{
"name": "CVE-2024-53087",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53087"
},
{
"name": "CVE-2024-53089",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53089"
},
{
"name": "CVE-2024-53092",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53092"
},
{
"name": "CVE-2024-53098",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53098"
},
{
"name": "CVE-2024-53107",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53107"
},
{
"name": "CVE-2024-53109",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53109"
},
{
"name": "CVE-2024-53115",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53115"
},
{
"name": "CVE-2024-53116",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53116"
},
{
"name": "CVE-2024-53132",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53132"
},
{
"name": "CVE-2024-53137",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53137"
},
{
"name": "CVE-2024-53139",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53139"
},
{
"name": "CVE-2024-53143",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53143"
},
{
"name": "CVE-2024-53145",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53145"
},
{
"name": "CVE-2024-53147",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53147"
},
{
"name": "CVE-2024-53149",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53149"
},
{
"name": "CVE-2024-53152",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53152"
},
{
"name": "CVE-2024-53153",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53153"
},
{
"name": "CVE-2024-53163",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53163"
},
{
"name": "CVE-2024-53165",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53165"
},
{
"name": "CVE-2024-53167",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53167"
},
{
"name": "CVE-2024-53176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53176"
},
{
"name": "CVE-2024-53178",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53178"
},
{
"name": "CVE-2024-53181",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53181"
},
{
"name": "CVE-2024-53183",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53183"
},
{
"name": "CVE-2024-53184",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53184"
},
{
"name": "CVE-2024-53189",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53189"
},
{
"name": "CVE-2024-53192",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53192"
},
{
"name": "CVE-2024-53193",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53193"
},
{
"name": "CVE-2024-53199",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53199"
},
{
"name": "CVE-2024-53212",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53212"
},
{
"name": "CVE-2024-53218",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53218"
},
{
"name": "CVE-2024-53219",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53219"
},
{
"name": "CVE-2024-53220",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53220"
},
{
"name": "CVE-2024-53221",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53221"
},
{
"name": "CVE-2024-53223",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53223"
},
{
"name": "CVE-2024-53226",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53226"
},
{
"name": "CVE-2024-53228",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53228"
},
{
"name": "CVE-2024-56534",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56534"
},
{
"name": "CVE-2024-56535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56535"
},
{
"name": "CVE-2024-56537",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56537"
},
{
"name": "CVE-2024-56540",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56540"
},
{
"name": "CVE-2024-56541",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56541"
},
{
"name": "CVE-2024-56544",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56544"
},
{
"name": "CVE-2024-56545",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56545"
},
{
"name": "CVE-2024-56674",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56674"
},
{
"name": "CVE-2024-56680",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56680"
},
{
"name": "CVE-2024-56684",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56684"
},
{
"name": "CVE-2024-56685",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56685"
},
{
"name": "CVE-2024-56689",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56689"
},
{
"name": "CVE-2024-56692",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56692"
},
{
"name": "CVE-2024-56696",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56696"
},
{
"name": "CVE-2024-56697",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56697"
},
{
"name": "CVE-2024-56699",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56699"
},
{
"name": "CVE-2024-56702",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56702"
},
{
"name": "CVE-2024-56720",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56720"
},
{
"name": "CVE-2024-56721",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56721"
},
{
"name": "CVE-2024-56742",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56742"
},
{
"name": "CVE-2024-56744",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56744"
},
{
"name": "CVE-2024-56749",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56749"
},
{
"name": "CVE-2024-56751",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56751"
},
{
"name": "CVE-2025-0927",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0927"
},
{
"name": "CVE-2024-56542",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56542"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0185",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-03-07T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "D\u00e9ni de service"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux d\u0027Ubuntu. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire, un d\u00e9ni de service et un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux d\u0027Ubuntu",
"vendor_advisories": [
{
"published_at": "2025-03-05",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7327-1",
"url": "https://ubuntu.com/security/notices/USN-7327-1"
},
{
"published_at": "2025-03-05",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7325-1",
"url": "https://ubuntu.com/security/notices/USN-7325-1"
},
{
"published_at": "2025-03-05",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7324-1",
"url": "https://ubuntu.com/security/notices/USN-7324-1"
},
{
"published_at": "2025-03-05",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7328-1",
"url": "https://ubuntu.com/security/notices/USN-7328-1"
},
{
"published_at": "2025-03-03",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7294-4",
"url": "https://ubuntu.com/security/notices/USN-7294-4"
},
{
"published_at": "2025-03-05",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7323-1",
"url": "https://ubuntu.com/security/notices/USN-7323-1"
},
{
"published_at": "2025-03-05",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7332-1",
"url": "https://ubuntu.com/security/notices/USN-7332-1"
},
{
"published_at": "2025-03-03",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7303-3",
"url": "https://ubuntu.com/security/notices/USN-7303-3"
},
{
"published_at": "2025-02-28",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7311-1",
"url": "https://ubuntu.com/security/notices/USN-7311-1"
},
{
"published_at": "2025-03-05",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7322-1",
"url": "https://ubuntu.com/security/notices/USN-7322-1"
},
{
"published_at": "2025-03-06",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7323-2",
"url": "https://ubuntu.com/security/notices/USN-7323-2"
},
{
"published_at": "2025-03-05",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7333-1",
"url": "https://ubuntu.com/security/notices/USN-7333-1"
},
{
"published_at": "2025-02-28",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7303-2",
"url": "https://ubuntu.com/security/notices/USN-7303-2"
},
{
"published_at": "2025-03-05",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7329-1",
"url": "https://ubuntu.com/security/notices/USN-7329-1"
},
{
"published_at": "2025-02-28",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7310-1",
"url": "https://ubuntu.com/security/notices/USN-7310-1"
},
{
"published_at": "2025-03-05",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7331-1",
"url": "https://ubuntu.com/security/notices/USN-7331-1"
},
{
"published_at": "2025-03-05",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7326-1",
"url": "https://ubuntu.com/security/notices/USN-7326-1"
},
{
"published_at": "2025-02-28",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7294-3",
"url": "https://ubuntu.com/security/notices/USN-7294-3"
}
]
}
CERTFR-2025-AVI-0349
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans le noyau Linux d'Ubuntu. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, une élévation de privilèges et une atteinte à la confidentialité des données
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Ubuntu 24.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 18.04 ESM",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 20.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 24.10",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 22.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-26718",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26718"
},
{
"name": "CVE-2021-47119",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47119"
},
{
"name": "CVE-2021-47219",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47219"
},
{
"name": "CVE-2024-23848",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23848"
},
{
"name": "CVE-2024-26915",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26915"
},
{
"name": "CVE-2024-26928",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26928"
},
{
"name": "CVE-2024-35864",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35864"
},
{
"name": "CVE-2024-35887",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35887"
},
{
"name": "CVE-2024-35958",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35958"
},
{
"name": "CVE-2024-36899",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36899"
},
{
"name": "CVE-2024-40953",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40953"
},
{
"name": "CVE-2024-38588",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38588"
},
{
"name": "CVE-2024-26837",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26837"
},
{
"name": "CVE-2024-41014",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41014"
},
{
"name": "CVE-2024-39497",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39497"
},
{
"name": "CVE-2024-41066",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41066"
},
{
"name": "CVE-2024-42122",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42122"
},
{
"name": "CVE-2024-40965",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40965"
},
{
"name": "CVE-2023-52913",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52913"
},
{
"name": "CVE-2024-41080",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41080"
},
{
"name": "CVE-2024-42069",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42069"
},
{
"name": "CVE-2024-42291",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42291"
},
{
"name": "CVE-2024-42315",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42315"
},
{
"name": "CVE-2024-43900",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43900"
},
{
"name": "CVE-2024-44938",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44938"
},
{
"name": "CVE-2024-46784",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46784"
},
{
"name": "CVE-2024-46826",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46826"
},
{
"name": "CVE-2024-42252",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42252"
},
{
"name": "CVE-2024-46809",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46809"
},
{
"name": "CVE-2024-46841",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46841"
},
{
"name": "CVE-2024-46871",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46871"
},
{
"name": "CVE-2024-47707",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47707"
},
{
"name": "CVE-2024-47730",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47730"
},
{
"name": "CVE-2024-49899",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49899"
},
{
"name": "CVE-2024-49906",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49906"
},
{
"name": "CVE-2024-49914",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49914"
},
{
"name": "CVE-2024-49920",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49920"
},
{
"name": "CVE-2024-49936",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49936"
},
{
"name": "CVE-2024-49950",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49950"
},
{
"name": "CVE-2024-49972",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49972"
},
{
"name": "CVE-2024-49974",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49974"
},
{
"name": "CVE-2024-49996",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49996"
},
{
"name": "CVE-2024-50019",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50019"
},
{
"name": "CVE-2024-50020",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50020"
},
{
"name": "CVE-2024-50021",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50021"
},
{
"name": "CVE-2024-50022",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50022"
},
{
"name": "CVE-2024-50023",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50023"
},
{
"name": "CVE-2024-50024",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50024"
},
{
"name": "CVE-2024-50025",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50025"
},
{
"name": "CVE-2024-50027",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50027"
},
{
"name": "CVE-2024-50028",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50028"
},
{
"name": "CVE-2024-50031",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50031"
},
{
"name": "CVE-2024-50033",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50033"
},
{
"name": "CVE-2024-50035",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50035"
},
{
"name": "CVE-2024-50040",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50040"
},
{
"name": "CVE-2024-50041",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50041"
},
{
"name": "CVE-2024-50042",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50042"
},
{
"name": "CVE-2024-50044",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50044"
},
{
"name": "CVE-2024-50045",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50045"
},
{
"name": "CVE-2024-50046",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50046"
},
{
"name": "CVE-2024-50047",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50047"
},
{
"name": "CVE-2024-50048",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50048"
},
{
"name": "CVE-2024-50049",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50049"
},
{
"name": "CVE-2024-50055",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50055"
},
{
"name": "CVE-2024-50058",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50058"
},
{
"name": "CVE-2024-50059",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50059"
},
{
"name": "CVE-2024-50060",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50060"
},
{
"name": "CVE-2024-50061",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50061"
},
{
"name": "CVE-2024-50062",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50062"
},
{
"name": "CVE-2024-50063",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50063"
},
{
"name": "CVE-2024-50064",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50064"
},
{
"name": "CVE-2024-50069",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50069"
},
{
"name": "CVE-2024-50073",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50073"
},
{
"name": "CVE-2024-50074",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50074"
},
{
"name": "CVE-2024-50075",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50075"
},
{
"name": "CVE-2024-50076",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50076"
},
{
"name": "CVE-2024-50077",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50077"
},
{
"name": "CVE-2024-50078",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50078"
},
{
"name": "CVE-2024-50080",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50080"
},
{
"name": "CVE-2024-50036",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50036"
},
{
"name": "CVE-2024-50067",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50067"
},
{
"name": "CVE-2024-50072",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50072"
},
{
"name": "CVE-2024-50126",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50126"
},
{
"name": "CVE-2024-50215",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50215"
},
{
"name": "CVE-2024-50218",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50218"
},
{
"name": "CVE-2024-50229",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50229"
},
{
"name": "CVE-2024-50230",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50230"
},
{
"name": "CVE-2024-50232",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50232"
},
{
"name": "CVE-2024-50233",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50233"
},
{
"name": "CVE-2024-50234",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50234"
},
{
"name": "CVE-2024-50235",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50235"
},
{
"name": "CVE-2024-50236",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50236"
},
{
"name": "CVE-2024-50237",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50237"
},
{
"name": "CVE-2024-50242",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50242"
},
{
"name": "CVE-2024-50243",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50243"
},
{
"name": "CVE-2024-50244",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50244"
},
{
"name": "CVE-2024-50245",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50245"
},
{
"name": "CVE-2024-50247",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50247"
},
{
"name": "CVE-2024-50249",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50249"
},
{
"name": "CVE-2024-50250",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50250"
},
{
"name": "CVE-2024-50251",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50251"
},
{
"name": "CVE-2024-50252",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50252"
},
{
"name": "CVE-2024-50255",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50255"
},
{
"name": "CVE-2024-50256",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50256"
},
{
"name": "CVE-2024-50257",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50257"
},
{
"name": "CVE-2024-50259",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50259"
},
{
"name": "CVE-2024-50261",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50261"
},
{
"name": "CVE-2024-50262",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50262"
},
{
"name": "CVE-2024-50265",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50265"
},
{
"name": "CVE-2024-50267",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50267"
},
{
"name": "CVE-2024-50268",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50268"
},
{
"name": "CVE-2024-50269",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50269"
},
{
"name": "CVE-2024-50271",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50271"
},
{
"name": "CVE-2024-50272",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50272"
},
{
"name": "CVE-2024-50273",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50273"
},
{
"name": "CVE-2024-50276",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50276"
},
{
"name": "CVE-2024-50278",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50278"
},
{
"name": "CVE-2024-50279",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50279"
},
{
"name": "CVE-2024-50280",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50280"
},
{
"name": "CVE-2024-50282",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50282"
},
{
"name": "CVE-2024-50283",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50283"
},
{
"name": "CVE-2024-50284",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50284"
},
{
"name": "CVE-2024-50286",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50286"
},
{
"name": "CVE-2024-50287",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50287"
},
{
"name": "CVE-2024-50290",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50290"
},
{
"name": "CVE-2024-50292",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50292"
},
{
"name": "CVE-2024-50295",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50295"
},
{
"name": "CVE-2024-50296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50296"
},
{
"name": "CVE-2024-50299",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50299"
},
{
"name": "CVE-2024-50301",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50301"
},
{
"name": "CVE-2024-50302",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50302"
},
{
"name": "CVE-2024-53042",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53042"
},
{
"name": "CVE-2024-53043",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53043"
},
{
"name": "CVE-2024-53052",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53052"
},
{
"name": "CVE-2024-53055",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53055"
},
{
"name": "CVE-2024-53058",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53058"
},
{
"name": "CVE-2024-53059",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53059"
},
{
"name": "CVE-2024-53060",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53060"
},
{
"name": "CVE-2024-53061",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53061"
},
{
"name": "CVE-2024-53063",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53063"
},
{
"name": "CVE-2024-53066",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53066"
},
{
"name": "CVE-2024-53072",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53072"
},
{
"name": "CVE-2024-53081",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53081"
},
{
"name": "CVE-2024-53082",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53082"
},
{
"name": "CVE-2024-53088",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53088"
},
{
"name": "CVE-2024-53093",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53093"
},
{
"name": "CVE-2024-50226",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50226"
},
{
"name": "CVE-2024-49925",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49925"
},
{
"name": "CVE-2024-50208",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50208"
},
{
"name": "CVE-2024-50082",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50082"
},
{
"name": "CVE-2024-50099",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50099"
},
{
"name": "CVE-2024-50110",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50110"
},
{
"name": "CVE-2024-50142",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50142"
},
{
"name": "CVE-2024-50192",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50192"
},
{
"name": "CVE-2024-49884",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49884"
},
{
"name": "CVE-2024-49893",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49893"
},
{
"name": "CVE-2024-49921",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49921"
},
{
"name": "CVE-2024-50038",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50038"
},
{
"name": "CVE-2024-50039",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50039"
},
{
"name": "CVE-2024-50093",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50093"
},
{
"name": "CVE-2024-50095",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50095"
},
{
"name": "CVE-2024-50096",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50096"
},
{
"name": "CVE-2024-50180",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50180"
},
{
"name": "CVE-2024-50184",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50184"
},
{
"name": "CVE-2024-50186",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50186"
},
{
"name": "CVE-2024-50188",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50188"
},
{
"name": "CVE-2024-50189",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50189"
},
{
"name": "CVE-2024-50191",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50191"
},
{
"name": "CVE-2024-49968",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49968"
},
{
"name": "CVE-2024-50009",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50009"
},
{
"name": "CVE-2024-50026",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50026"
},
{
"name": "CVE-2024-50084",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50084"
},
{
"name": "CVE-2024-50087",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50087"
},
{
"name": "CVE-2024-50088",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50088"
},
{
"name": "CVE-2024-50098",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50098"
},
{
"name": "CVE-2024-50101",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50101"
},
{
"name": "CVE-2024-50103",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50103"
},
{
"name": "CVE-2024-50108",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50108"
},
{
"name": "CVE-2024-50115",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50115"
},
{
"name": "CVE-2024-50116",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50116"
},
{
"name": "CVE-2024-50117",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50117"
},
{
"name": "CVE-2024-50121",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50121"
},
{
"name": "CVE-2024-50124",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50124"
},
{
"name": "CVE-2024-50125",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50125"
},
{
"name": "CVE-2024-50127",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50127"
},
{
"name": "CVE-2024-50128",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50128"
},
{
"name": "CVE-2024-50130",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50130"
},
{
"name": "CVE-2024-50131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50131"
},
{
"name": "CVE-2024-50134",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50134"
},
{
"name": "CVE-2024-50135",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50135"
},
{
"name": "CVE-2024-50136",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50136"
},
{
"name": "CVE-2024-50138",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50138"
},
{
"name": "CVE-2024-50139",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50139"
},
{
"name": "CVE-2024-50141",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50141"
},
{
"name": "CVE-2024-50145",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50145"
},
{
"name": "CVE-2024-50146",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50146"
},
{
"name": "CVE-2024-50147",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50147"
},
{
"name": "CVE-2024-50148",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50148"
},
{
"name": "CVE-2024-50150",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50150"
},
{
"name": "CVE-2024-50153",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50153"
},
{
"name": "CVE-2024-50154",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50154"
},
{
"name": "CVE-2024-50155",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50155"
},
{
"name": "CVE-2024-50156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50156"
},
{
"name": "CVE-2024-50158",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50158"
},
{
"name": "CVE-2024-50159",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50159"
},
{
"name": "CVE-2024-50160",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50160"
},
{
"name": "CVE-2024-50166",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50166"
},
{
"name": "CVE-2024-50167",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50167"
},
{
"name": "CVE-2024-50169",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50169"
},
{
"name": "CVE-2024-50171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50171"
},
{
"name": "CVE-2024-50172",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50172"
},
{
"name": "CVE-2024-50182",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50182"
},
{
"name": "CVE-2024-50183",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50183"
},
{
"name": "CVE-2024-50187",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50187"
},
{
"name": "CVE-2024-50194",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50194"
},
{
"name": "CVE-2024-50195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50195"
},
{
"name": "CVE-2024-50196",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50196"
},
{
"name": "CVE-2024-50198",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50198"
},
{
"name": "CVE-2024-50200",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50200"
},
{
"name": "CVE-2024-50201",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50201"
},
{
"name": "CVE-2024-50205",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50205"
},
{
"name": "CVE-2024-50209",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50209"
},
{
"name": "CVE-2024-50210",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50210"
},
{
"name": "CVE-2024-50216",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50216"
},
{
"name": "CVE-2024-50221",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50221"
},
{
"name": "CVE-2024-50224",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50224"
},
{
"name": "CVE-2024-50225",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50225"
},
{
"name": "CVE-2024-50231",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50231"
},
{
"name": "CVE-2024-50240",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50240"
},
{
"name": "CVE-2024-50246",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50246"
},
{
"name": "CVE-2024-50248",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50248"
},
{
"name": "CVE-2024-50274",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50274"
},
{
"name": "CVE-2024-50275",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50275"
},
{
"name": "CVE-2024-50289",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50289"
},
{
"name": "CVE-2024-50298",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50298"
},
{
"name": "CVE-2024-53045",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53045"
},
{
"name": "CVE-2024-53048",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53048"
},
{
"name": "CVE-2024-53051",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53051"
},
{
"name": "CVE-2024-53068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53068"
},
{
"name": "CVE-2024-53076",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53076"
},
{
"name": "CVE-2024-53079",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53079"
},
{
"name": "CVE-2024-53085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53085"
},
{
"name": "CVE-2024-53094",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53094"
},
{
"name": "CVE-2024-53095",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53095"
},
{
"name": "CVE-2024-53096",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53096"
},
{
"name": "CVE-2024-53100",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53100"
},
{
"name": "CVE-2024-53101",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53101"
},
{
"name": "CVE-2024-53104",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53104"
},
{
"name": "CVE-2024-53106",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53106"
},
{
"name": "CVE-2024-53108",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53108"
},
{
"name": "CVE-2024-53110",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53110"
},
{
"name": "CVE-2024-53112",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53112"
},
{
"name": "CVE-2024-53114",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53114"
},
{
"name": "CVE-2024-53121",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53121"
},
{
"name": "CVE-2024-53138",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53138"
},
{
"name": "CVE-2024-53142",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53142"
},
{
"name": "CVE-2024-50010",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50010"
},
{
"name": "CVE-2024-50083",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50083"
},
{
"name": "CVE-2024-50085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50085"
},
{
"name": "CVE-2024-50086",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50086"
},
{
"name": "CVE-2024-50133",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50133"
},
{
"name": "CVE-2024-50143",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50143"
},
{
"name": "CVE-2024-50151",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50151"
},
{
"name": "CVE-2024-50162",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50162"
},
{
"name": "CVE-2024-50163",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50163"
},
{
"name": "CVE-2024-50168",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50168"
},
{
"name": "CVE-2024-50185",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50185"
},
{
"name": "CVE-2024-50193",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50193"
},
{
"name": "CVE-2024-50199",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50199"
},
{
"name": "CVE-2024-50202",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50202"
},
{
"name": "CVE-2024-53097",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53097"
},
{
"name": "CVE-2024-53113",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53113"
},
{
"name": "CVE-2024-53119",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53119"
},
{
"name": "CVE-2024-53120",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53120"
},
{
"name": "CVE-2024-53122",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53122"
},
{
"name": "CVE-2024-53123",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53123"
},
{
"name": "CVE-2024-53127",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53127"
},
{
"name": "CVE-2024-53129",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53129"
},
{
"name": "CVE-2024-53130",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53130"
},
{
"name": "CVE-2024-53131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53131"
},
{
"name": "CVE-2024-53135",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53135"
},
{
"name": "CVE-2024-53136",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53136"
},
{
"name": "CVE-2024-53140",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53140"
},
{
"name": "CVE-2024-50203",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50203"
},
{
"name": "CVE-2024-50211",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50211"
},
{
"name": "CVE-2024-53050",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53050"
},
{
"name": "CVE-2024-53090",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53090"
},
{
"name": "CVE-2024-53099",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53099"
},
{
"name": "CVE-2024-53105",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53105"
},
{
"name": "CVE-2024-53111",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53111"
},
{
"name": "CVE-2024-53117",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53117"
},
{
"name": "CVE-2024-53118",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53118"
},
{
"name": "CVE-2024-53125",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53125"
},
{
"name": "CVE-2024-53126",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53126"
},
{
"name": "CVE-2024-53133",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53133"
},
{
"name": "CVE-2024-53134",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53134"
},
{
"name": "CVE-2024-53146",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53146"
},
{
"name": "CVE-2024-53148",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53148"
},
{
"name": "CVE-2024-53150",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53150"
},
{
"name": "CVE-2024-53151",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53151"
},
{
"name": "CVE-2024-53154",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53154"
},
{
"name": "CVE-2024-53155",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53155"
},
{
"name": "CVE-2024-53156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53156"
},
{
"name": "CVE-2024-53157",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53157"
},
{
"name": "CVE-2024-53158",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53158"
},
{
"name": "CVE-2024-53160",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53160"
},
{
"name": "CVE-2024-53161",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53161"
},
{
"name": "CVE-2024-53162",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53162"
},
{
"name": "CVE-2024-53166",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53166"
},
{
"name": "CVE-2024-53169",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53169"
},
{
"name": "CVE-2024-53171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53171"
},
{
"name": "CVE-2024-53173",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53173"
},
{
"name": "CVE-2024-53174",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53174"
},
{
"name": "CVE-2024-53180",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53180"
},
{
"name": "CVE-2024-53188",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53188"
},
{
"name": "CVE-2024-53190",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53190"
},
{
"name": "CVE-2024-53191",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53191"
},
{
"name": "CVE-2024-53200",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53200"
},
{
"name": "CVE-2024-53201",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53201"
},
{
"name": "CVE-2024-53202",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53202"
},
{
"name": "CVE-2024-53206",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53206"
},
{
"name": "CVE-2024-53208",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53208"
},
{
"name": "CVE-2024-53209",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53209"
},
{
"name": "CVE-2024-53210",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53210"
},
{
"name": "CVE-2024-53213",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53213"
},
{
"name": "CVE-2024-53214",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53214"
},
{
"name": "CVE-2024-53215",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53215"
},
{
"name": "CVE-2024-53217",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53217"
},
{
"name": "CVE-2024-53222",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53222"
},
{
"name": "CVE-2024-53224",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53224"
},
{
"name": "CVE-2024-53229",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53229"
},
{
"name": "CVE-2024-53234",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53234"
},
{
"name": "CVE-2024-53237",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53237"
},
{
"name": "CVE-2024-56539",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56539"
},
{
"name": "CVE-2024-56549",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56549"
},
{
"name": "CVE-2024-56551",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56551"
},
{
"name": "CVE-2024-56562",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56562"
},
{
"name": "CVE-2024-56566",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56566"
},
{
"name": "CVE-2024-56567",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56567"
},
{
"name": "CVE-2024-56576",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56576"
},
{
"name": "CVE-2024-56582",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56582"
},
{
"name": "CVE-2024-56599",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56599"
},
{
"name": "CVE-2024-56604",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56604"
},
{
"name": "CVE-2024-56605",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56605"
},
{
"name": "CVE-2024-56645",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56645"
},
{
"name": "CVE-2024-56752",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56752"
},
{
"name": "CVE-2024-56754",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56754"
},
{
"name": "CVE-2024-56755",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56755"
},
{
"name": "CVE-2024-56756",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56756"
},
{
"name": "CVE-2024-53239",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53239"
},
{
"name": "CVE-2024-56548",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56548"
},
{
"name": "CVE-2024-56570",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56570"
},
{
"name": "CVE-2024-56575",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56575"
},
{
"name": "CVE-2024-56598",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56598"
},
{
"name": "CVE-2024-56619",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56619"
},
{
"name": "CVE-2024-56631",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56631"
},
{
"name": "CVE-2024-56704",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56704"
},
{
"name": "CVE-2024-36476",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36476"
},
{
"name": "CVE-2024-45828",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45828"
},
{
"name": "CVE-2024-47141",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47141"
},
{
"name": "CVE-2024-47143",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47143"
},
{
"name": "CVE-2024-47809",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47809"
},
{
"name": "CVE-2024-48873",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48873"
},
{
"name": "CVE-2024-48881",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48881"
},
{
"name": "CVE-2024-49569",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49569"
},
{
"name": "CVE-2024-49998",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49998"
},
{
"name": "CVE-2024-50051",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50051"
},
{
"name": "CVE-2024-52332",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52332"
},
{
"name": "CVE-2024-53091",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53091"
},
{
"name": "CVE-2024-53168",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53168"
},
{
"name": "CVE-2024-53170",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53170"
},
{
"name": "CVE-2024-53172",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53172"
},
{
"name": "CVE-2024-53175",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53175"
},
{
"name": "CVE-2024-53185",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53185"
},
{
"name": "CVE-2024-53194",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53194"
},
{
"name": "CVE-2024-53195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53195"
},
{
"name": "CVE-2024-53196",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53196"
},
{
"name": "CVE-2024-53197",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53197"
},
{
"name": "CVE-2024-53198",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53198"
},
{
"name": "CVE-2024-53227",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53227"
},
{
"name": "CVE-2024-53230",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53230"
},
{
"name": "CVE-2024-53231",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53231"
},
{
"name": "CVE-2024-53232",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53232"
},
{
"name": "CVE-2024-53233",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53233"
},
{
"name": "CVE-2024-53236",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53236"
},
{
"name": "CVE-2024-53685",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53685"
},
{
"name": "CVE-2024-53690",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53690"
},
{
"name": "CVE-2024-55881",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55881"
},
{
"name": "CVE-2024-55916",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55916"
},
{
"name": "CVE-2024-56369",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56369"
},
{
"name": "CVE-2024-56531",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56531"
},
{
"name": "CVE-2024-56532",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56532"
},
{
"name": "CVE-2024-56533",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56533"
},
{
"name": "CVE-2024-56538",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56538"
},
{
"name": "CVE-2024-56543",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56543"
},
{
"name": "CVE-2024-56546",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56546"
},
{
"name": "CVE-2024-56557",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56557"
},
{
"name": "CVE-2024-56558",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56558"
},
{
"name": "CVE-2024-56568",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56568"
},
{
"name": "CVE-2024-56569",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56569"
},
{
"name": "CVE-2024-56572",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56572"
},
{
"name": "CVE-2024-56573",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56573"
},
{
"name": "CVE-2024-56574",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56574"
},
{
"name": "CVE-2024-56577",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56577"
},
{
"name": "CVE-2024-56578",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56578"
},
{
"name": "CVE-2024-56584",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56584"
},
{
"name": "CVE-2024-56587",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56587"
},
{
"name": "CVE-2024-56588",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56588"
},
{
"name": "CVE-2024-56589",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56589"
},
{
"name": "CVE-2024-56590",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56590"
},
{
"name": "CVE-2024-56593",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56593"
},
{
"name": "CVE-2024-56594",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56594"
},
{
"name": "CVE-2024-56595",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56595"
},
{
"name": "CVE-2024-56596",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56596"
},
{
"name": "CVE-2024-56597",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56597"
},
{
"name": "CVE-2024-56602",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56602"
},
{
"name": "CVE-2024-56603",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56603"
},
{
"name": "CVE-2024-56606",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56606"
},
{
"name": "CVE-2024-56607",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56607"
},
{
"name": "CVE-2024-56609",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56609"
},
{
"name": "CVE-2024-56611",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56611"
},
{
"name": "CVE-2024-56614",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56614"
},
{
"name": "CVE-2024-56615",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56615"
},
{
"name": "CVE-2024-56616",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56616"
},
{
"name": "CVE-2024-56620",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56620"
},
{
"name": "CVE-2024-56622",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56622"
},
{
"name": "CVE-2024-56623",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56623"
},
{
"name": "CVE-2024-56625",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56625"
},
{
"name": "CVE-2024-56629",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56629"
},
{
"name": "CVE-2024-56630",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56630"
},
{
"name": "CVE-2024-56632",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56632"
},
{
"name": "CVE-2024-56634",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56634"
},
{
"name": "CVE-2024-56635",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56635"
},
{
"name": "CVE-2024-56636",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56636"
},
{
"name": "CVE-2024-56637",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56637"
},
{
"name": "CVE-2024-56641",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56641"
},
{
"name": "CVE-2024-56642",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56642"
},
{
"name": "CVE-2024-56643",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56643"
},
{
"name": "CVE-2024-56644",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56644"
},
{
"name": "CVE-2024-56648",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56648"
},
{
"name": "CVE-2024-56649",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56649"
},
{
"name": "CVE-2024-56651",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56651"
},
{
"name": "CVE-2024-56659",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56659"
},
{
"name": "CVE-2024-56662",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56662"
},
{
"name": "CVE-2024-56663",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56663"
},
{
"name": "CVE-2024-56670",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56670"
},
{
"name": "CVE-2024-56672",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56672"
},
{
"name": "CVE-2024-56677",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56677"
},
{
"name": "CVE-2024-56678",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56678"
},
{
"name": "CVE-2024-56681",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56681"
},
{
"name": "CVE-2024-56683",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56683"
},
{
"name": "CVE-2024-56687",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56687"
},
{
"name": "CVE-2024-56688",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56688"
},
{
"name": "CVE-2024-56690",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56690"
},
{
"name": "CVE-2024-56691",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56691"
},
{
"name": "CVE-2024-56694",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56694"
},
{
"name": "CVE-2024-56698",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56698"
},
{
"name": "CVE-2024-56700",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56700"
},
{
"name": "CVE-2024-56701",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56701"
},
{
"name": "CVE-2024-56705",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56705"
},
{
"name": "CVE-2024-56708",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56708"
},
{
"name": "CVE-2024-56716",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56716"
},
{
"name": "CVE-2024-56722",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56722"
},
{
"name": "CVE-2024-56723",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56723"
},
{
"name": "CVE-2024-56724",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56724"
},
{
"name": "CVE-2024-56729",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56729"
},
{
"name": "CVE-2024-56739",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56739"
},
{
"name": "CVE-2024-56745",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56745"
},
{
"name": "CVE-2024-56746",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56746"
},
{
"name": "CVE-2024-56747",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56747"
},
{
"name": "CVE-2024-56748",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56748"
},
{
"name": "CVE-2024-56759",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56759"
},
{
"name": "CVE-2024-56765",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56765"
},
{
"name": "CVE-2024-56767",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56767"
},
{
"name": "CVE-2024-56769",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56769"
},
{
"name": "CVE-2024-56774",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56774"
},
{
"name": "CVE-2024-56775",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56775"
},
{
"name": "CVE-2024-56776",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56776"
},
{
"name": "CVE-2024-56777",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56777"
},
{
"name": "CVE-2024-56778",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56778"
},
{
"name": "CVE-2024-56779",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56779"
},
{
"name": "CVE-2024-56780",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56780"
},
{
"name": "CVE-2024-56787",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56787"
},
{
"name": "CVE-2024-57791",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57791"
},
{
"name": "CVE-2024-57792",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57792"
},
{
"name": "CVE-2024-57798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57798"
},
{
"name": "CVE-2024-57838",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57838"
},
{
"name": "CVE-2024-57849",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57849"
},
{
"name": "CVE-2024-57850",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57850"
},
{
"name": "CVE-2024-57874",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57874"
},
{
"name": "CVE-2024-57876",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57876"
},
{
"name": "CVE-2024-57890",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57890"
},
{
"name": "CVE-2024-57892",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57892"
},
{
"name": "CVE-2024-57896",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57896"
},
{
"name": "CVE-2024-57897",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57897"
},
{
"name": "CVE-2024-57903",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57903"
},
{
"name": "CVE-2024-57904",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57904"
},
{
"name": "CVE-2024-57906",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57906"
},
{
"name": "CVE-2024-57907",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57907"
},
{
"name": "CVE-2024-57908",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57908"
},
{
"name": "CVE-2024-57910",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57910"
},
{
"name": "CVE-2024-57911",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57911"
},
{
"name": "CVE-2024-57912",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57912"
},
{
"name": "CVE-2024-57913",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57913"
},
{
"name": "CVE-2024-57922",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57922"
},
{
"name": "CVE-2024-57929",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57929"
},
{
"name": "CVE-2024-57940",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57940"
},
{
"name": "CVE-2025-21646",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21646"
},
{
"name": "CVE-2024-53047",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53047"
},
{
"name": "CVE-2024-50258",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50258"
},
{
"name": "CVE-2024-50304",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50304"
},
{
"name": "CVE-2024-53187",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53187"
},
{
"name": "CVE-2024-53203",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53203"
},
{
"name": "CVE-2024-56592",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56592"
},
{
"name": "CVE-2024-56600",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56600"
},
{
"name": "CVE-2024-56601",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56601"
},
{
"name": "CVE-2024-56608",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56608"
},
{
"name": "CVE-2024-56610",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56610"
},
{
"name": "CVE-2024-56650",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56650"
},
{
"name": "CVE-2024-56658",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56658"
},
{
"name": "CVE-2024-56679",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56679"
},
{
"name": "CVE-2024-56693",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56693"
},
{
"name": "CVE-2024-56707",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56707"
},
{
"name": "CVE-2024-56715",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56715"
},
{
"name": "CVE-2024-56725",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56725"
},
{
"name": "CVE-2024-56726",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56726"
},
{
"name": "CVE-2024-56727",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56727"
},
{
"name": "CVE-2024-56728",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56728"
},
{
"name": "CVE-2024-56763",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56763"
},
{
"name": "CVE-2024-57802",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57802"
},
{
"name": "CVE-2024-57882",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57882"
},
{
"name": "CVE-2024-57884",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57884"
},
{
"name": "CVE-2024-57917",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57917"
},
{
"name": "CVE-2024-57931",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57931"
},
{
"name": "CVE-2024-57938",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57938"
},
{
"name": "CVE-2024-57946",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57946"
},
{
"name": "CVE-2025-21653",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21653"
},
{
"name": "CVE-2025-21664",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21664"
},
{
"name": "CVE-2025-21666",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21666"
},
{
"name": "CVE-2025-21669",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21669"
},
{
"name": "CVE-2025-21670",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21670"
},
{
"name": "CVE-2025-21674",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21674"
},
{
"name": "CVE-2025-21675",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21675"
},
{
"name": "CVE-2025-21676",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21676"
},
{
"name": "CVE-2025-21678",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21678"
},
{
"name": "CVE-2025-21682",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21682"
},
{
"name": "CVE-2024-50164",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50164"
},
{
"name": "CVE-2024-53124",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53124"
},
{
"name": "CVE-2024-53128",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53128"
},
{
"name": "CVE-2024-56703",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56703"
},
{
"name": "CVE-2024-57925",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57925"
},
{
"name": "CVE-2024-57939",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57939"
},
{
"name": "CVE-2024-57948",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57948"
},
{
"name": "CVE-2025-21631",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21631"
},
{
"name": "CVE-2025-21636",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21636"
},
{
"name": "CVE-2025-21637",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21637"
},
{
"name": "CVE-2025-21638",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21638"
},
{
"name": "CVE-2025-21639",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21639"
},
{
"name": "CVE-2025-21640",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21640"
},
{
"name": "CVE-2025-21648",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21648"
},
{
"name": "CVE-2025-21665",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21665"
},
{
"name": "CVE-2025-21667",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21667"
},
{
"name": "CVE-2025-21668",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21668"
},
{
"name": "CVE-2025-21680",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21680"
},
{
"name": "CVE-2025-21681",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21681"
},
{
"name": "CVE-2025-21683",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21683"
},
{
"name": "CVE-2024-53177",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53177"
},
{
"name": "CVE-2024-56633",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56633"
},
{
"name": "CVE-2025-21673",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21673"
},
{
"name": "CVE-2022-49034",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49034"
},
{
"name": "CVE-2024-47711",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47711"
},
{
"name": "CVE-2024-47726",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47726"
},
{
"name": "CVE-2024-49865",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49865"
},
{
"name": "CVE-2024-50029",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50029"
},
{
"name": "CVE-2024-50030",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50030"
},
{
"name": "CVE-2024-50056",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50056"
},
{
"name": "CVE-2024-50057",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50057"
},
{
"name": "CVE-2024-50065",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50065"
},
{
"name": "CVE-2024-50066",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50066"
},
{
"name": "CVE-2024-50068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50068"
},
{
"name": "CVE-2024-50070",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50070"
},
{
"name": "CVE-2024-50090",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50090"
},
{
"name": "CVE-2024-50104",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50104"
},
{
"name": "CVE-2024-50105",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50105"
},
{
"name": "CVE-2024-50107",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50107"
},
{
"name": "CVE-2024-50111",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50111"
},
{
"name": "CVE-2024-50112",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50112"
},
{
"name": "CVE-2024-50118",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50118"
},
{
"name": "CVE-2024-50120",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50120"
},
{
"name": "CVE-2024-50137",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50137"
},
{
"name": "CVE-2024-50140",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50140"
},
{
"name": "CVE-2024-50152",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50152"
},
{
"name": "CVE-2024-50170",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50170"
},
{
"name": "CVE-2024-50197",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50197"
},
{
"name": "CVE-2024-50206",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50206"
},
{
"name": "CVE-2024-50207",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50207"
},
{
"name": "CVE-2024-50220",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50220"
},
{
"name": "CVE-2024-50222",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50222"
},
{
"name": "CVE-2024-50223",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50223"
},
{
"name": "CVE-2024-50238",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50238"
},
{
"name": "CVE-2024-50239",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50239"
},
{
"name": "CVE-2024-50263",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50263"
},
{
"name": "CVE-2024-50270",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50270"
},
{
"name": "CVE-2024-50285",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50285"
},
{
"name": "CVE-2024-50288",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50288"
},
{
"name": "CVE-2024-50291",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50291"
},
{
"name": "CVE-2024-50294",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50294"
},
{
"name": "CVE-2024-50297",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50297"
},
{
"name": "CVE-2024-50300",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50300"
},
{
"name": "CVE-2024-50303",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50303"
},
{
"name": "CVE-2024-53044",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53044"
},
{
"name": "CVE-2024-53046",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53046"
},
{
"name": "CVE-2024-53053",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53053"
},
{
"name": "CVE-2024-53062",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53062"
},
{
"name": "CVE-2024-53067",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53067"
},
{
"name": "CVE-2024-53083",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53083"
},
{
"name": "CVE-2024-53084",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53084"
},
{
"name": "CVE-2024-53086",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53086"
},
{
"name": "CVE-2024-53087",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53087"
},
{
"name": "CVE-2024-53089",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53089"
},
{
"name": "CVE-2024-53107",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53107"
},
{
"name": "CVE-2024-53109",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53109"
},
{
"name": "CVE-2024-53115",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53115"
},
{
"name": "CVE-2024-53139",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53139"
},
{
"name": "CVE-2024-53145",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53145"
},
{
"name": "CVE-2024-53147",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53147"
},
{
"name": "CVE-2024-53163",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53163"
},
{
"name": "CVE-2024-53165",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53165"
},
{
"name": "CVE-2024-53176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53176"
},
{
"name": "CVE-2024-53178",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53178"
},
{
"name": "CVE-2024-53181",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53181"
},
{
"name": "CVE-2024-53183",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53183"
},
{
"name": "CVE-2024-53184",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53184"
},
{
"name": "CVE-2024-53218",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53218"
},
{
"name": "CVE-2024-53219",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53219"
},
{
"name": "CVE-2024-53220",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53220"
},
{
"name": "CVE-2024-53221",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53221"
},
{
"name": "CVE-2024-53223",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53223"
},
{
"name": "CVE-2024-53226",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53226"
},
{
"name": "CVE-2024-53228",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53228"
},
{
"name": "CVE-2024-56540",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56540"
},
{
"name": "CVE-2024-56545",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56545"
},
{
"name": "CVE-2024-56685",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56685"
},
{
"name": "CVE-2024-56689",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56689"
},
{
"name": "CVE-2024-56692",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56692"
},
{
"name": "CVE-2024-56720",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56720"
},
{
"name": "CVE-2024-56721",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56721"
},
{
"name": "CVE-2024-56742",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56742"
},
{
"name": "CVE-2024-56744",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56744"
},
{
"name": "CVE-2024-56751",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56751"
},
{
"name": "CVE-2025-0927",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0927"
},
{
"name": "CVE-2024-56579",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56579"
},
{
"name": "CVE-2024-56647",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56647"
},
{
"name": "CVE-2024-57889",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57889"
},
{
"name": "CVE-2025-21684",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21684"
},
{
"name": "CVE-2025-21687",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21687"
},
{
"name": "CVE-2025-21689",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21689"
},
{
"name": "CVE-2025-21690",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21690"
},
{
"name": "CVE-2025-21692",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21692"
},
{
"name": "CVE-2025-21697",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21697"
},
{
"name": "CVE-2025-21699",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21699"
},
{
"name": "CVE-2025-21700",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21700"
},
{
"name": "CVE-2024-43098",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43098"
},
{
"name": "CVE-2024-47408",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47408"
},
{
"name": "CVE-2024-49571",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49571"
},
{
"name": "CVE-2024-53680",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53680"
},
{
"name": "CVE-2024-56581",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56581"
},
{
"name": "CVE-2024-56586",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56586"
},
{
"name": "CVE-2024-56626",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56626"
},
{
"name": "CVE-2024-56627",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56627"
},
{
"name": "CVE-2024-56640",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56640"
},
{
"name": "CVE-2024-56770",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56770"
},
{
"name": "CVE-2024-56781",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56781"
},
{
"name": "CVE-2024-56783",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56783"
},
{
"name": "CVE-2024-56785",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56785"
},
{
"name": "CVE-2024-57807",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57807"
},
{
"name": "CVE-2024-57841",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57841"
},
{
"name": "CVE-2024-57900",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57900"
},
{
"name": "CVE-2024-57901",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57901"
},
{
"name": "CVE-2024-57902",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57902"
},
{
"name": "CVE-2024-57949",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57949"
},
{
"name": "CVE-2024-57951",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57951"
},
{
"name": "CVE-2025-21694",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21694"
},
{
"name": "CVE-2022-0995",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0995"
},
{
"name": "CVE-2024-41932",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41932"
},
{
"name": "CVE-2024-41935",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41935"
},
{
"name": "CVE-2024-47794",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47794"
},
{
"name": "CVE-2024-48875",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48875"
},
{
"name": "CVE-2024-48876",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48876"
},
{
"name": "CVE-2024-56550",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56550"
},
{
"name": "CVE-2024-56561",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56561"
},
{
"name": "CVE-2024-56565",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56565"
},
{
"name": "CVE-2024-56580",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56580"
},
{
"name": "CVE-2024-56583",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56583"
},
{
"name": "CVE-2024-56613",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56613"
},
{
"name": "CVE-2024-56621",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56621"
},
{
"name": "CVE-2024-56638",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56638"
},
{
"name": "CVE-2024-56771",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56771"
},
{
"name": "CVE-2024-56772",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56772"
},
{
"name": "CVE-2024-56773",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56773"
},
{
"name": "CVE-2024-56782",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56782"
},
{
"name": "CVE-2024-56786",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56786"
},
{
"name": "CVE-2024-57843",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57843"
},
{
"name": "CVE-2024-57872",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57872"
},
{
"name": "CVE-2024-58087",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58087"
},
{
"name": "CVE-2025-21701",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21701"
},
{
"name": "CVE-2025-21703",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21703"
},
{
"name": "CVE-2025-21693",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21693"
},
{
"name": "CVE-2025-21756",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21756"
},
{
"name": "CVE-2025-21831",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21831"
},
{
"name": "CVE-2025-21702",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21702"
},
{
"name": "CVE-2025-21993",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21993"
},
{
"name": "CVE-2024-44955",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44955"
},
{
"name": "CVE-2024-50032",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50032"
},
{
"name": "CVE-2024-57950",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57950"
},
{
"name": "CVE-2024-57952",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57952"
},
{
"name": "CVE-2025-21672",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21672"
},
{
"name": "CVE-2025-21677",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21677"
},
{
"name": "CVE-2025-21685",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21685"
},
{
"name": "CVE-2025-21691",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21691"
},
{
"name": "CVE-2025-21695",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21695"
},
{
"name": "CVE-2025-21696",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21696"
},
{
"name": "CVE-2025-2312",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2312"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0349",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-04-25T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux d\u0027Ubuntu. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux d\u0027Ubuntu",
"vendor_advisories": [
{
"published_at": "2025-04-24",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7459-1",
"url": "https://ubuntu.com/security/notices/USN-7459-1"
},
{
"published_at": "2025-04-23",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7451-1",
"url": "https://ubuntu.com/security/notices/USN-7451-1"
},
{
"published_at": "2025-04-24",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7449-2",
"url": "https://ubuntu.com/security/notices/USN-7449-2"
},
{
"published_at": "2025-04-23",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7450-1",
"url": "https://ubuntu.com/security/notices/USN-7450-1"
},
{
"published_at": "2025-04-24",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7461-1",
"url": "https://ubuntu.com/security/notices/USN-7461-1"
},
{
"published_at": "2025-04-23",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7453-1",
"url": "https://ubuntu.com/security/notices/USN-7453-1"
},
{
"published_at": "2025-04-24",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7462-1",
"url": "https://ubuntu.com/security/notices/USN-7462-1"
},
{
"published_at": "2025-04-24",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7463-1",
"url": "https://ubuntu.com/security/notices/USN-7463-1"
},
{
"published_at": "2025-04-23",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7445-1",
"url": "https://ubuntu.com/security/notices/USN-7445-1"
},
{
"published_at": "2025-04-23",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7448-1",
"url": "https://ubuntu.com/security/notices/USN-7448-1"
},
{
"published_at": "2025-04-24",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7461-2",
"url": "https://ubuntu.com/security/notices/USN-7461-2"
},
{
"published_at": "2025-04-24",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7455-1",
"url": "https://ubuntu.com/security/notices/USN-7455-1"
},
{
"published_at": "2025-04-22",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7402-5",
"url": "https://ubuntu.com/security/notices/USN-7402-5"
},
{
"published_at": "2025-04-24",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7455-2",
"url": "https://ubuntu.com/security/notices/USN-7455-2"
},
{
"published_at": "2025-04-24",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7460-1",
"url": "https://ubuntu.com/security/notices/USN-7460-1"
},
{
"published_at": "2025-04-24",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7462-2",
"url": "https://ubuntu.com/security/notices/USN-7462-2"
},
{
"published_at": "2025-04-23",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7452-1",
"url": "https://ubuntu.com/security/notices/USN-7452-1"
},
{
"published_at": "2025-04-24",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7458-1",
"url": "https://ubuntu.com/security/notices/USN-7458-1"
},
{
"published_at": "2025-04-24",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7455-3",
"url": "https://ubuntu.com/security/notices/USN-7455-3"
},
{
"published_at": "2025-04-23",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7449-1",
"url": "https://ubuntu.com/security/notices/USN-7449-1"
}
]
}
CERTFR-2025-AVI-0002
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans le noyau Linux de Debian LTS. Elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à la confidentialité des données et un déni de service.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Debian LTS bullseye versions ant\u00e9rieures \u00e0 6.1.119-1~deb11u1",
"product": {
"name": "Debian",
"vendor": {
"name": "Debian",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2022-45888",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45888"
},
{
"name": "CVE-2023-31083",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31083"
},
{
"name": "CVE-2024-27072",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27072"
},
{
"name": "CVE-2024-35943",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35943"
},
{
"name": "CVE-2024-35963",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35963"
},
{
"name": "CVE-2024-35964",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35964"
},
{
"name": "CVE-2024-35966",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35966"
},
{
"name": "CVE-2024-35937",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35937"
},
{
"name": "CVE-2024-36894",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36894"
},
{
"name": "CVE-2024-27397",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27397"
},
{
"name": "CVE-2024-26952",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26952"
},
{
"name": "CVE-2024-26954",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26954"
},
{
"name": "CVE-2024-36478",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36478"
},
{
"name": "CVE-2024-36915",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36915"
},
{
"name": "CVE-2024-36923",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36923"
},
{
"name": "CVE-2024-36978",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36978"
},
{
"name": "CVE-2024-37078",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37078"
},
{
"name": "CVE-2024-38540",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38540"
},
{
"name": "CVE-2024-38553",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38553"
},
{
"name": "CVE-2024-38619",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38619"
},
{
"name": "CVE-2024-39469",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39469"
},
{
"name": "CVE-2024-27017",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27017"
},
{
"name": "CVE-2023-52760",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52760"
},
{
"name": "CVE-2024-25741",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25741"
},
{
"name": "CVE-2024-36973",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36973"
},
{
"name": "CVE-2024-39298",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39298"
},
{
"name": "CVE-2024-39371",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39371"
},
{
"name": "CVE-2024-39474",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39474"
},
{
"name": "CVE-2024-39484",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39484"
},
{
"name": "CVE-2024-39487",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39487"
},
{
"name": "CVE-2024-39494",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39494"
},
{
"name": "CVE-2024-39495",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39495"
},
{
"name": "CVE-2024-39496",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39496"
},
{
"name": "CVE-2024-39499",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39499"
},
{
"name": "CVE-2024-39500",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39500"
},
{
"name": "CVE-2024-39501",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39501"
},
{
"name": "CVE-2024-39502",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39502"
},
{
"name": "CVE-2024-39503",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39503"
},
{
"name": "CVE-2024-39505",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39505"
},
{
"name": "CVE-2024-39506",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39506"
},
{
"name": "CVE-2024-39507",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39507"
},
{
"name": "CVE-2024-39509",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39509"
},
{
"name": "CVE-2024-39510",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39510"
},
{
"name": "CVE-2024-40899",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40899"
},
{
"name": "CVE-2024-40900",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40900"
},
{
"name": "CVE-2024-40901",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40901"
},
{
"name": "CVE-2024-40902",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40902"
},
{
"name": "CVE-2024-40903",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40903"
},
{
"name": "CVE-2024-40904",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40904"
},
{
"name": "CVE-2024-40905",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40905"
},
{
"name": "CVE-2024-40906",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40906"
},
{
"name": "CVE-2024-40908",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40908"
},
{
"name": "CVE-2024-40910",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40910"
},
{
"name": "CVE-2024-40911",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40911"
},
{
"name": "CVE-2024-40912",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40912"
},
{
"name": "CVE-2024-40913",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40913"
},
{
"name": "CVE-2024-40914",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40914"
},
{
"name": "CVE-2024-40915",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40915"
},
{
"name": "CVE-2024-40916",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40916"
},
{
"name": "CVE-2024-40919",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40919"
},
{
"name": "CVE-2024-40920",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40920"
},
{
"name": "CVE-2024-40921",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40921"
},
{
"name": "CVE-2024-40924",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40924"
},
{
"name": "CVE-2024-40927",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40927"
},
{
"name": "CVE-2024-40929",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40929"
},
{
"name": "CVE-2024-40931",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40931"
},
{
"name": "CVE-2024-40932",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40932"
},
{
"name": "CVE-2024-40934",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40934"
},
{
"name": "CVE-2024-40935",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40935"
},
{
"name": "CVE-2024-40937",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40937"
},
{
"name": "CVE-2024-40938",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40938"
},
{
"name": "CVE-2024-40939",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40939"
},
{
"name": "CVE-2024-40940",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40940"
},
{
"name": "CVE-2024-40941",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40941"
},
{
"name": "CVE-2024-40942",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40942"
},
{
"name": "CVE-2024-40943",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40943"
},
{
"name": "CVE-2024-40947",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40947"
},
{
"name": "CVE-2024-40948",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40948"
},
{
"name": "CVE-2024-40953",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40953"
},
{
"name": "CVE-2024-40954",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40954"
},
{
"name": "CVE-2024-40956",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40956"
},
{
"name": "CVE-2024-40957",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40957"
},
{
"name": "CVE-2024-40958",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40958"
},
{
"name": "CVE-2024-40959",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40959"
},
{
"name": "CVE-2024-40960",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40960"
},
{
"name": "CVE-2024-40961",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40961"
},
{
"name": "CVE-2024-40963",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40963"
},
{
"name": "CVE-2024-40966",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40966"
},
{
"name": "CVE-2024-40967",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40967"
},
{
"name": "CVE-2024-40968",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40968"
},
{
"name": "CVE-2024-40970",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40970"
},
{
"name": "CVE-2024-40971",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40971"
},
{
"name": "CVE-2024-40974",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40974"
},
{
"name": "CVE-2024-40976",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40976"
},
{
"name": "CVE-2024-40977",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40977"
},
{
"name": "CVE-2024-40978",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40978"
},
{
"name": "CVE-2024-40980",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40980"
},
{
"name": "CVE-2024-40981",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40981"
},
{
"name": "CVE-2024-40983",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40983"
},
{
"name": "CVE-2024-40984",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40984"
},
{
"name": "CVE-2024-40987",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40987"
},
{
"name": "CVE-2024-40988",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40988"
},
{
"name": "CVE-2024-40989",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40989"
},
{
"name": "CVE-2024-40990",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40990"
},
{
"name": "CVE-2024-40993",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40993"
},
{
"name": "CVE-2024-40994",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40994"
},
{
"name": "CVE-2024-40995",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40995"
},
{
"name": "CVE-2024-40996",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40996"
},
{
"name": "CVE-2024-41000",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41000"
},
{
"name": "CVE-2024-41001",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41001"
},
{
"name": "CVE-2024-41002",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41002"
},
{
"name": "CVE-2024-41004",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41004"
},
{
"name": "CVE-2024-41005",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41005"
},
{
"name": "CVE-2024-41006",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41006"
},
{
"name": "CVE-2023-52812",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52812"
},
{
"name": "CVE-2024-36914",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36914"
},
{
"name": "CVE-2024-39472",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39472"
},
{
"name": "CVE-2024-40972",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40972"
},
{
"name": "CVE-2024-41017",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41017"
},
{
"name": "CVE-2024-41090",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41090"
},
{
"name": "CVE-2024-41091",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41091"
},
{
"name": "CVE-2024-39497",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39497"
},
{
"name": "CVE-2024-41009",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41009"
},
{
"name": "CVE-2024-41012",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41012"
},
{
"name": "CVE-2024-41015",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41015"
},
{
"name": "CVE-2024-41016",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41016"
},
{
"name": "CVE-2024-41040",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41040"
},
{
"name": "CVE-2024-41041",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41041"
},
{
"name": "CVE-2024-41044",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41044"
},
{
"name": "CVE-2024-41048",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41048"
},
{
"name": "CVE-2024-41057",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41057"
},
{
"name": "CVE-2024-41058",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41058"
},
{
"name": "CVE-2024-41059",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41059"
},
{
"name": "CVE-2024-41060",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41060"
},
{
"name": "CVE-2024-41063",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41063"
},
{
"name": "CVE-2024-41064",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41064"
},
{
"name": "CVE-2024-41066",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41066"
},
{
"name": "CVE-2024-41069",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41069"
},
{
"name": "CVE-2024-41070",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41070"
},
{
"name": "CVE-2024-41071",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41071"
},
{
"name": "CVE-2024-41072",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41072"
},
{
"name": "CVE-2024-41076",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41076"
},
{
"name": "CVE-2024-41078",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41078"
},
{
"name": "CVE-2024-41081",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41081"
},
{
"name": "CVE-2024-41087",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41087"
},
{
"name": "CVE-2024-41089",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41089"
},
{
"name": "CVE-2024-41095",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41095"
},
{
"name": "CVE-2024-42070",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42070"
},
{
"name": "CVE-2024-42093",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42093"
},
{
"name": "CVE-2024-42096",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42096"
},
{
"name": "CVE-2024-42105",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42105"
},
{
"name": "CVE-2024-42119",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42119"
},
{
"name": "CVE-2024-42120",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42120"
},
{
"name": "CVE-2024-42124",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42124"
},
{
"name": "CVE-2024-42145",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42145"
},
{
"name": "CVE-2024-42161",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42161"
},
{
"name": "CVE-2024-42223",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42223"
},
{
"name": "CVE-2024-42224",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42224"
},
{
"name": "CVE-2024-42230",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42230"
},
{
"name": "CVE-2024-41007",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41007"
},
{
"name": "CVE-2024-41020",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41020"
},
{
"name": "CVE-2024-41022",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41022"
},
{
"name": "CVE-2024-41034",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41034"
},
{
"name": "CVE-2024-41035",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41035"
},
{
"name": "CVE-2024-41046",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41046"
},
{
"name": "CVE-2024-41049",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41049"
},
{
"name": "CVE-2024-41055",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41055"
},
{
"name": "CVE-2024-41065",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41065"
},
{
"name": "CVE-2024-41068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41068"
},
{
"name": "CVE-2024-41077",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41077"
},
{
"name": "CVE-2024-42101",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42101"
},
{
"name": "CVE-2024-42102",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42102"
},
{
"name": "CVE-2024-42104",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42104"
},
{
"name": "CVE-2024-42106",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42106"
},
{
"name": "CVE-2024-42115",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42115"
},
{
"name": "CVE-2024-42121",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42121"
},
{
"name": "CVE-2024-42127",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42127"
},
{
"name": "CVE-2024-42131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42131"
},
{
"name": "CVE-2024-42137",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42137"
},
{
"name": "CVE-2024-42148",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42148"
},
{
"name": "CVE-2024-42152",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42152"
},
{
"name": "CVE-2024-42153",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42153"
},
{
"name": "CVE-2024-42154",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42154"
},
{
"name": "CVE-2024-42157",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42157"
},
{
"name": "CVE-2024-42229",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42229"
},
{
"name": "CVE-2024-42232",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42232"
},
{
"name": "CVE-2024-42236",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42236"
},
{
"name": "CVE-2024-42244",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42244"
},
{
"name": "CVE-2024-42247",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42247"
},
{
"name": "CVE-2024-42110",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42110"
},
{
"name": "CVE-2024-41073",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41073"
},
{
"name": "CVE-2024-41096",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41096"
},
{
"name": "CVE-2024-42082",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42082"
},
{
"name": "CVE-2023-52887",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52887"
},
{
"name": "CVE-2024-36244",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36244"
},
{
"name": "CVE-2024-38632",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38632"
},
{
"name": "CVE-2024-41027",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41027"
},
{
"name": "CVE-2024-41047",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41047"
},
{
"name": "CVE-2024-41092",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41092"
},
{
"name": "CVE-2024-41093",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41093"
},
{
"name": "CVE-2024-41097",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41097"
},
{
"name": "CVE-2024-42068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42068"
},
{
"name": "CVE-2024-42076",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42076"
},
{
"name": "CVE-2024-42077",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42077"
},
{
"name": "CVE-2024-42080",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42080"
},
{
"name": "CVE-2024-42084",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42084"
},
{
"name": "CVE-2024-42085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42085"
},
{
"name": "CVE-2024-42086",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42086"
},
{
"name": "CVE-2024-42087",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42087"
},
{
"name": "CVE-2024-42089",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42089"
},
{
"name": "CVE-2024-42090",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42090"
},
{
"name": "CVE-2024-42092",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42092"
},
{
"name": "CVE-2024-42094",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42094"
},
{
"name": "CVE-2024-42095",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42095"
},
{
"name": "CVE-2024-42097",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42097"
},
{
"name": "CVE-2024-42098",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42098"
},
{
"name": "CVE-2024-42109",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42109"
},
{
"name": "CVE-2024-42130",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42130"
},
{
"name": "CVE-2024-42140",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42140"
},
{
"name": "CVE-2024-42225",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42225"
},
{
"name": "CVE-2024-42240",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42240"
},
{
"name": "CVE-2024-42270",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42270"
},
{
"name": "CVE-2023-52889",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52889"
},
{
"name": "CVE-2024-41028",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41028"
},
{
"name": "CVE-2024-41036",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41036"
},
{
"name": "CVE-2024-41038",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41038"
},
{
"name": "CVE-2024-41039",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41039"
},
{
"name": "CVE-2024-41042",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41042"
},
{
"name": "CVE-2024-41050",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41050"
},
{
"name": "CVE-2024-41051",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41051"
},
{
"name": "CVE-2024-41056",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41056"
},
{
"name": "CVE-2024-41062",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41062"
},
{
"name": "CVE-2024-41074",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41074"
},
{
"name": "CVE-2024-41075",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41075"
},
{
"name": "CVE-2024-41079",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41079"
},
{
"name": "CVE-2024-41080",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41080"
},
{
"name": "CVE-2024-41088",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41088"
},
{
"name": "CVE-2024-41098",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41098"
},
{
"name": "CVE-2024-42073",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42073"
},
{
"name": "CVE-2024-42114",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42114"
},
{
"name": "CVE-2024-42126",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42126"
},
{
"name": "CVE-2024-42136",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42136"
},
{
"name": "CVE-2024-42138",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42138"
},
{
"name": "CVE-2024-42142",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42142"
},
{
"name": "CVE-2024-42147",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42147"
},
{
"name": "CVE-2024-42159",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42159"
},
{
"name": "CVE-2024-42228",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42228"
},
{
"name": "CVE-2024-42237",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42237"
},
{
"name": "CVE-2024-42238",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42238"
},
{
"name": "CVE-2024-42245",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42245"
},
{
"name": "CVE-2024-42246",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42246"
},
{
"name": "CVE-2024-42250",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42250"
},
{
"name": "CVE-2024-42253",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42253"
},
{
"name": "CVE-2024-42259",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42259"
},
{
"name": "CVE-2024-42268",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42268"
},
{
"name": "CVE-2024-42269",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42269"
},
{
"name": "CVE-2024-42271",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42271"
},
{
"name": "CVE-2024-42274",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42274"
},
{
"name": "CVE-2024-42276",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42276"
},
{
"name": "CVE-2024-42277",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42277"
},
{
"name": "CVE-2024-42280",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42280"
},
{
"name": "CVE-2024-42281",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42281"
},
{
"name": "CVE-2024-42283",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42283"
},
{
"name": "CVE-2024-42284",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42284"
},
{
"name": "CVE-2024-42285",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42285"
},
{
"name": "CVE-2024-42286",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42286"
},
{
"name": "CVE-2024-42287",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42287"
},
{
"name": "CVE-2024-42288",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42288"
},
{
"name": "CVE-2024-42289",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42289"
},
{
"name": "CVE-2024-42290",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42290"
},
{
"name": "CVE-2024-42291",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42291"
},
{
"name": "CVE-2024-42292",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42292"
},
{
"name": "CVE-2024-42295",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42295"
},
{
"name": "CVE-2024-42301",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42301"
},
{
"name": "CVE-2024-42302",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42302"
},
{
"name": "CVE-2024-42309",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42309"
},
{
"name": "CVE-2024-42310",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42310"
},
{
"name": "CVE-2024-42311",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42311"
},
{
"name": "CVE-2024-42312",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42312"
},
{
"name": "CVE-2024-42313",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42313"
},
{
"name": "CVE-2024-42314",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42314"
},
{
"name": "CVE-2024-42316",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42316"
},
{
"name": "CVE-2024-42318",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42318"
},
{
"name": "CVE-2024-42320",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42320"
},
{
"name": "CVE-2024-42322",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42322"
},
{
"name": "CVE-2024-43817",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43817"
},
{
"name": "CVE-2024-43818",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43818"
},
{
"name": "CVE-2024-43823",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43823"
},
{
"name": "CVE-2024-43829",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43829"
},
{
"name": "CVE-2024-43830",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43830"
},
{
"name": "CVE-2024-43833",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43833"
},
{
"name": "CVE-2024-43834",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43834"
},
{
"name": "CVE-2024-43837",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43837"
},
{
"name": "CVE-2024-43839",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43839"
},
{
"name": "CVE-2024-43841",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43841"
},
{
"name": "CVE-2024-43842",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43842"
},
{
"name": "CVE-2024-43846",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43846"
},
{
"name": "CVE-2024-43849",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43849"
},
{
"name": "CVE-2024-43851",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43851"
},
{
"name": "CVE-2024-43853",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43853"
},
{
"name": "CVE-2024-43854",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43854"
},
{
"name": "CVE-2024-43855",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43855"
},
{
"name": "CVE-2024-43856",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43856"
},
{
"name": "CVE-2024-43858",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43858"
},
{
"name": "CVE-2024-43860",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43860"
},
{
"name": "CVE-2024-43861",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43861"
},
{
"name": "CVE-2024-43863",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43863"
},
{
"name": "CVE-2024-43866",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43866"
},
{
"name": "CVE-2024-43867",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43867"
},
{
"name": "CVE-2024-43871",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43871"
},
{
"name": "CVE-2024-43873",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43873"
},
{
"name": "CVE-2024-43875",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43875"
},
{
"name": "CVE-2024-43876",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43876"
},
{
"name": "CVE-2024-43877",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43877"
},
{
"name": "CVE-2024-43879",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43879"
},
{
"name": "CVE-2024-43880",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43880"
},
{
"name": "CVE-2024-43882",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43882"
},
{
"name": "CVE-2024-43883",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43883"
},
{
"name": "CVE-2024-43884",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43884"
},
{
"name": "CVE-2024-43889",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43889"
},
{
"name": "CVE-2024-43892",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43892"
},
{
"name": "CVE-2024-43893",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43893"
},
{
"name": "CVE-2024-43894",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43894"
},
{
"name": "CVE-2024-43895",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43895"
},
{
"name": "CVE-2024-43897",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43897"
},
{
"name": "CVE-2024-43900",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43900"
},
{
"name": "CVE-2024-43902",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43902"
},
{
"name": "CVE-2024-43904",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43904"
},
{
"name": "CVE-2024-43905",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43905"
},
{
"name": "CVE-2024-43907",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43907"
},
{
"name": "CVE-2024-43908",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43908"
},
{
"name": "CVE-2024-43909",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43909"
},
{
"name": "CVE-2024-43911",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43911"
},
{
"name": "CVE-2024-43912",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43912"
},
{
"name": "CVE-2024-44931",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44931"
},
{
"name": "CVE-2024-44938",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44938"
},
{
"name": "CVE-2024-44939",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44939"
},
{
"name": "CVE-2024-44947",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44947"
},
{
"name": "CVE-2024-42160",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42160"
},
{
"name": "CVE-2024-45003",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45003"
},
{
"name": "CVE-2024-43835",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43835"
},
{
"name": "CVE-2024-43859",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43859"
},
{
"name": "CVE-2024-44940",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44940"
},
{
"name": "CVE-2024-44946",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44946"
},
{
"name": "CVE-2024-44974",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44974"
},
{
"name": "CVE-2024-44977",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44977"
},
{
"name": "CVE-2024-44982",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44982"
},
{
"name": "CVE-2024-44983",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44983"
},
{
"name": "CVE-2024-44985",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44985"
},
{
"name": "CVE-2024-44986",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44986"
},
{
"name": "CVE-2024-44987",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44987"
},
{
"name": "CVE-2024-44988",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44988"
},
{
"name": "CVE-2024-44989",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44989"
},
{
"name": "CVE-2024-44990",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44990"
},
{
"name": "CVE-2024-44991",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44991"
},
{
"name": "CVE-2024-44995",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44995"
},
{
"name": "CVE-2024-44998",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44998"
},
{
"name": "CVE-2024-44999",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44999"
},
{
"name": "CVE-2024-45000",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45000"
},
{
"name": "CVE-2024-45002",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45002"
},
{
"name": "CVE-2024-45006",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45006"
},
{
"name": "CVE-2024-45007",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45007"
},
{
"name": "CVE-2024-45008",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45008"
},
{
"name": "CVE-2024-45009",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45009"
},
{
"name": "CVE-2024-45010",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45010"
},
{
"name": "CVE-2024-45011",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45011"
},
{
"name": "CVE-2024-45016",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45016"
},
{
"name": "CVE-2024-45018",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45018"
},
{
"name": "CVE-2024-45019",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45019"
},
{
"name": "CVE-2024-45021",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45021"
},
{
"name": "CVE-2024-45022",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45022"
},
{
"name": "CVE-2024-45025",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45025"
},
{
"name": "CVE-2024-45026",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45026"
},
{
"name": "CVE-2024-45028",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45028"
},
{
"name": "CVE-2024-45029",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45029"
},
{
"name": "CVE-2024-46673",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46673"
},
{
"name": "CVE-2024-46674",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46674"
},
{
"name": "CVE-2024-46675",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46675"
},
{
"name": "CVE-2024-46676",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46676"
},
{
"name": "CVE-2024-46677",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46677"
},
{
"name": "CVE-2024-46679",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46679"
},
{
"name": "CVE-2024-46685",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46685"
},
{
"name": "CVE-2024-46686",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46686"
},
{
"name": "CVE-2024-46689",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46689"
},
{
"name": "CVE-2024-46694",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46694"
},
{
"name": "CVE-2024-46702",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46702"
},
{
"name": "CVE-2024-46707",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46707"
},
{
"name": "CVE-2024-46711",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46711"
},
{
"name": "CVE-2024-46713",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46713"
},
{
"name": "CVE-2024-46714",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46714"
},
{
"name": "CVE-2024-46715",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46715"
},
{
"name": "CVE-2024-46716",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46716"
},
{
"name": "CVE-2024-46717",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46717"
},
{
"name": "CVE-2024-46719",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46719"
},
{
"name": "CVE-2024-46720",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46720"
},
{
"name": "CVE-2024-46721",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46721"
},
{
"name": "CVE-2024-46722",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46722"
},
{
"name": "CVE-2024-46723",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46723"
},
{
"name": "CVE-2024-46724",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46724"
},
{
"name": "CVE-2024-46725",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46725"
},
{
"name": "CVE-2024-46726",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46726"
},
{
"name": "CVE-2024-46731",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46731"
},
{
"name": "CVE-2024-46732",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46732"
},
{
"name": "CVE-2024-46734",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46734"
},
{
"name": "CVE-2024-46735",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46735"
},
{
"name": "CVE-2024-46737",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46737"
},
{
"name": "CVE-2024-46738",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46738"
},
{
"name": "CVE-2024-46739",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46739"
},
{
"name": "CVE-2024-46740",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46740"
},
{
"name": "CVE-2024-46743",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46743"
},
{
"name": "CVE-2024-46744",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46744"
},
{
"name": "CVE-2024-46745",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46745"
},
{
"name": "CVE-2024-46746",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46746"
},
{
"name": "CVE-2024-46747",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46747"
},
{
"name": "CVE-2024-46750",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46750"
},
{
"name": "CVE-2024-46752",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46752"
},
{
"name": "CVE-2024-46755",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46755"
},
{
"name": "CVE-2024-46756",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46756"
},
{
"name": "CVE-2024-46757",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46757"
},
{
"name": "CVE-2024-46758",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46758"
},
{
"name": "CVE-2024-46759",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46759"
},
{
"name": "CVE-2024-46761",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46761"
},
{
"name": "CVE-2024-46763",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46763"
},
{
"name": "CVE-2024-46770",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46770"
},
{
"name": "CVE-2024-46771",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46771"
},
{
"name": "CVE-2024-46773",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46773"
},
{
"name": "CVE-2024-46777",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46777"
},
{
"name": "CVE-2024-46780",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46780"
},
{
"name": "CVE-2024-46781",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46781"
},
{
"name": "CVE-2024-46782",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46782"
},
{
"name": "CVE-2024-46783",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46783"
},
{
"name": "CVE-2024-46784",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46784"
},
{
"name": "CVE-2024-46791",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46791"
},
{
"name": "CVE-2024-46794",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46794"
},
{
"name": "CVE-2024-46795",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46795"
},
{
"name": "CVE-2024-46798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46798"
},
{
"name": "CVE-2024-46800",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46800"
},
{
"name": "CVE-2024-46802",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46802"
},
{
"name": "CVE-2024-46804",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46804"
},
{
"name": "CVE-2024-46805",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46805"
},
{
"name": "CVE-2024-46807",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46807"
},
{
"name": "CVE-2024-46810",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46810"
},
{
"name": "CVE-2024-46812",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46812"
},
{
"name": "CVE-2024-46814",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46814"
},
{
"name": "CVE-2024-46815",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46815"
},
{
"name": "CVE-2024-46817",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46817"
},
{
"name": "CVE-2024-46818",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46818"
},
{
"name": "CVE-2024-46819",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46819"
},
{
"name": "CVE-2024-46821",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46821"
},
{
"name": "CVE-2024-46822",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46822"
},
{
"name": "CVE-2024-46826",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46826"
},
{
"name": "CVE-2024-46828",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46828"
},
{
"name": "CVE-2024-46829",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46829"
},
{
"name": "CVE-2024-46830",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46830"
},
{
"name": "CVE-2024-46832",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46832"
},
{
"name": "CVE-2024-46835",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46835"
},
{
"name": "CVE-2024-46836",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46836"
},
{
"name": "CVE-2024-46840",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46840"
},
{
"name": "CVE-2024-46844",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46844"
},
{
"name": "CVE-2024-46846",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46846"
},
{
"name": "CVE-2024-46848",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46848"
},
{
"name": "CVE-2024-46849",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46849"
},
{
"name": "CVE-2024-46852",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46852"
},
{
"name": "CVE-2024-46853",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46853"
},
{
"name": "CVE-2024-46854",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46854"
},
{
"name": "CVE-2024-46855",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46855"
},
{
"name": "CVE-2024-46857",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46857"
},
{
"name": "CVE-2024-46858",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46858"
},
{
"name": "CVE-2024-46859",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46859"
},
{
"name": "CVE-2024-46865",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46865"
},
{
"name": "CVE-2024-42272",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42272"
},
{
"name": "CVE-2024-42297",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42297"
},
{
"name": "CVE-2024-44968",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44968"
},
{
"name": "CVE-2024-42265",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42265"
},
{
"name": "CVE-2024-42304",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42304"
},
{
"name": "CVE-2024-42305",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42305"
},
{
"name": "CVE-2024-42306",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42306"
},
{
"name": "CVE-2024-43828",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43828"
},
{
"name": "CVE-2024-43832",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43832"
},
{
"name": "CVE-2024-43870",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43870"
},
{
"name": "CVE-2024-43890",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43890"
},
{
"name": "CVE-2024-43914",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43914"
},
{
"name": "CVE-2024-44935",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44935"
},
{
"name": "CVE-2024-44944",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44944"
},
{
"name": "CVE-2024-44948",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44948"
},
{
"name": "CVE-2024-44954",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44954"
},
{
"name": "CVE-2024-44960",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44960"
},
{
"name": "CVE-2024-44965",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44965"
},
{
"name": "CVE-2024-44967",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44967"
},
{
"name": "CVE-2024-44969",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44969"
},
{
"name": "CVE-2024-44970",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44970"
},
{
"name": "CVE-2024-44971",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44971"
},
{
"name": "CVE-2024-46695",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46695"
},
{
"name": "CVE-2024-46710",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46710"
},
{
"name": "CVE-2024-47668",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47668"
},
{
"name": "CVE-2023-52918",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52918"
},
{
"name": "CVE-2024-41019",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41019"
},
{
"name": "CVE-2024-41030",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41030"
},
{
"name": "CVE-2024-42063",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42063"
},
{
"name": "CVE-2024-42103",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42103"
},
{
"name": "CVE-2024-47659",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47659"
},
{
"name": "CVE-2024-47663",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47663"
},
{
"name": "CVE-2024-47667",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47667"
},
{
"name": "CVE-2024-47669",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47669"
},
{
"name": "CVE-2024-42258",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42258"
},
{
"name": "CVE-2023-52917",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52917"
},
{
"name": "CVE-2024-46871",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46871"
},
{
"name": "CVE-2024-42267",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42267"
},
{
"name": "CVE-2024-42296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42296"
},
{
"name": "CVE-2024-42299",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42299"
},
{
"name": "CVE-2024-43869",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43869"
},
{
"name": "CVE-2024-44934",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44934"
},
{
"name": "CVE-2024-44958",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44958"
},
{
"name": "CVE-2024-44966",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44966"
},
{
"name": "CVE-2024-47660",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47660"
},
{
"name": "CVE-2024-47665",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47665"
},
{
"name": "CVE-2024-47670",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47670"
},
{
"name": "CVE-2024-47671",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47671"
},
{
"name": "CVE-2024-47672",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47672"
},
{
"name": "CVE-2024-47673",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47673"
},
{
"name": "CVE-2024-47674",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47674"
},
{
"name": "CVE-2024-47682",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47682"
},
{
"name": "CVE-2024-47684",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47684"
},
{
"name": "CVE-2024-47685",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47685"
},
{
"name": "CVE-2024-47686",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47686"
},
{
"name": "CVE-2024-47692",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47692"
},
{
"name": "CVE-2024-47693",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47693"
},
{
"name": "CVE-2024-47695",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47695"
},
{
"name": "CVE-2024-47696",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47696"
},
{
"name": "CVE-2024-47697",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47697"
},
{
"name": "CVE-2024-47698",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47698"
},
{
"name": "CVE-2024-47699",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47699"
},
{
"name": "CVE-2024-47705",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47705"
},
{
"name": "CVE-2024-47706",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47706"
},
{
"name": "CVE-2024-47707",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47707"
},
{
"name": "CVE-2024-47709",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47709"
},
{
"name": "CVE-2024-47710",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47710"
},
{
"name": "CVE-2024-47712",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47712"
},
{
"name": "CVE-2024-47713",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47713"
},
{
"name": "CVE-2024-47718",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47718"
},
{
"name": "CVE-2024-47720",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47720"
},
{
"name": "CVE-2024-47723",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47723"
},
{
"name": "CVE-2024-47727",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47727"
},
{
"name": "CVE-2024-47728",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47728"
},
{
"name": "CVE-2024-47730",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47730"
},
{
"name": "CVE-2024-47731",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47731"
},
{
"name": "CVE-2024-47735",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47735"
},
{
"name": "CVE-2024-47737",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47737"
},
{
"name": "CVE-2024-47738",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47738"
},
{
"name": "CVE-2024-47739",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47739"
},
{
"name": "CVE-2024-47742",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47742"
},
{
"name": "CVE-2024-47743",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47743"
},
{
"name": "CVE-2024-47747",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47747"
},
{
"name": "CVE-2024-47748",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47748"
},
{
"name": "CVE-2024-47749",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47749"
},
{
"name": "CVE-2024-47750",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47750"
},
{
"name": "CVE-2024-47751",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47751"
},
{
"name": "CVE-2024-47756",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47756"
},
{
"name": "CVE-2024-47757",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47757"
},
{
"name": "CVE-2024-49850",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49850"
},
{
"name": "CVE-2024-49851",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49851"
},
{
"name": "CVE-2024-49852",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49852"
},
{
"name": "CVE-2024-49853",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49853"
},
{
"name": "CVE-2024-49855",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49855"
},
{
"name": "CVE-2024-49858",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49858"
},
{
"name": "CVE-2024-49860",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49860"
},
{
"name": "CVE-2024-49863",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49863"
},
{
"name": "CVE-2024-49866",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49866"
},
{
"name": "CVE-2024-49867",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49867"
},
{
"name": "CVE-2024-49870",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49870"
},
{
"name": "CVE-2024-49871",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49871"
},
{
"name": "CVE-2024-49875",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49875"
},
{
"name": "CVE-2024-49877",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49877"
},
{
"name": "CVE-2024-49878",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49878"
},
{
"name": "CVE-2024-49879",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49879"
},
{
"name": "CVE-2024-49881",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49881"
},
{
"name": "CVE-2024-49882",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49882"
},
{
"name": "CVE-2024-49883",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49883"
},
{
"name": "CVE-2024-49886",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49886"
},
{
"name": "CVE-2024-49890",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49890"
},
{
"name": "CVE-2024-49892",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49892"
},
{
"name": "CVE-2024-49894",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49894"
},
{
"name": "CVE-2024-49895",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49895"
},
{
"name": "CVE-2024-49896",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49896"
},
{
"name": "CVE-2024-49900",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49900"
},
{
"name": "CVE-2024-49902",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49902"
},
{
"name": "CVE-2024-49903",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49903"
},
{
"name": "CVE-2024-49907",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49907"
},
{
"name": "CVE-2024-49912",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49912"
},
{
"name": "CVE-2024-49913",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49913"
},
{
"name": "CVE-2024-49930",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49930"
},
{
"name": "CVE-2024-49933",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49933"
},
{
"name": "CVE-2024-49935",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49935"
},
{
"name": "CVE-2024-49936",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49936"
},
{
"name": "CVE-2024-49937",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49937"
},
{
"name": "CVE-2024-49938",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49938"
},
{
"name": "CVE-2024-49946",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49946"
},
{
"name": "CVE-2024-49949",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49949"
},
{
"name": "CVE-2024-49950",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49950"
},
{
"name": "CVE-2024-49954",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49954"
},
{
"name": "CVE-2024-49955",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49955"
},
{
"name": "CVE-2024-49957",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49957"
},
{
"name": "CVE-2024-49958",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49958"
},
{
"name": "CVE-2024-49959",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49959"
},
{
"name": "CVE-2024-49960",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49960"
},
{
"name": "CVE-2024-49961",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49961"
},
{
"name": "CVE-2024-49962",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49962"
},
{
"name": "CVE-2024-49963",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49963"
},
{
"name": "CVE-2024-49965",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49965"
},
{
"name": "CVE-2024-49966",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49966"
},
{
"name": "CVE-2024-49967",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49967"
},
{
"name": "CVE-2024-49969",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49969"
},
{
"name": "CVE-2024-49973",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49973"
},
{
"name": "CVE-2024-49974",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49974"
},
{
"name": "CVE-2024-49975",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49975"
},
{
"name": "CVE-2024-49981",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49981"
},
{
"name": "CVE-2024-49982",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49982"
},
{
"name": "CVE-2024-49985",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49985"
},
{
"name": "CVE-2024-49986",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49986"
},
{
"name": "CVE-2024-49991",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49991"
},
{
"name": "CVE-2024-49995",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49995"
},
{
"name": "CVE-2024-50000",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50000"
},
{
"name": "CVE-2024-50001",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50001"
},
{
"name": "CVE-2024-50002",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50002"
},
{
"name": "CVE-2024-50006",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50006"
},
{
"name": "CVE-2024-50007",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50007"
},
{
"name": "CVE-2024-50008",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50008"
},
{
"name": "CVE-2024-50013",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50013"
},
{
"name": "CVE-2024-50015",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50015"
},
{
"name": "CVE-2024-50019",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50019"
},
{
"name": "CVE-2024-50022",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50022"
},
{
"name": "CVE-2024-50024",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50024"
},
{
"name": "CVE-2024-50031",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50031"
},
{
"name": "CVE-2024-50033",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50033"
},
{
"name": "CVE-2024-50035",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50035"
},
{
"name": "CVE-2024-50040",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50040"
},
{
"name": "CVE-2024-50041",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50041"
},
{
"name": "CVE-2024-50044",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50044"
},
{
"name": "CVE-2024-50045",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50045"
},
{
"name": "CVE-2024-50046",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50046"
},
{
"name": "CVE-2024-50048",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50048"
},
{
"name": "CVE-2024-50049",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50049"
},
{
"name": "CVE-2024-50058",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50058"
},
{
"name": "CVE-2024-50059",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50059"
},
{
"name": "CVE-2024-50060",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50060"
},
{
"name": "CVE-2024-50062",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50062"
},
{
"name": "CVE-2024-50069",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50069"
},
{
"name": "CVE-2024-50073",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50073"
},
{
"name": "CVE-2024-50074",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50074"
},
{
"name": "CVE-2024-50077",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50077"
},
{
"name": "CVE-2024-50078",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50078"
},
{
"name": "CVE-2024-43868",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43868"
},
{
"name": "CVE-2024-44949",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44949"
},
{
"name": "CVE-2024-50012",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50012"
},
{
"name": "CVE-2024-50036",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50036"
},
{
"name": "CVE-2024-50067",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50067"
},
{
"name": "CVE-2024-50072",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50072"
},
{
"name": "CVE-2024-50126",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50126"
},
{
"name": "CVE-2024-50215",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50215"
},
{
"name": "CVE-2024-50218",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50218"
},
{
"name": "CVE-2024-50229",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50229"
},
{
"name": "CVE-2024-50230",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50230"
},
{
"name": "CVE-2024-50232",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50232"
},
{
"name": "CVE-2024-50233",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50233"
},
{
"name": "CVE-2024-50234",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50234"
},
{
"name": "CVE-2024-50235",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50235"
},
{
"name": "CVE-2024-50236",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50236"
},
{
"name": "CVE-2024-50237",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50237"
},
{
"name": "CVE-2024-50242",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50242"
},
{
"name": "CVE-2024-50243",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50243"
},
{
"name": "CVE-2024-50244",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50244"
},
{
"name": "CVE-2024-50245",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50245"
},
{
"name": "CVE-2024-50247",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50247"
},
{
"name": "CVE-2024-50249",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50249"
},
{
"name": "CVE-2024-50250",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50250"
},
{
"name": "CVE-2024-50251",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50251"
},
{
"name": "CVE-2024-50252",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50252"
},
{
"name": "CVE-2024-50255",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50255"
},
{
"name": "CVE-2024-50256",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50256"
},
{
"name": "CVE-2024-50257",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50257"
},
{
"name": "CVE-2024-50259",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50259"
},
{
"name": "CVE-2024-50261",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50261"
},
{
"name": "CVE-2024-50262",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50262"
},
{
"name": "CVE-2024-50264",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50264"
},
{
"name": "CVE-2024-50265",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50265"
},
{
"name": "CVE-2024-50267",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50267"
},
{
"name": "CVE-2024-50268",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50268"
},
{
"name": "CVE-2024-50269",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50269"
},
{
"name": "CVE-2024-50271",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50271"
},
{
"name": "CVE-2024-50272",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50272"
},
{
"name": "CVE-2024-50273",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50273"
},
{
"name": "CVE-2024-50276",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50276"
},
{
"name": "CVE-2024-50278",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50278"
},
{
"name": "CVE-2024-50279",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50279"
},
{
"name": "CVE-2024-50280",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50280"
},
{
"name": "CVE-2024-50282",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50282"
},
{
"name": "CVE-2024-50283",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50283"
},
{
"name": "CVE-2024-50284",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50284"
},
{
"name": "CVE-2024-50286",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50286"
},
{
"name": "CVE-2024-50287",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50287"
},
{
"name": "CVE-2024-50290",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50290"
},
{
"name": "CVE-2024-50292",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50292"
},
{
"name": "CVE-2024-50295",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50295"
},
{
"name": "CVE-2024-50296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50296"
},
{
"name": "CVE-2024-50299",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50299"
},
{
"name": "CVE-2024-50301",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50301"
},
{
"name": "CVE-2024-50302",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50302"
},
{
"name": "CVE-2024-53042",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53042"
},
{
"name": "CVE-2024-53043",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53043"
},
{
"name": "CVE-2024-53052",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53052"
},
{
"name": "CVE-2024-53055",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53055"
},
{
"name": "CVE-2024-53057",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53057"
},
{
"name": "CVE-2024-53058",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53058"
},
{
"name": "CVE-2024-53059",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53059"
},
{
"name": "CVE-2024-53060",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53060"
},
{
"name": "CVE-2024-53061",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53061"
},
{
"name": "CVE-2024-53063",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53063"
},
{
"name": "CVE-2024-53066",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53066"
},
{
"name": "CVE-2024-53070",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53070"
},
{
"name": "CVE-2024-53072",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53072"
},
{
"name": "CVE-2024-53081",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53081"
},
{
"name": "CVE-2024-53082",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53082"
},
{
"name": "CVE-2024-53088",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53088"
},
{
"name": "CVE-2024-53093",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53093"
},
{
"name": "CVE-2024-50208",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50208"
},
{
"name": "CVE-2024-50082",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50082"
},
{
"name": "CVE-2024-50099",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50099"
},
{
"name": "CVE-2024-50110",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50110"
},
{
"name": "CVE-2024-50142",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50142"
},
{
"name": "CVE-2024-50192",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50192"
},
{
"name": "CVE-2024-42273",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42273"
},
{
"name": "CVE-2024-42307",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42307"
},
{
"name": "CVE-2024-42321",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42321"
},
{
"name": "CVE-2024-47683",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47683"
},
{
"name": "CVE-2024-47679",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47679"
},
{
"name": "CVE-2024-47690",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47690"
},
{
"name": "CVE-2024-47701",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47701"
},
{
"name": "CVE-2024-47734",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47734"
},
{
"name": "CVE-2024-47740",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47740"
},
{
"name": "CVE-2024-49856",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49856"
},
{
"name": "CVE-2024-49868",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49868"
},
{
"name": "CVE-2024-49884",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49884"
},
{
"name": "CVE-2024-49889",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49889"
},
{
"name": "CVE-2024-49905",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49905"
},
{
"name": "CVE-2024-49924",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49924"
},
{
"name": "CVE-2024-49927",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49927"
},
{
"name": "CVE-2024-49944",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49944"
},
{
"name": "CVE-2024-49948",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49948"
},
{
"name": "CVE-2024-49952",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49952"
},
{
"name": "CVE-2024-49977",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49977"
},
{
"name": "CVE-2024-49983",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49983"
},
{
"name": "CVE-2024-49997",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49997"
},
{
"name": "CVE-2024-50003",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50003"
},
{
"name": "CVE-2024-50038",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50038"
},
{
"name": "CVE-2024-50039",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50039"
},
{
"name": "CVE-2024-50093",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50093"
},
{
"name": "CVE-2024-50095",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50095"
},
{
"name": "CVE-2024-50096",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50096"
},
{
"name": "CVE-2024-50179",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50179"
},
{
"name": "CVE-2024-50180",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50180"
},
{
"name": "CVE-2024-50181",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50181"
},
{
"name": "CVE-2024-50184",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50184"
},
{
"name": "CVE-2024-50186",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50186"
},
{
"name": "CVE-2024-50188",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50188"
},
{
"name": "CVE-2024-50189",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50189"
},
{
"name": "CVE-2024-50191",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50191"
},
{
"name": "CVE-2024-50026",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50026"
},
{
"name": "CVE-2024-50087",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50087"
},
{
"name": "CVE-2024-50088",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50088"
},
{
"name": "CVE-2024-50098",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50098"
},
{
"name": "CVE-2024-50101",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50101"
},
{
"name": "CVE-2024-50103",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50103"
},
{
"name": "CVE-2024-50108",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50108"
},
{
"name": "CVE-2024-50115",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50115"
},
{
"name": "CVE-2024-50116",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50116"
},
{
"name": "CVE-2024-50117",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50117"
},
{
"name": "CVE-2024-50124",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50124"
},
{
"name": "CVE-2024-50125",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50125"
},
{
"name": "CVE-2024-50127",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50127"
},
{
"name": "CVE-2024-50128",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50128"
},
{
"name": "CVE-2024-50131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50131"
},
{
"name": "CVE-2024-50134",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50134"
},
{
"name": "CVE-2024-50136",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50136"
},
{
"name": "CVE-2024-50138",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50138"
},
{
"name": "CVE-2024-50141",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50141"
},
{
"name": "CVE-2024-50145",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50145"
},
{
"name": "CVE-2024-50147",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50147"
},
{
"name": "CVE-2024-50148",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50148"
},
{
"name": "CVE-2024-50150",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50150"
},
{
"name": "CVE-2024-50153",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50153"
},
{
"name": "CVE-2024-50154",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50154"
},
{
"name": "CVE-2024-50155",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50155"
},
{
"name": "CVE-2024-50156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50156"
},
{
"name": "CVE-2024-50160",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50160"
},
{
"name": "CVE-2024-50167",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50167"
},
{
"name": "CVE-2024-50171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50171"
},
{
"name": "CVE-2024-50176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50176"
},
{
"name": "CVE-2024-50182",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50182"
},
{
"name": "CVE-2024-50183",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50183"
},
{
"name": "CVE-2024-50187",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50187"
},
{
"name": "CVE-2024-50194",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50194"
},
{
"name": "CVE-2024-50195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50195"
},
{
"name": "CVE-2024-50196",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50196"
},
{
"name": "CVE-2024-50198",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50198"
},
{
"name": "CVE-2024-50200",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50200"
},
{
"name": "CVE-2024-50201",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50201"
},
{
"name": "CVE-2024-50205",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50205"
},
{
"name": "CVE-2024-50209",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50209"
},
{
"name": "CVE-2024-50210",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50210"
},
{
"name": "CVE-2024-53096",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53096"
},
{
"name": "CVE-2024-53100",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53100"
},
{
"name": "CVE-2024-53101",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53101"
},
{
"name": "CVE-2024-53104",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53104"
},
{
"name": "CVE-2024-53106",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53106"
},
{
"name": "CVE-2024-53110",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53110"
},
{
"name": "CVE-2024-53112",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53112"
},
{
"name": "CVE-2024-53121",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53121"
},
{
"name": "CVE-2024-53138",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53138"
},
{
"name": "CVE-2023-45896",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45896"
},
{
"name": "CVE-2024-47678",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47678"
},
{
"name": "CVE-2024-49854",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49854"
},
{
"name": "CVE-2024-49859",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49859"
},
{
"name": "CVE-2024-49978",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49978"
},
{
"name": "CVE-2024-49992",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49992"
},
{
"name": "CVE-2024-50010",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50010"
},
{
"name": "CVE-2024-50083",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50083"
},
{
"name": "CVE-2024-50085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50085"
},
{
"name": "CVE-2024-50086",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50086"
},
{
"name": "CVE-2024-50133",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50133"
},
{
"name": "CVE-2024-50143",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50143"
},
{
"name": "CVE-2024-50151",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50151"
},
{
"name": "CVE-2024-50162",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50162"
},
{
"name": "CVE-2024-50163",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50163"
},
{
"name": "CVE-2024-50168",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50168"
},
{
"name": "CVE-2024-50185",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50185"
},
{
"name": "CVE-2024-50193",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50193"
},
{
"name": "CVE-2024-50199",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50199"
},
{
"name": "CVE-2024-50202",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50202"
},
{
"name": "CVE-2024-53097",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53097"
},
{
"name": "CVE-2024-53103",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53103"
},
{
"name": "CVE-2024-53113",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53113"
},
{
"name": "CVE-2024-53119",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53119"
},
{
"name": "CVE-2024-53120",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53120"
},
{
"name": "CVE-2024-53122",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53122"
},
{
"name": "CVE-2024-53123",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53123"
},
{
"name": "CVE-2024-53127",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53127"
},
{
"name": "CVE-2024-53129",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53129"
},
{
"name": "CVE-2024-53130",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53130"
},
{
"name": "CVE-2024-53131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53131"
},
{
"name": "CVE-2024-53135",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53135"
},
{
"name": "CVE-2024-53136",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53136"
},
{
"name": "CVE-2024-53140",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53140"
},
{
"name": "CVE-2024-53144",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53144"
},
{
"name": "CVE-2024-8805",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8805"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0002",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-01-03T00:00:00.000000"
},
{
"description": "Changement r\u00e9f\u00e9rence ",
"revision_date": "2025-01-06T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de Debian LTS. Elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un d\u00e9ni de service.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de Debian LTS",
"vendor_advisories": [
{
"published_at": "2025-01-05",
"title": "Bulletin de s\u00e9curit\u00e9 Debian LTS DLA-4008-1",
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
]
}
CERTFR-2025-AVI-0276
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans le noyau Linux d'Ubuntu. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Ubuntu 24.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 18.04 ESM",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 20.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 14.04 ESM",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 22.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2022-38096",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38096"
},
{
"name": "CVE-2023-21400",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21400"
},
{
"name": "CVE-2023-52458",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52458"
},
{
"name": "CVE-2021-47101",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47101"
},
{
"name": "CVE-2024-26718",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26718"
},
{
"name": "CVE-2021-47119",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47119"
},
{
"name": "CVE-2021-47001",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47001"
},
{
"name": "CVE-2021-47219",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47219"
},
{
"name": "CVE-2024-23848",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23848"
},
{
"name": "CVE-2021-47469",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47469"
},
{
"name": "CVE-2021-47483",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47483"
},
{
"name": "CVE-2023-52821",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52821"
},
{
"name": "CVE-2024-26928",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26928"
},
{
"name": "CVE-2024-35864",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35864"
},
{
"name": "CVE-2024-35887",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35887"
},
{
"name": "CVE-2024-35963",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35963"
},
{
"name": "CVE-2024-35965",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35965"
},
{
"name": "CVE-2024-35966",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35966"
},
{
"name": "CVE-2024-35967",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35967"
},
{
"name": "CVE-2024-36952",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36952"
},
{
"name": "CVE-2024-35896",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35896"
},
{
"name": "CVE-2024-36899",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36899"
},
{
"name": "CVE-2024-38544",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38544"
},
{
"name": "CVE-2024-38553",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38553"
},
{
"name": "CVE-2024-38597",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38597"
},
{
"name": "CVE-2024-40910",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40910"
},
{
"name": "CVE-2024-40911",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40911"
},
{
"name": "CVE-2024-40953",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40953"
},
{
"name": "CVE-2024-40967",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40967"
},
{
"name": "CVE-2024-38588",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38588"
},
{
"name": "CVE-2024-39497",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39497"
},
{
"name": "CVE-2024-41016",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41016"
},
{
"name": "CVE-2024-41066",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41066"
},
{
"name": "CVE-2024-40965",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40965"
},
{
"name": "CVE-2023-52913",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52913"
},
{
"name": "CVE-2024-41080",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41080"
},
{
"name": "CVE-2024-42291",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42291"
},
{
"name": "CVE-2024-42315",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42315"
},
{
"name": "CVE-2024-43863",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43863"
},
{
"name": "CVE-2024-43892",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43892"
},
{
"name": "CVE-2024-43900",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43900"
},
{
"name": "CVE-2024-44931",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44931"
},
{
"name": "CVE-2024-44938",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44938"
},
{
"name": "CVE-2024-46731",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46731"
},
{
"name": "CVE-2024-46784",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46784"
},
{
"name": "CVE-2024-46849",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46849"
},
{
"name": "CVE-2024-46853",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46853"
},
{
"name": "CVE-2024-46854",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46854"
},
{
"name": "CVE-2024-42252",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42252"
},
{
"name": "CVE-2024-46809",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46809"
},
{
"name": "CVE-2024-46841",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46841"
},
{
"name": "CVE-2024-46871",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46871"
},
{
"name": "CVE-2024-47670",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47670"
},
{
"name": "CVE-2024-47671",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47671"
},
{
"name": "CVE-2024-47672",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47672"
},
{
"name": "CVE-2024-47673",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47673"
},
{
"name": "CVE-2024-47674",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47674"
},
{
"name": "CVE-2024-47675",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47675"
},
{
"name": "CVE-2024-47681",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47681"
},
{
"name": "CVE-2024-47682",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47682"
},
{
"name": "CVE-2024-47684",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47684"
},
{
"name": "CVE-2024-47685",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47685"
},
{
"name": "CVE-2024-47686",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47686"
},
{
"name": "CVE-2024-47687",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47687"
},
{
"name": "CVE-2024-47688",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47688"
},
{
"name": "CVE-2024-47692",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47692"
},
{
"name": "CVE-2024-47693",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47693"
},
{
"name": "CVE-2024-47695",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47695"
},
{
"name": "CVE-2024-47696",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47696"
},
{
"name": "CVE-2024-47697",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47697"
},
{
"name": "CVE-2024-47698",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47698"
},
{
"name": "CVE-2024-47699",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47699"
},
{
"name": "CVE-2024-47702",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47702"
},
{
"name": "CVE-2024-47704",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47704"
},
{
"name": "CVE-2024-47705",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47705"
},
{
"name": "CVE-2024-47706",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47706"
},
{
"name": "CVE-2024-47707",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47707"
},
{
"name": "CVE-2024-47709",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47709"
},
{
"name": "CVE-2024-47710",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47710"
},
{
"name": "CVE-2024-47712",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47712"
},
{
"name": "CVE-2024-47713",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47713"
},
{
"name": "CVE-2024-47714",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47714"
},
{
"name": "CVE-2024-47715",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47715"
},
{
"name": "CVE-2024-47718",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47718"
},
{
"name": "CVE-2024-47719",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47719"
},
{
"name": "CVE-2024-47720",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47720"
},
{
"name": "CVE-2024-47723",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47723"
},
{
"name": "CVE-2024-47727",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47727"
},
{
"name": "CVE-2024-47728",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47728"
},
{
"name": "CVE-2024-47730",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47730"
},
{
"name": "CVE-2024-47731",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47731"
},
{
"name": "CVE-2024-47732",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47732"
},
{
"name": "CVE-2024-47735",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47735"
},
{
"name": "CVE-2024-47737",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47737"
},
{
"name": "CVE-2024-47738",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47738"
},
{
"name": "CVE-2024-47739",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47739"
},
{
"name": "CVE-2024-47741",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47741"
},
{
"name": "CVE-2024-47742",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47742"
},
{
"name": "CVE-2024-47743",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47743"
},
{
"name": "CVE-2024-47744",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47744"
},
{
"name": "CVE-2024-47745",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47745"
},
{
"name": "CVE-2024-47747",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47747"
},
{
"name": "CVE-2024-47748",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47748"
},
{
"name": "CVE-2024-47749",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47749"
},
{
"name": "CVE-2024-47750",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47750"
},
{
"name": "CVE-2024-47751",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47751"
},
{
"name": "CVE-2024-47752",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47752"
},
{
"name": "CVE-2024-47753",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47753"
},
{
"name": "CVE-2024-47754",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47754"
},
{
"name": "CVE-2024-47756",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47756"
},
{
"name": "CVE-2024-47757",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47757"
},
{
"name": "CVE-2024-49850",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49850"
},
{
"name": "CVE-2024-49851",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49851"
},
{
"name": "CVE-2024-49852",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49852"
},
{
"name": "CVE-2024-49853",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49853"
},
{
"name": "CVE-2024-49855",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49855"
},
{
"name": "CVE-2024-49858",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49858"
},
{
"name": "CVE-2024-49860",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49860"
},
{
"name": "CVE-2024-49861",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49861"
},
{
"name": "CVE-2024-49862",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49862"
},
{
"name": "CVE-2024-49863",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49863"
},
{
"name": "CVE-2024-49864",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49864"
},
{
"name": "CVE-2024-49866",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49866"
},
{
"name": "CVE-2024-49867",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49867"
},
{
"name": "CVE-2024-49870",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49870"
},
{
"name": "CVE-2024-49871",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49871"
},
{
"name": "CVE-2024-49874",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49874"
},
{
"name": "CVE-2024-49875",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49875"
},
{
"name": "CVE-2024-49877",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49877"
},
{
"name": "CVE-2024-49878",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49878"
},
{
"name": "CVE-2024-49879",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49879"
},
{
"name": "CVE-2024-49881",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49881"
},
{
"name": "CVE-2024-49882",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49882"
},
{
"name": "CVE-2024-49883",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49883"
},
{
"name": "CVE-2024-49886",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49886"
},
{
"name": "CVE-2024-49888",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49888"
},
{
"name": "CVE-2024-49890",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49890"
},
{
"name": "CVE-2024-49891",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49891"
},
{
"name": "CVE-2024-49892",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49892"
},
{
"name": "CVE-2024-49894",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49894"
},
{
"name": "CVE-2024-49895",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49895"
},
{
"name": "CVE-2024-49896",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49896"
},
{
"name": "CVE-2024-49897",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49897"
},
{
"name": "CVE-2024-49898",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49898"
},
{
"name": "CVE-2024-49900",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49900"
},
{
"name": "CVE-2024-49901",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49901"
},
{
"name": "CVE-2024-49902",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49902"
},
{
"name": "CVE-2024-49903",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49903"
},
{
"name": "CVE-2024-49907",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49907"
},
{
"name": "CVE-2024-49909",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49909"
},
{
"name": "CVE-2024-49911",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49911"
},
{
"name": "CVE-2024-49912",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49912"
},
{
"name": "CVE-2024-49913",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49913"
},
{
"name": "CVE-2024-49914",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49914"
},
{
"name": "CVE-2024-49917",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49917"
},
{
"name": "CVE-2024-49918",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49918"
},
{
"name": "CVE-2024-49919",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49919"
},
{
"name": "CVE-2024-49920",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49920"
},
{
"name": "CVE-2024-49922",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49922"
},
{
"name": "CVE-2024-49923",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49923"
},
{
"name": "CVE-2024-49928",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49928"
},
{
"name": "CVE-2024-49929",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49929"
},
{
"name": "CVE-2024-49930",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49930"
},
{
"name": "CVE-2024-49931",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49931"
},
{
"name": "CVE-2024-49933",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49933"
},
{
"name": "CVE-2024-49935",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49935"
},
{
"name": "CVE-2024-49936",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49936"
},
{
"name": "CVE-2024-49937",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49937"
},
{
"name": "CVE-2024-49938",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49938"
},
{
"name": "CVE-2024-49939",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49939"
},
{
"name": "CVE-2024-49946",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49946"
},
{
"name": "CVE-2024-49947",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49947"
},
{
"name": "CVE-2024-49949",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49949"
},
{
"name": "CVE-2024-49950",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49950"
},
{
"name": "CVE-2024-49953",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49953"
},
{
"name": "CVE-2024-49954",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49954"
},
{
"name": "CVE-2024-49955",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49955"
},
{
"name": "CVE-2024-49957",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49957"
},
{
"name": "CVE-2024-49958",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49958"
},
{
"name": "CVE-2024-49959",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49959"
},
{
"name": "CVE-2024-49960",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49960"
},
{
"name": "CVE-2024-49961",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49961"
},
{
"name": "CVE-2024-49962",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49962"
},
{
"name": "CVE-2024-49963",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49963"
},
{
"name": "CVE-2024-49965",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49965"
},
{
"name": "CVE-2024-49966",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49966"
},
{
"name": "CVE-2024-49969",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49969"
},
{
"name": "CVE-2024-49972",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49972"
},
{
"name": "CVE-2024-49973",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49973"
},
{
"name": "CVE-2024-49974",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49974"
},
{
"name": "CVE-2024-49975",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49975"
},
{
"name": "CVE-2024-49981",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49981"
},
{
"name": "CVE-2024-49982",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49982"
},
{
"name": "CVE-2024-49985",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49985"
},
{
"name": "CVE-2024-49986",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49986"
},
{
"name": "CVE-2024-49991",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49991"
},
{
"name": "CVE-2024-49995",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49995"
},
{
"name": "CVE-2024-49996",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49996"
},
{
"name": "CVE-2024-50000",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50000"
},
{
"name": "CVE-2024-50001",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50001"
},
{
"name": "CVE-2024-50002",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50002"
},
{
"name": "CVE-2024-50006",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50006"
},
{
"name": "CVE-2024-50007",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50007"
},
{
"name": "CVE-2024-50008",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50008"
},
{
"name": "CVE-2024-50013",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50013"
},
{
"name": "CVE-2024-50014",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50014"
},
{
"name": "CVE-2024-50015",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50015"
},
{
"name": "CVE-2024-50017",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50017"
},
{
"name": "CVE-2024-50019",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50019"
},
{
"name": "CVE-2024-50020",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50020"
},
{
"name": "CVE-2024-50021",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50021"
},
{
"name": "CVE-2024-50022",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50022"
},
{
"name": "CVE-2024-50023",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50023"
},
{
"name": "CVE-2024-50024",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50024"
},
{
"name": "CVE-2024-50025",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50025"
},
{
"name": "CVE-2024-50027",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50027"
},
{
"name": "CVE-2024-50028",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50028"
},
{
"name": "CVE-2024-50031",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50031"
},
{
"name": "CVE-2024-50033",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50033"
},
{
"name": "CVE-2024-50035",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50035"
},
{
"name": "CVE-2024-50040",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50040"
},
{
"name": "CVE-2024-50041",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50041"
},
{
"name": "CVE-2024-50042",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50042"
},
{
"name": "CVE-2024-50044",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50044"
},
{
"name": "CVE-2024-50045",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50045"
},
{
"name": "CVE-2024-50046",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50046"
},
{
"name": "CVE-2024-50047",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50047"
},
{
"name": "CVE-2024-50048",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50048"
},
{
"name": "CVE-2024-50049",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50049"
},
{
"name": "CVE-2024-50055",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50055"
},
{
"name": "CVE-2024-50058",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50058"
},
{
"name": "CVE-2024-50059",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50059"
},
{
"name": "CVE-2024-50060",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50060"
},
{
"name": "CVE-2024-50061",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50061"
},
{
"name": "CVE-2024-50062",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50062"
},
{
"name": "CVE-2024-50063",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50063"
},
{
"name": "CVE-2024-50064",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50064"
},
{
"name": "CVE-2024-50069",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50069"
},
{
"name": "CVE-2024-50073",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50073"
},
{
"name": "CVE-2024-50074",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50074"
},
{
"name": "CVE-2024-50075",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50075"
},
{
"name": "CVE-2024-50076",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50076"
},
{
"name": "CVE-2024-50077",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50077"
},
{
"name": "CVE-2024-50078",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50078"
},
{
"name": "CVE-2024-50080",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50080"
},
{
"name": "CVE-2024-50012",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50012"
},
{
"name": "CVE-2024-50036",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50036"
},
{
"name": "CVE-2024-50072",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50072"
},
{
"name": "CVE-2024-50218",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50218"
},
{
"name": "CVE-2024-50229",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50229"
},
{
"name": "CVE-2024-50230",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50230"
},
{
"name": "CVE-2024-50232",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50232"
},
{
"name": "CVE-2024-50233",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50233"
},
{
"name": "CVE-2024-50234",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50234"
},
{
"name": "CVE-2024-50236",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50236"
},
{
"name": "CVE-2024-50237",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50237"
},
{
"name": "CVE-2024-50242",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50242"
},
{
"name": "CVE-2024-50244",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50244"
},
{
"name": "CVE-2024-50245",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50245"
},
{
"name": "CVE-2024-50247",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50247"
},
{
"name": "CVE-2024-50249",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50249"
},
{
"name": "CVE-2024-50251",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50251"
},
{
"name": "CVE-2024-50257",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50257"
},
{
"name": "CVE-2024-50259",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50259"
},
{
"name": "CVE-2024-50262",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50262"
},
{
"name": "CVE-2024-50264",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50264"
},
{
"name": "CVE-2024-50265",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50265"
},
{
"name": "CVE-2024-50267",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50267"
},
{
"name": "CVE-2024-50268",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50268"
},
{
"name": "CVE-2024-50269",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50269"
},
{
"name": "CVE-2024-50273",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50273"
},
{
"name": "CVE-2024-50278",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50278"
},
{
"name": "CVE-2024-50279",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50279"
},
{
"name": "CVE-2024-50282",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50282"
},
{
"name": "CVE-2024-50283",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50283"
},
{
"name": "CVE-2024-50287",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50287"
},
{
"name": "CVE-2024-50290",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50290"
},
{
"name": "CVE-2024-50292",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50292"
},
{
"name": "CVE-2024-50295",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50295"
},
{
"name": "CVE-2024-50296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50296"
},
{
"name": "CVE-2024-50299",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50299"
},
{
"name": "CVE-2024-50301",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50301"
},
{
"name": "CVE-2024-50302",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50302"
},
{
"name": "CVE-2024-53042",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53042"
},
{
"name": "CVE-2024-53052",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53052"
},
{
"name": "CVE-2024-53055",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53055"
},
{
"name": "CVE-2024-53057",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53057"
},
{
"name": "CVE-2024-53058",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53058"
},
{
"name": "CVE-2024-53059",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53059"
},
{
"name": "CVE-2024-53061",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53061"
},
{
"name": "CVE-2024-53063",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53063"
},
{
"name": "CVE-2024-53066",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53066"
},
{
"name": "CVE-2024-53088",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53088"
},
{
"name": "CVE-2024-49925",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49925"
},
{
"name": "CVE-2024-49945",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49945"
},
{
"name": "CVE-2024-50208",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50208"
},
{
"name": "CVE-2024-50082",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50082"
},
{
"name": "CVE-2024-50099",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50099"
},
{
"name": "CVE-2024-50110",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50110"
},
{
"name": "CVE-2024-50142",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50142"
},
{
"name": "CVE-2024-50192",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50192"
},
{
"name": "CVE-2024-47679",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47679"
},
{
"name": "CVE-2024-47690",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47690"
},
{
"name": "CVE-2024-47701",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47701"
},
{
"name": "CVE-2024-47734",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47734"
},
{
"name": "CVE-2024-47740",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47740"
},
{
"name": "CVE-2024-49856",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49856"
},
{
"name": "CVE-2024-49868",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49868"
},
{
"name": "CVE-2024-49884",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49884"
},
{
"name": "CVE-2024-49889",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49889"
},
{
"name": "CVE-2024-49893",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49893"
},
{
"name": "CVE-2024-49905",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49905"
},
{
"name": "CVE-2024-49915",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49915"
},
{
"name": "CVE-2024-49921",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49921"
},
{
"name": "CVE-2024-49924",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49924"
},
{
"name": "CVE-2024-49927",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49927"
},
{
"name": "CVE-2024-49944",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49944"
},
{
"name": "CVE-2024-49948",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49948"
},
{
"name": "CVE-2024-49952",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49952"
},
{
"name": "CVE-2024-49977",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49977"
},
{
"name": "CVE-2024-49983",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49983"
},
{
"name": "CVE-2024-49997",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49997"
},
{
"name": "CVE-2024-50038",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50038"
},
{
"name": "CVE-2024-50039",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50039"
},
{
"name": "CVE-2024-50093",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50093"
},
{
"name": "CVE-2024-50095",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50095"
},
{
"name": "CVE-2024-50096",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50096"
},
{
"name": "CVE-2024-50179",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50179"
},
{
"name": "CVE-2024-50180",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50180"
},
{
"name": "CVE-2024-50184",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50184"
},
{
"name": "CVE-2024-50186",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50186"
},
{
"name": "CVE-2024-50188",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50188"
},
{
"name": "CVE-2024-50189",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50189"
},
{
"name": "CVE-2024-50191",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50191"
},
{
"name": "CVE-2024-47703",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47703"
},
{
"name": "CVE-2024-49934",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49934"
},
{
"name": "CVE-2024-49968",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49968"
},
{
"name": "CVE-2024-49976",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49976"
},
{
"name": "CVE-2024-49987",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49987"
},
{
"name": "CVE-2024-49989",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49989"
},
{
"name": "CVE-2024-50009",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50009"
},
{
"name": "CVE-2024-50026",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50026"
},
{
"name": "CVE-2024-50084",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50084"
},
{
"name": "CVE-2024-50087",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50087"
},
{
"name": "CVE-2024-50088",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50088"
},
{
"name": "CVE-2024-50098",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50098"
},
{
"name": "CVE-2024-50101",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50101"
},
{
"name": "CVE-2024-50103",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50103"
},
{
"name": "CVE-2024-50115",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50115"
},
{
"name": "CVE-2024-50116",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50116"
},
{
"name": "CVE-2024-50117",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50117"
},
{
"name": "CVE-2024-50121",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50121"
},
{
"name": "CVE-2024-50127",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50127"
},
{
"name": "CVE-2024-50128",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50128"
},
{
"name": "CVE-2024-50131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50131"
},
{
"name": "CVE-2024-50134",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50134"
},
{
"name": "CVE-2024-50141",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50141"
},
{
"name": "CVE-2024-50148",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50148"
},
{
"name": "CVE-2024-50150",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50150"
},
{
"name": "CVE-2024-50153",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50153"
},
{
"name": "CVE-2024-50154",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50154"
},
{
"name": "CVE-2024-50156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50156"
},
{
"name": "CVE-2024-50160",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50160"
},
{
"name": "CVE-2024-50167",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50167"
},
{
"name": "CVE-2024-50171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50171"
},
{
"name": "CVE-2024-50175",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50175"
},
{
"name": "CVE-2024-50176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50176"
},
{
"name": "CVE-2024-50182",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50182"
},
{
"name": "CVE-2024-50183",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50183"
},
{
"name": "CVE-2024-50187",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50187"
},
{
"name": "CVE-2024-50194",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50194"
},
{
"name": "CVE-2024-50195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50195"
},
{
"name": "CVE-2024-50196",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50196"
},
{
"name": "CVE-2024-50198",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50198"
},
{
"name": "CVE-2024-50200",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50200"
},
{
"name": "CVE-2024-50201",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50201"
},
{
"name": "CVE-2024-50205",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50205"
},
{
"name": "CVE-2024-50209",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50209"
},
{
"name": "CVE-2024-50275",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50275"
},
{
"name": "CVE-2024-53096",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53096"
},
{
"name": "CVE-2024-53101",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53101"
},
{
"name": "CVE-2024-53104",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53104"
},
{
"name": "CVE-2024-53112",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53112"
},
{
"name": "CVE-2024-53121",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53121"
},
{
"name": "CVE-2024-53138",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53138"
},
{
"name": "CVE-2024-53142",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53142"
},
{
"name": "CVE-2024-47678",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47678"
},
{
"name": "CVE-2024-49859",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49859"
},
{
"name": "CVE-2024-49978",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49978"
},
{
"name": "CVE-2024-49992",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49992"
},
{
"name": "CVE-2024-50010",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50010"
},
{
"name": "CVE-2024-50083",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50083"
},
{
"name": "CVE-2024-50085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50085"
},
{
"name": "CVE-2024-50086",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50086"
},
{
"name": "CVE-2024-50143",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50143"
},
{
"name": "CVE-2024-50151",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50151"
},
{
"name": "CVE-2024-50162",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50162"
},
{
"name": "CVE-2024-50163",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50163"
},
{
"name": "CVE-2024-50168",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50168"
},
{
"name": "CVE-2024-50185",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50185"
},
{
"name": "CVE-2024-50193",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50193"
},
{
"name": "CVE-2024-50199",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50199"
},
{
"name": "CVE-2024-50202",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50202"
},
{
"name": "CVE-2024-53097",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53097"
},
{
"name": "CVE-2024-53103",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53103"
},
{
"name": "CVE-2024-53113",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53113"
},
{
"name": "CVE-2024-53119",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53119"
},
{
"name": "CVE-2024-53120",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53120"
},
{
"name": "CVE-2024-53122",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53122"
},
{
"name": "CVE-2024-53127",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53127"
},
{
"name": "CVE-2024-53129",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53129"
},
{
"name": "CVE-2024-53130",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53130"
},
{
"name": "CVE-2024-53131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53131"
},
{
"name": "CVE-2024-53135",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53135"
},
{
"name": "CVE-2024-53136",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53136"
},
{
"name": "CVE-2024-53140",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53140"
},
{
"name": "CVE-2024-53144",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53144"
},
{
"name": "CVE-2024-8805",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8805"
},
{
"name": "CVE-2024-50016",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50016"
},
{
"name": "CVE-2024-53099",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53099"
},
{
"name": "CVE-2024-53125",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53125"
},
{
"name": "CVE-2024-53141",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53141"
},
{
"name": "CVE-2024-53146",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53146"
},
{
"name": "CVE-2024-53148",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53148"
},
{
"name": "CVE-2024-53150",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53150"
},
{
"name": "CVE-2024-53151",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53151"
},
{
"name": "CVE-2024-53155",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53155"
},
{
"name": "CVE-2024-53156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53156"
},
{
"name": "CVE-2024-53157",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53157"
},
{
"name": "CVE-2024-53158",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53158"
},
{
"name": "CVE-2024-53161",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53161"
},
{
"name": "CVE-2024-53171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53171"
},
{
"name": "CVE-2024-53173",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53173"
},
{
"name": "CVE-2024-53174",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53174"
},
{
"name": "CVE-2024-53180",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53180"
},
{
"name": "CVE-2024-53206",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53206"
},
{
"name": "CVE-2024-53214",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53214"
},
{
"name": "CVE-2024-53215",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53215"
},
{
"name": "CVE-2024-53217",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53217"
},
{
"name": "CVE-2024-53237",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53237"
},
{
"name": "CVE-2024-56539",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56539"
},
{
"name": "CVE-2024-56562",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56562"
},
{
"name": "CVE-2024-56567",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56567"
},
{
"name": "CVE-2024-56576",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56576"
},
{
"name": "CVE-2024-56582",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56582"
},
{
"name": "CVE-2024-56605",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56605"
},
{
"name": "CVE-2024-56645",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56645"
},
{
"name": "CVE-2024-56754",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56754"
},
{
"name": "CVE-2024-56756",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56756"
},
{
"name": "CVE-2024-53239",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53239"
},
{
"name": "CVE-2024-56548",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56548"
},
{
"name": "CVE-2024-56570",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56570"
},
{
"name": "CVE-2024-56575",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56575"
},
{
"name": "CVE-2024-56598",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56598"
},
{
"name": "CVE-2024-56619",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56619"
},
{
"name": "CVE-2024-56631",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56631"
},
{
"name": "CVE-2024-56704",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56704"
},
{
"name": "CVE-2024-36476",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36476"
},
{
"name": "CVE-2024-45828",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45828"
},
{
"name": "CVE-2024-47143",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47143"
},
{
"name": "CVE-2024-48881",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48881"
},
{
"name": "CVE-2024-49951",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49951"
},
{
"name": "CVE-2024-49998",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49998"
},
{
"name": "CVE-2024-50051",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50051"
},
{
"name": "CVE-2024-52332",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52332"
},
{
"name": "CVE-2024-53170",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53170"
},
{
"name": "CVE-2024-53172",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53172"
},
{
"name": "CVE-2024-53194",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53194"
},
{
"name": "CVE-2024-53197",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53197"
},
{
"name": "CVE-2024-53198",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53198"
},
{
"name": "CVE-2024-53227",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53227"
},
{
"name": "CVE-2024-53685",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53685"
},
{
"name": "CVE-2024-53690",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53690"
},
{
"name": "CVE-2024-55881",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55881"
},
{
"name": "CVE-2024-55916",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55916"
},
{
"name": "CVE-2024-56369",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56369"
},
{
"name": "CVE-2024-56531",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56531"
},
{
"name": "CVE-2024-56532",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56532"
},
{
"name": "CVE-2024-56533",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56533"
},
{
"name": "CVE-2024-56558",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56558"
},
{
"name": "CVE-2024-56568",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56568"
},
{
"name": "CVE-2024-56569",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56569"
},
{
"name": "CVE-2024-56572",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56572"
},
{
"name": "CVE-2024-56574",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56574"
},
{
"name": "CVE-2024-53164",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53164"
},
{
"name": "CVE-2024-56578",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56578"
},
{
"name": "CVE-2024-56587",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56587"
},
{
"name": "CVE-2024-56589",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56589"
},
{
"name": "CVE-2024-56590",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56590"
},
{
"name": "CVE-2024-56593",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56593"
},
{
"name": "CVE-2024-56594",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56594"
},
{
"name": "CVE-2024-56595",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56595"
},
{
"name": "CVE-2024-56596",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56596"
},
{
"name": "CVE-2024-56597",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56597"
},
{
"name": "CVE-2024-56602",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56602"
},
{
"name": "CVE-2024-56603",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56603"
},
{
"name": "CVE-2024-56606",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56606"
},
{
"name": "CVE-2024-56614",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56614"
},
{
"name": "CVE-2024-56615",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56615"
},
{
"name": "CVE-2024-56616",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56616"
},
{
"name": "CVE-2024-56622",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56622"
},
{
"name": "CVE-2024-56623",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56623"
},
{
"name": "CVE-2024-56625",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56625"
},
{
"name": "CVE-2024-56629",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56629"
},
{
"name": "CVE-2024-56630",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56630"
},
{
"name": "CVE-2024-56634",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56634"
},
{
"name": "CVE-2024-56636",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56636"
},
{
"name": "CVE-2024-56637",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56637"
},
{
"name": "CVE-2024-56642",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56642"
},
{
"name": "CVE-2024-56643",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56643"
},
{
"name": "CVE-2024-56644",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56644"
},
{
"name": "CVE-2024-56648",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56648"
},
{
"name": "CVE-2024-56659",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56659"
},
{
"name": "CVE-2024-56662",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56662"
},
{
"name": "CVE-2024-56663",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56663"
},
{
"name": "CVE-2024-56670",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56670"
},
{
"name": "CVE-2024-56672",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56672"
},
{
"name": "CVE-2024-56678",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56678"
},
{
"name": "CVE-2024-56681",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56681"
},
{
"name": "CVE-2024-56688",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56688"
},
{
"name": "CVE-2024-56690",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56690"
},
{
"name": "CVE-2024-56691",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56691"
},
{
"name": "CVE-2024-56694",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56694"
},
{
"name": "CVE-2024-56698",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56698"
},
{
"name": "CVE-2024-56700",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56700"
},
{
"name": "CVE-2024-56701",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56701"
},
{
"name": "CVE-2024-56705",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56705"
},
{
"name": "CVE-2024-56708",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56708"
},
{
"name": "CVE-2024-56716",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56716"
},
{
"name": "CVE-2024-56723",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56723"
},
{
"name": "CVE-2024-56724",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56724"
},
{
"name": "CVE-2024-56739",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56739"
},
{
"name": "CVE-2024-56745",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56745"
},
{
"name": "CVE-2024-56746",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56746"
},
{
"name": "CVE-2024-56747",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56747"
},
{
"name": "CVE-2024-56748",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56748"
},
{
"name": "CVE-2024-56759",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56759"
},
{
"name": "CVE-2024-56767",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56767"
},
{
"name": "CVE-2024-56769",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56769"
},
{
"name": "CVE-2024-56774",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56774"
},
{
"name": "CVE-2024-56776",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56776"
},
{
"name": "CVE-2024-56777",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56777"
},
{
"name": "CVE-2024-56778",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56778"
},
{
"name": "CVE-2024-56779",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56779"
},
{
"name": "CVE-2024-56780",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56780"
},
{
"name": "CVE-2024-56787",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56787"
},
{
"name": "CVE-2024-57791",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57791"
},
{
"name": "CVE-2024-57792",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57792"
},
{
"name": "CVE-2024-57798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57798"
},
{
"name": "CVE-2024-57838",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57838"
},
{
"name": "CVE-2024-57849",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57849"
},
{
"name": "CVE-2024-57850",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57850"
},
{
"name": "CVE-2024-57874",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57874"
},
{
"name": "CVE-2024-57890",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57890"
},
{
"name": "CVE-2024-57892",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57892"
},
{
"name": "CVE-2024-57896",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57896"
},
{
"name": "CVE-2024-57897",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57897"
},
{
"name": "CVE-2024-57903",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57903"
},
{
"name": "CVE-2024-57904",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57904"
},
{
"name": "CVE-2024-57906",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57906"
},
{
"name": "CVE-2024-57907",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57907"
},
{
"name": "CVE-2024-57908",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57908"
},
{
"name": "CVE-2024-57910",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57910"
},
{
"name": "CVE-2024-57911",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57911"
},
{
"name": "CVE-2024-57912",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57912"
},
{
"name": "CVE-2024-57913",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57913"
},
{
"name": "CVE-2024-57922",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57922"
},
{
"name": "CVE-2024-57929",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57929"
},
{
"name": "CVE-2024-57940",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57940"
},
{
"name": "CVE-2025-21646",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21646"
},
{
"name": "CVE-2024-50304",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50304"
},
{
"name": "CVE-2024-56600",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56600"
},
{
"name": "CVE-2024-56601",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56601"
},
{
"name": "CVE-2024-56610",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56610"
},
{
"name": "CVE-2024-56650",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56650"
},
{
"name": "CVE-2024-56658",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56658"
},
{
"name": "CVE-2024-56679",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56679"
},
{
"name": "CVE-2024-56693",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56693"
},
{
"name": "CVE-2024-56715",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56715"
},
{
"name": "CVE-2024-56726",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56726"
},
{
"name": "CVE-2024-56728",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56728"
},
{
"name": "CVE-2024-56763",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56763"
},
{
"name": "CVE-2024-57802",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57802"
},
{
"name": "CVE-2024-57882",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57882"
},
{
"name": "CVE-2024-57884",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57884"
},
{
"name": "CVE-2024-57917",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57917"
},
{
"name": "CVE-2024-57931",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57931"
},
{
"name": "CVE-2024-57938",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57938"
},
{
"name": "CVE-2024-57946",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57946"
},
{
"name": "CVE-2025-21653",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21653"
},
{
"name": "CVE-2025-21664",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21664"
},
{
"name": "CVE-2025-21666",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21666"
},
{
"name": "CVE-2025-21669",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21669"
},
{
"name": "CVE-2025-21678",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21678"
},
{
"name": "CVE-2024-49994",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49994"
},
{
"name": "CVE-2024-53124",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53124"
},
{
"name": "CVE-2024-57925",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57925"
},
{
"name": "CVE-2024-57939",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57939"
},
{
"name": "CVE-2024-57948",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57948"
},
{
"name": "CVE-2025-21631",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21631"
},
{
"name": "CVE-2025-21636",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21636"
},
{
"name": "CVE-2025-21637",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21637"
},
{
"name": "CVE-2025-21638",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21638"
},
{
"name": "CVE-2025-21639",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21639"
},
{
"name": "CVE-2025-21640",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21640"
},
{
"name": "CVE-2025-21648",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21648"
},
{
"name": "CVE-2025-21665",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21665"
},
{
"name": "CVE-2025-21680",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21680"
},
{
"name": "CVE-2025-21683",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21683"
},
{
"name": "CVE-2024-56633",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56633"
},
{
"name": "CVE-2022-49034",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49034"
},
{
"name": "CVE-2024-47677",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47677"
},
{
"name": "CVE-2024-47689",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47689"
},
{
"name": "CVE-2024-47691",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47691"
},
{
"name": "CVE-2024-47700",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47700"
},
{
"name": "CVE-2024-47711",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47711"
},
{
"name": "CVE-2024-47716",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47716"
},
{
"name": "CVE-2024-47726",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47726"
},
{
"name": "CVE-2024-47733",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47733"
},
{
"name": "CVE-2024-49865",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49865"
},
{
"name": "CVE-2024-49876",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49876"
},
{
"name": "CVE-2024-49880",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49880"
},
{
"name": "CVE-2024-49885",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49885"
},
{
"name": "CVE-2024-49926",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49926"
},
{
"name": "CVE-2024-49942",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49942"
},
{
"name": "CVE-2024-49980",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49980"
},
{
"name": "CVE-2024-49988",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49988"
},
{
"name": "CVE-2024-49999",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49999"
},
{
"name": "CVE-2024-50005",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50005"
},
{
"name": "CVE-2024-50029",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50029"
},
{
"name": "CVE-2024-50030",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50030"
},
{
"name": "CVE-2024-50056",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50056"
},
{
"name": "CVE-2024-50057",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50057"
},
{
"name": "CVE-2024-50065",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50065"
},
{
"name": "CVE-2024-50066",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50066"
},
{
"name": "CVE-2024-50068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50068"
},
{
"name": "CVE-2024-50070",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50070"
},
{
"name": "CVE-2024-50090",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50090"
},
{
"name": "CVE-2024-50197",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50197"
},
{
"name": "CVE-2024-53145",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53145"
},
{
"name": "CVE-2024-53165",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53165"
},
{
"name": "CVE-2024-53181",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53181"
},
{
"name": "CVE-2024-53183",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53183"
},
{
"name": "CVE-2024-53184",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53184"
},
{
"name": "CVE-2024-53226",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53226"
},
{
"name": "CVE-2024-56720",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56720"
},
{
"name": "CVE-2025-0927",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0927"
},
{
"name": "CVE-2024-57889",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57889"
},
{
"name": "CVE-2025-21687",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21687"
},
{
"name": "CVE-2025-21689",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21689"
},
{
"name": "CVE-2025-21690",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21690"
},
{
"name": "CVE-2025-21692",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21692"
},
{
"name": "CVE-2025-21697",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21697"
},
{
"name": "CVE-2025-21699",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21699"
},
{
"name": "CVE-2024-43098",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43098"
},
{
"name": "CVE-2024-47408",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47408"
},
{
"name": "CVE-2024-49571",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49571"
},
{
"name": "CVE-2024-53680",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53680"
},
{
"name": "CVE-2024-56581",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56581"
},
{
"name": "CVE-2024-56586",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56586"
},
{
"name": "CVE-2024-56626",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56626"
},
{
"name": "CVE-2024-56627",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56627"
},
{
"name": "CVE-2024-56640",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56640"
},
{
"name": "CVE-2024-56770",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56770"
},
{
"name": "CVE-2024-56781",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56781"
},
{
"name": "CVE-2024-56785",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56785"
},
{
"name": "CVE-2024-57807",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57807"
},
{
"name": "CVE-2024-57841",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57841"
},
{
"name": "CVE-2024-57900",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57900"
},
{
"name": "CVE-2024-57901",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57901"
},
{
"name": "CVE-2024-57902",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57902"
},
{
"name": "CVE-2024-57951",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57951"
},
{
"name": "CVE-2025-21694",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21694"
},
{
"name": "CVE-2024-58087",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58087"
},
{
"name": "CVE-2021-47122",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47122"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0276",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-04-04T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux d\u0027Ubuntu. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux d\u0027Ubuntu",
"vendor_advisories": [
{
"published_at": "2025-04-01",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7402-1",
"url": "https://ubuntu.com/security/notices/USN-7402-1"
},
{
"published_at": "2025-04-02",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7406-1",
"url": "https://ubuntu.com/security/notices/USN-7406-1"
},
{
"published_at": "2025-04-01",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7401-1",
"url": "https://ubuntu.com/security/notices/USN-7401-1"
},
{
"published_at": "2025-03-28",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7389-1",
"url": "https://ubuntu.com/security/notices/USN-7389-1"
},
{
"published_at": "2025-04-02",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7408-2",
"url": "https://ubuntu.com/security/notices/USN-7408-2"
},
{
"published_at": "2025-04-02",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7406-2",
"url": "https://ubuntu.com/security/notices/USN-7406-2"
},
{
"published_at": "2025-04-03",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7415-1",
"url": "https://ubuntu.com/security/notices/USN-7415-1"
},
{
"published_at": "2025-04-01",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7402-2",
"url": "https://ubuntu.com/security/notices/USN-7402-2"
},
{
"published_at": "2025-03-28",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7387-3",
"url": "https://ubuntu.com/security/notices/USN-7387-3"
},
{
"published_at": "2025-04-02",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7407-1",
"url": "https://ubuntu.com/security/notices/USN-7407-1"
},
{
"published_at": "2025-04-02",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7408-1",
"url": "https://ubuntu.com/security/notices/USN-7408-1"
},
{
"published_at": "2025-03-28",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7391-1",
"url": "https://ubuntu.com/security/notices/USN-7391-1"
},
{
"published_at": "2025-03-28",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7387-2",
"url": "https://ubuntu.com/security/notices/USN-7387-2"
},
{
"published_at": "2025-03-28",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7392-1",
"url": "https://ubuntu.com/security/notices/USN-7392-1"
},
{
"published_at": "2025-04-01",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7403-1",
"url": "https://ubuntu.com/security/notices/USN-7403-1"
},
{
"published_at": "2025-04-03",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7413-1",
"url": "https://ubuntu.com/security/notices/USN-7413-1"
},
{
"published_at": "2025-04-02",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7406-3",
"url": "https://ubuntu.com/security/notices/USN-7406-3"
},
{
"published_at": "2025-03-28",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7390-1",
"url": "https://ubuntu.com/security/notices/USN-7390-1"
},
{
"published_at": "2025-03-27",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7387-1",
"url": "https://ubuntu.com/security/notices/USN-7387-1"
},
{
"published_at": "2025-03-28",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7393-1",
"url": "https://ubuntu.com/security/notices/USN-7393-1"
},
{
"published_at": "2025-03-27",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7388-1",
"url": "https://ubuntu.com/security/notices/USN-7388-1"
},
{
"published_at": "2025-04-03",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7406-4",
"url": "https://ubuntu.com/security/notices/USN-7406-4"
},
{
"published_at": "2025-03-28",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7392-2",
"url": "https://ubuntu.com/security/notices/USN-7392-2"
}
]
}
CERTFR-2025-AVI-0133
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, un contournement de la politique de sécurité et un déni de service.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SUSE | N/A | SUSE Linux Enterprise High Performance Computing 15 SP5 | ||
| SUSE | N/A | SUSE Manager Proxy 4.2 | ||
| SUSE | N/A | SUSE Linux Enterprise Desktop 15 SP6 | ||
| SUSE | N/A | SUSE Linux Enterprise Micro 5.3 | ||
| SUSE | N/A | Basesystem Module 15-SP6 | ||
| SUSE | N/A | SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 | ||
| SUSE | N/A | SUSE Linux Enterprise Micro for Rancher 5.2 | ||
| SUSE | N/A | SUSE Linux Enterprise High Performance Computing 12 SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Server 12 SP5 | ||
| SUSE | N/A | Public Cloud Module 15-SP6 | ||
| SUSE | N/A | SUSE Linux Enterprise Live Patching 15-SP4 | ||
| SUSE | N/A | SUSE Linux Enterprise Live Patching 15-SP3 | ||
| SUSE | N/A | openSUSE Leap 15.4 | ||
| SUSE | N/A | SUSE Linux Enterprise Server for SAP Applications 15 SP4 | ||
| SUSE | N/A | openSUSE Leap 15.5 | ||
| SUSE | N/A | SUSE Linux Enterprise High Performance Computing 15 SP4 | ||
| SUSE | N/A | SUSE Linux Enterprise High Availability Extension 15 SP3 | ||
| SUSE | N/A | SUSE Linux Enterprise Live Patching 15-SP6 | ||
| SUSE | N/A | SUSE Linux Enterprise Server 15 SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Server 15 SP3 Business Critical Linux | ||
| SUSE | N/A | SUSE Linux Enterprise Server for SAP Applications 15 SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Real Time 15 SP5 | ||
| SUSE | N/A | Legacy Module 15-SP6 | ||
| SUSE | N/A | SUSE Linux Enterprise Live Patching 12-SP5 | ||
| SUSE | N/A | SUSE Manager Retail Branch Server 4.2 | ||
| SUSE | N/A | SUSE Linux Enterprise Live Patching 15-SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Server 15 SP3 | ||
| SUSE | N/A | SUSE Linux Enterprise Micro 5.2 | ||
| SUSE | N/A | SUSE Linux Enterprise Real Time 15 SP6 | ||
| SUSE | N/A | openSUSE Leap 15.6 | ||
| SUSE | N/A | SUSE Enterprise Storage 7.1 | ||
| SUSE | N/A | SUSE Linux Enterprise Server 15 SP4 | ||
| SUSE | N/A | SUSE Linux Enterprise Real Time 15 SP4 | ||
| SUSE | N/A | SUSE Manager Server 4.2 | ||
| SUSE | N/A | SUSE Linux Enterprise Workstation Extension 15 SP6 | ||
| SUSE | N/A | SUSE Linux Enterprise High Performance Computing 15 SP3 | ||
| SUSE | N/A | SUSE Linux Enterprise Server for SAP Applications 15 SP3 | ||
| SUSE | N/A | SUSE Linux Enterprise Server for SAP Applications 12 SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Server 15 SP3 LTSS | ||
| SUSE | N/A | SUSE Linux Enterprise Micro 5.1 | ||
| SUSE | N/A | SUSE Linux Enterprise Micro 5.4 | ||
| SUSE | N/A | openSUSE Leap 15.3 | ||
| SUSE | N/A | SUSE Linux Enterprise High Availability Extension 15 SP6 | ||
| SUSE | N/A | SUSE Linux Enterprise Server for SAP Applications 15 SP6 | ||
| SUSE | N/A | Development Tools Module 15-SP6 | ||
| SUSE | N/A | SUSE Linux Enterprise Server 15 SP6 | ||
| SUSE | N/A | SUSE Linux Enterprise Micro 5.5 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SUSE Linux Enterprise High Performance Computing 15 SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Proxy 4.2",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Desktop 15 SP6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro 5.3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "Basesystem Module 15-SP6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing LTSS 15 SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro for Rancher 5.2",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 12 SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 12 SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "Public Cloud Module 15-SP6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 15-SP4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 15-SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "openSUSE Leap 15.4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "openSUSE Leap 15.5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 15 SP4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Availability Extension 15 SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 15-SP6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15 SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15 SP3 Business Critical Linux",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Real Time 15 SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "Legacy Module 15-SP6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 12-SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Retail Branch Server 4.2",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 15-SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15 SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro 5.2",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Real Time 15 SP6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "openSUSE Leap 15.6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Enterprise Storage 7.1",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15 SP4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Real Time 15 SP4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Server 4.2",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Workstation Extension 15 SP6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 15 SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15 SP3 LTSS",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro 5.1",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro 5.4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "openSUSE Leap 15.3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Availability Extension 15 SP6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "Development Tools Module 15-SP6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15 SP6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro 5.5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2023-4244",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4244"
},
{
"name": "CVE-2024-26810",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26810"
},
{
"name": "CVE-2023-52489",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52489"
},
{
"name": "CVE-2024-35863",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35863"
},
{
"name": "CVE-2022-48912",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48912"
},
{
"name": "CVE-2022-48923",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48923"
},
{
"name": "CVE-2024-45016",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45016"
},
{
"name": "CVE-2024-46858",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46858"
},
{
"name": "CVE-2024-47684",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47684"
},
{
"name": "CVE-2024-50251",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50251"
},
{
"name": "CVE-2024-50299",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50299"
},
{
"name": "CVE-2024-43913",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43913"
},
{
"name": "CVE-2024-49948",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49948"
},
{
"name": "CVE-2024-53095",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53095"
},
{
"name": "CVE-2024-53104",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53104"
},
{
"name": "CVE-2024-49978",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49978"
},
{
"name": "CVE-2024-50151",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50151"
},
{
"name": "CVE-2024-50199",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50199"
},
{
"name": "CVE-2024-56605",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56605"
},
{
"name": "CVE-2024-53239",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53239"
},
{
"name": "CVE-2024-56548",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56548"
},
{
"name": "CVE-2024-56570",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56570"
},
{
"name": "CVE-2024-56571",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56571"
},
{
"name": "CVE-2024-56575",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56575"
},
{
"name": "CVE-2024-56598",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56598"
},
{
"name": "CVE-2024-56619",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56619"
},
{
"name": "CVE-2024-56631",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56631"
},
{
"name": "CVE-2024-56704",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56704"
},
{
"name": "CVE-2023-52923",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52923"
},
{
"name": "CVE-2024-36476",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36476"
},
{
"name": "CVE-2024-39282",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39282"
},
{
"name": "CVE-2024-45828",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45828"
},
{
"name": "CVE-2024-46896",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46896"
},
{
"name": "CVE-2024-47141",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47141"
},
{
"name": "CVE-2024-47143",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47143"
},
{
"name": "CVE-2024-47809",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47809"
},
{
"name": "CVE-2024-48873",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48873"
},
{
"name": "CVE-2024-48881",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48881"
},
{
"name": "CVE-2024-49569",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49569"
},
{
"name": "CVE-2024-49951",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49951"
},
{
"name": "CVE-2024-49998",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49998"
},
{
"name": "CVE-2024-50051",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50051"
},
{
"name": "CVE-2024-50106",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50106"
},
{
"name": "CVE-2024-52332",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52332"
},
{
"name": "CVE-2024-53091",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53091"
},
{
"name": "CVE-2024-53168",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53168"
},
{
"name": "CVE-2024-53170",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53170"
},
{
"name": "CVE-2024-53172",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53172"
},
{
"name": "CVE-2024-53175",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53175"
},
{
"name": "CVE-2024-53185",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53185"
},
{
"name": "CVE-2024-53194",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53194"
},
{
"name": "CVE-2024-53195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53195"
},
{
"name": "CVE-2024-53196",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53196"
},
{
"name": "CVE-2024-53197",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53197"
},
{
"name": "CVE-2024-53198",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53198"
},
{
"name": "CVE-2024-53227",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53227"
},
{
"name": "CVE-2024-53230",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53230"
},
{
"name": "CVE-2024-53231",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53231"
},
{
"name": "CVE-2024-53232",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53232"
},
{
"name": "CVE-2024-53233",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53233"
},
{
"name": "CVE-2024-53236",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53236"
},
{
"name": "CVE-2024-53685",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53685"
},
{
"name": "CVE-2024-53690",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53690"
},
{
"name": "CVE-2024-54680",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54680"
},
{
"name": "CVE-2024-55639",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55639"
},
{
"name": "CVE-2024-55881",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55881"
},
{
"name": "CVE-2024-55916",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55916"
},
{
"name": "CVE-2024-56369",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56369"
},
{
"name": "CVE-2024-56372",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56372"
},
{
"name": "CVE-2024-56531",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56531"
},
{
"name": "CVE-2024-56532",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56532"
},
{
"name": "CVE-2024-56533",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56533"
},
{
"name": "CVE-2024-56538",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56538"
},
{
"name": "CVE-2024-56543",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56543"
},
{
"name": "CVE-2024-56546",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56546"
},
{
"name": "CVE-2024-56557",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56557"
},
{
"name": "CVE-2024-56558",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56558"
},
{
"name": "CVE-2024-56568",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56568"
},
{
"name": "CVE-2024-56569",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56569"
},
{
"name": "CVE-2024-56572",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56572"
},
{
"name": "CVE-2024-56573",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56573"
},
{
"name": "CVE-2024-56574",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56574"
},
{
"name": "CVE-2024-53164",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53164"
},
{
"name": "CVE-2024-56577",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56577"
},
{
"name": "CVE-2024-56578",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56578"
},
{
"name": "CVE-2024-56584",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56584"
},
{
"name": "CVE-2024-56587",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56587"
},
{
"name": "CVE-2024-56588",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56588"
},
{
"name": "CVE-2024-56589",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56589"
},
{
"name": "CVE-2024-56590",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56590"
},
{
"name": "CVE-2024-56593",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56593"
},
{
"name": "CVE-2024-56594",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56594"
},
{
"name": "CVE-2024-56595",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56595"
},
{
"name": "CVE-2024-56596",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56596"
},
{
"name": "CVE-2024-56597",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56597"
},
{
"name": "CVE-2024-56602",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56602"
},
{
"name": "CVE-2024-56603",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56603"
},
{
"name": "CVE-2024-56606",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56606"
},
{
"name": "CVE-2024-56607",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56607"
},
{
"name": "CVE-2024-56609",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56609"
},
{
"name": "CVE-2024-56611",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56611"
},
{
"name": "CVE-2024-56614",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56614"
},
{
"name": "CVE-2024-56615",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56615"
},
{
"name": "CVE-2024-56616",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56616"
},
{
"name": "CVE-2024-56617",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56617"
},
{
"name": "CVE-2024-56620",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56620"
},
{
"name": "CVE-2024-56622",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56622"
},
{
"name": "CVE-2024-56623",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56623"
},
{
"name": "CVE-2024-56625",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56625"
},
{
"name": "CVE-2024-56629",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56629"
},
{
"name": "CVE-2024-56630",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56630"
},
{
"name": "CVE-2024-56632",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56632"
},
{
"name": "CVE-2024-56634",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56634"
},
{
"name": "CVE-2024-56635",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56635"
},
{
"name": "CVE-2024-56636",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56636"
},
{
"name": "CVE-2024-56637",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56637"
},
{
"name": "CVE-2024-56641",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56641"
},
{
"name": "CVE-2024-56642",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56642"
},
{
"name": "CVE-2024-56643",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56643"
},
{
"name": "CVE-2024-56644",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56644"
},
{
"name": "CVE-2024-56648",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56648"
},
{
"name": "CVE-2024-56649",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56649"
},
{
"name": "CVE-2024-56651",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56651"
},
{
"name": "CVE-2024-56654",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56654"
},
{
"name": "CVE-2024-56656",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56656"
},
{
"name": "CVE-2024-56659",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56659"
},
{
"name": "CVE-2024-56660",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56660"
},
{
"name": "CVE-2024-56661",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56661"
},
{
"name": "CVE-2024-56662",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56662"
},
{
"name": "CVE-2024-56663",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56663"
},
{
"name": "CVE-2024-56664",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56664"
},
{
"name": "CVE-2024-56670",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56670"
},
{
"name": "CVE-2024-56672",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56672"
},
{
"name": "CVE-2024-56675",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56675"
},
{
"name": "CVE-2024-56677",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56677"
},
{
"name": "CVE-2024-56678",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56678"
},
{
"name": "CVE-2024-56681",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56681"
},
{
"name": "CVE-2024-56683",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56683"
},
{
"name": "CVE-2024-56687",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56687"
},
{
"name": "CVE-2024-56688",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56688"
},
{
"name": "CVE-2024-56690",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56690"
},
{
"name": "CVE-2024-56691",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56691"
},
{
"name": "CVE-2024-56694",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56694"
},
{
"name": "CVE-2024-56698",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56698"
},
{
"name": "CVE-2024-56700",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56700"
},
{
"name": "CVE-2024-56701",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56701"
},
{
"name": "CVE-2024-56705",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56705"
},
{
"name": "CVE-2024-56708",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56708"
},
{
"name": "CVE-2024-56709",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56709"
},
{
"name": "CVE-2024-56712",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56712"
},
{
"name": "CVE-2024-56716",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56716"
},
{
"name": "CVE-2024-56722",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56722"
},
{
"name": "CVE-2024-56723",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56723"
},
{
"name": "CVE-2024-56724",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56724"
},
{
"name": "CVE-2024-56729",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56729"
},
{
"name": "CVE-2024-56739",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56739"
},
{
"name": "CVE-2024-56741",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56741"
},
{
"name": "CVE-2024-56745",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56745"
},
{
"name": "CVE-2024-56746",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56746"
},
{
"name": "CVE-2024-56747",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56747"
},
{
"name": "CVE-2024-56748",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56748"
},
{
"name": "CVE-2024-56759",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56759"
},
{
"name": "CVE-2024-56760",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56760"
},
{
"name": "CVE-2024-56765",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56765"
},
{
"name": "CVE-2024-56766",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56766"
},
{
"name": "CVE-2024-56767",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56767"
},
{
"name": "CVE-2024-56769",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56769"
},
{
"name": "CVE-2024-56774",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56774"
},
{
"name": "CVE-2024-56775",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56775"
},
{
"name": "CVE-2024-56776",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56776"
},
{
"name": "CVE-2024-56777",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56777"
},
{
"name": "CVE-2024-56778",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56778"
},
{
"name": "CVE-2024-56779",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56779"
},
{
"name": "CVE-2024-56780",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56780"
},
{
"name": "CVE-2024-56787",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56787"
},
{
"name": "CVE-2024-57791",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57791"
},
{
"name": "CVE-2024-57792",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57792"
},
{
"name": "CVE-2024-57793",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57793"
},
{
"name": "CVE-2024-57795",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57795"
},
{
"name": "CVE-2024-57798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57798"
},
{
"name": "CVE-2024-57801",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57801"
},
{
"name": "CVE-2024-57804",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57804"
},
{
"name": "CVE-2024-57809",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57809"
},
{
"name": "CVE-2024-57838",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57838"
},
{
"name": "CVE-2024-57849",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57849"
},
{
"name": "CVE-2024-57850",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57850"
},
{
"name": "CVE-2024-57857",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57857"
},
{
"name": "CVE-2024-57874",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57874"
},
{
"name": "CVE-2024-57876",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57876"
},
{
"name": "CVE-2024-57887",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57887"
},
{
"name": "CVE-2024-57888",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57888"
},
{
"name": "CVE-2024-57890",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57890"
},
{
"name": "CVE-2024-57892",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57892"
},
{
"name": "CVE-2024-57893",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57893"
},
{
"name": "CVE-2024-57896",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57896"
},
{
"name": "CVE-2024-57897",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57897"
},
{
"name": "CVE-2024-57899",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57899"
},
{
"name": "CVE-2024-57903",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57903"
},
{
"name": "CVE-2024-57904",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57904"
},
{
"name": "CVE-2024-57906",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57906"
},
{
"name": "CVE-2024-57907",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57907"
},
{
"name": "CVE-2024-57908",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57908"
},
{
"name": "CVE-2024-57910",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57910"
},
{
"name": "CVE-2024-57911",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57911"
},
{
"name": "CVE-2024-57912",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57912"
},
{
"name": "CVE-2024-57913",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57913"
},
{
"name": "CVE-2024-57915",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57915"
},
{
"name": "CVE-2024-57916",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57916"
},
{
"name": "CVE-2024-57922",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57922"
},
{
"name": "CVE-2024-57926",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57926"
},
{
"name": "CVE-2024-57929",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57929"
},
{
"name": "CVE-2024-57932",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57932"
},
{
"name": "CVE-2024-57933",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57933"
},
{
"name": "CVE-2024-57935",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57935"
},
{
"name": "CVE-2024-57936",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57936"
},
{
"name": "CVE-2024-57940",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57940"
},
{
"name": "CVE-2025-21632",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21632"
},
{
"name": "CVE-2025-21645",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21645"
},
{
"name": "CVE-2025-21646",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21646"
},
{
"name": "CVE-2025-21649",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21649"
},
{
"name": "CVE-2025-21650",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21650"
},
{
"name": "CVE-2025-21651",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21651"
},
{
"name": "CVE-2025-21656",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21656"
},
{
"name": "CVE-2025-21662",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21662"
},
{
"name": "CVE-2024-50258",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50258"
},
{
"name": "CVE-2024-50304",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50304"
},
{
"name": "CVE-2024-53187",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53187"
},
{
"name": "CVE-2024-53203",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53203"
},
{
"name": "CVE-2024-56592",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56592"
},
{
"name": "CVE-2024-56600",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56600"
},
{
"name": "CVE-2024-56601",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56601"
},
{
"name": "CVE-2024-56608",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56608"
},
{
"name": "CVE-2024-56610",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56610"
},
{
"name": "CVE-2024-56650",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56650"
},
{
"name": "CVE-2024-56658",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56658"
},
{
"name": "CVE-2024-56665",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56665"
},
{
"name": "CVE-2024-56679",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56679"
},
{
"name": "CVE-2024-56693",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56693"
},
{
"name": "CVE-2024-56707",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56707"
},
{
"name": "CVE-2024-56715",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56715"
},
{
"name": "CVE-2024-56725",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56725"
},
{
"name": "CVE-2024-56726",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56726"
},
{
"name": "CVE-2024-56727",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56727"
},
{
"name": "CVE-2024-56728",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56728"
},
{
"name": "CVE-2024-56763",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56763"
},
{
"name": "CVE-2024-57802",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57802"
},
{
"name": "CVE-2024-57882",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57882"
},
{
"name": "CVE-2024-57884",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57884"
},
{
"name": "CVE-2024-57917",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57917"
},
{
"name": "CVE-2024-57931",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57931"
},
{
"name": "CVE-2024-57938",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57938"
},
{
"name": "CVE-2024-57946",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57946"
},
{
"name": "CVE-2025-21652",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21652"
},
{
"name": "CVE-2025-21653",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21653"
},
{
"name": "CVE-2025-21655",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21655"
},
{
"name": "CVE-2025-21663",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21663"
},
{
"name": "CVE-2025-21664",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21664"
},
{
"name": "CVE-2025-21666",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21666"
},
{
"name": "CVE-2025-21669",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21669"
},
{
"name": "CVE-2025-21670",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21670"
},
{
"name": "CVE-2025-21674",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21674"
},
{
"name": "CVE-2025-21675",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21675"
},
{
"name": "CVE-2025-21676",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21676"
},
{
"name": "CVE-2025-21678",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21678"
},
{
"name": "CVE-2025-21682",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21682"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0133",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-02-14T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de SUSE. Elles permettent \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es, un contournement de la politique de s\u00e9curit\u00e9 et un d\u00e9ni de service.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de SUSE",
"vendor_advisories": [
{
"published_at": "2025-02-10",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2025:0414-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250414-1"
},
{
"published_at": "2025-02-10",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2025:0426-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250426-1"
},
{
"published_at": "2025-02-13",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2025:0517-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250517-1"
},
{
"published_at": "2025-02-12",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2025:0494-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250494-1"
},
{
"published_at": "2025-02-12",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2025:0486-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250486-1"
},
{
"published_at": "2025-02-12",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2025:0455-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250455-1"
},
{
"published_at": "2025-02-12",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2025:0462-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250462-1"
},
{
"published_at": "2025-02-12",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2025:0452-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250452-1"
},
{
"published_at": "2025-02-12",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2025:0487-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250487-1"
},
{
"published_at": "2025-02-12",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2025:0449-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250449-1"
},
{
"published_at": "2025-02-10",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2025:0428-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250428-1"
},
{
"published_at": "2025-02-12",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2025:0489-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250489-1"
},
{
"published_at": "2025-02-13",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2025:0499-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250499-1"
},
{
"published_at": "2025-02-12",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2025:0465-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250465-1"
},
{
"published_at": "2025-02-12",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2025:0476-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250476-1"
},
{
"published_at": "2025-02-09",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2025:0410-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250410-1"
},
{
"published_at": "2025-02-11",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2025:0440-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250440-1"
}
]
}
CERTFR-2025-AVI-0184
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans le noyau Linux de Debian LTS. Elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à la confidentialité des données et un déni de service.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Debian LTS bullseye versions ant\u00e9rieures \u00e0 6.1.128-1~deb11u1",
"product": {
"name": "Debian",
"vendor": {
"name": "Debian",
"scada": false
}
}
},
{
"description": "Debian LTS bullseye versions ant\u00e9rieures \u00e0 5.10.234-1",
"product": {
"name": "Debian",
"vendor": {
"name": "Debian",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-26595",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26595"
},
{
"name": "CVE-2023-52530",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52530"
},
{
"name": "CVE-2024-27072",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27072"
},
{
"name": "CVE-2021-47469",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47469"
},
{
"name": "CVE-2024-26921",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26921"
},
{
"name": "CVE-2024-35870",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35870"
},
{
"name": "CVE-2024-35965",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35965"
},
{
"name": "CVE-2024-35966",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35966"
},
{
"name": "CVE-2024-35956",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35956"
},
{
"name": "CVE-2024-36479",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36479"
},
{
"name": "CVE-2024-36899",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36899"
},
{
"name": "CVE-2024-37021",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37021"
},
{
"name": "CVE-2024-38544",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38544"
},
{
"name": "CVE-2024-38591",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38591"
},
{
"name": "CVE-2024-27017",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27017"
},
{
"name": "CVE-2024-40953",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40953"
},
{
"name": "CVE-2024-38588",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38588"
},
{
"name": "CVE-2024-38538",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38538"
},
{
"name": "CVE-2024-41014",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41014"
},
{
"name": "CVE-2024-39497",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39497"
},
{
"name": "CVE-2024-41016",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41016"
},
{
"name": "CVE-2024-41060",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41060"
},
{
"name": "CVE-2024-41080",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41080"
},
{
"name": "CVE-2024-42315",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42315"
},
{
"name": "CVE-2024-42319",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42319"
},
{
"name": "CVE-2024-44931",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44931"
},
{
"name": "CVE-2024-44940",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44940"
},
{
"name": "CVE-2024-46849",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46849"
},
{
"name": "CVE-2024-46853",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46853"
},
{
"name": "CVE-2024-46854",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46854"
},
{
"name": "CVE-2024-46858",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46858"
},
{
"name": "CVE-2024-46865",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46865"
},
{
"name": "CVE-2023-52916",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52916"
},
{
"name": "CVE-2024-42252",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42252"
},
{
"name": "CVE-2024-44950",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44950"
},
{
"name": "CVE-2024-46695",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46695"
},
{
"name": "CVE-2023-52917",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52917"
},
{
"name": "CVE-2024-46809",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46809"
},
{
"name": "CVE-2024-46841",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46841"
},
{
"name": "CVE-2024-47670",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47670"
},
{
"name": "CVE-2024-47671",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47671"
},
{
"name": "CVE-2024-47672",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47672"
},
{
"name": "CVE-2024-47674",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47674"
},
{
"name": "CVE-2024-47684",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47684"
},
{
"name": "CVE-2024-47685",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47685"
},
{
"name": "CVE-2024-47692",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47692"
},
{
"name": "CVE-2024-47696",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47696"
},
{
"name": "CVE-2024-47697",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47697"
},
{
"name": "CVE-2024-47698",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47698"
},
{
"name": "CVE-2024-47699",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47699"
},
{
"name": "CVE-2024-47705",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47705"
},
{
"name": "CVE-2024-47706",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47706"
},
{
"name": "CVE-2024-47707",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47707"
},
{
"name": "CVE-2024-47709",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47709"
},
{
"name": "CVE-2024-47710",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47710"
},
{
"name": "CVE-2024-47712",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47712"
},
{
"name": "CVE-2024-47713",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47713"
},
{
"name": "CVE-2024-47718",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47718"
},
{
"name": "CVE-2024-47723",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47723"
},
{
"name": "CVE-2024-47735",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47735"
},
{
"name": "CVE-2024-47737",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47737"
},
{
"name": "CVE-2024-47739",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47739"
},
{
"name": "CVE-2024-47742",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47742"
},
{
"name": "CVE-2024-47745",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47745"
},
{
"name": "CVE-2024-47748",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47748"
},
{
"name": "CVE-2024-47749",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47749"
},
{
"name": "CVE-2024-47756",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47756"
},
{
"name": "CVE-2024-47757",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47757"
},
{
"name": "CVE-2024-49851",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49851"
},
{
"name": "CVE-2024-49858",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49858"
},
{
"name": "CVE-2024-49860",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49860"
},
{
"name": "CVE-2024-49861",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49861"
},
{
"name": "CVE-2024-49863",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49863"
},
{
"name": "CVE-2024-49867",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49867"
},
{
"name": "CVE-2024-49875",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49875"
},
{
"name": "CVE-2024-49877",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49877"
},
{
"name": "CVE-2024-49878",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49878"
},
{
"name": "CVE-2024-49879",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49879"
},
{
"name": "CVE-2024-49881",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49881"
},
{
"name": "CVE-2024-49882",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49882"
},
{
"name": "CVE-2024-49883",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49883"
},
{
"name": "CVE-2024-49890",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49890"
},
{
"name": "CVE-2024-49891",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49891"
},
{
"name": "CVE-2024-49892",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49892"
},
{
"name": "CVE-2024-49894",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49894"
},
{
"name": "CVE-2024-49895",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49895"
},
{
"name": "CVE-2024-49896",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49896"
},
{
"name": "CVE-2024-49897",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49897"
},
{
"name": "CVE-2024-49898",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49898"
},
{
"name": "CVE-2024-49899",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49899"
},
{
"name": "CVE-2024-49900",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49900"
},
{
"name": "CVE-2024-49902",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49902"
},
{
"name": "CVE-2024-49903",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49903"
},
{
"name": "CVE-2024-49907",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49907"
},
{
"name": "CVE-2024-49909",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49909"
},
{
"name": "CVE-2024-49911",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49911"
},
{
"name": "CVE-2024-49913",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49913"
},
{
"name": "CVE-2024-49917",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49917"
},
{
"name": "CVE-2024-49929",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49929"
},
{
"name": "CVE-2024-49930",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49930"
},
{
"name": "CVE-2024-49933",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49933"
},
{
"name": "CVE-2024-49936",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49936"
},
{
"name": "CVE-2024-49938",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49938"
},
{
"name": "CVE-2024-49939",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49939"
},
{
"name": "CVE-2024-49949",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49949"
},
{
"name": "CVE-2024-49955",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49955"
},
{
"name": "CVE-2024-49957",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49957"
},
{
"name": "CVE-2024-49958",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49958"
},
{
"name": "CVE-2024-49959",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49959"
},
{
"name": "CVE-2024-49962",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49962"
},
{
"name": "CVE-2024-49963",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49963"
},
{
"name": "CVE-2024-49965",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49965"
},
{
"name": "CVE-2024-49966",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49966"
},
{
"name": "CVE-2024-49969",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49969"
},
{
"name": "CVE-2024-49973",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49973"
},
{
"name": "CVE-2024-49974",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49974"
},
{
"name": "CVE-2024-49975",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49975"
},
{
"name": "CVE-2024-49981",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49981"
},
{
"name": "CVE-2024-49982",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49982"
},
{
"name": "CVE-2024-49985",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49985"
},
{
"name": "CVE-2024-49995",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49995"
},
{
"name": "CVE-2024-49996",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49996"
},
{
"name": "CVE-2024-50001",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50001"
},
{
"name": "CVE-2024-50006",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50006"
},
{
"name": "CVE-2024-50007",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50007"
},
{
"name": "CVE-2024-50008",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50008"
},
{
"name": "CVE-2024-50013",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50013"
},
{
"name": "CVE-2024-50014",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50014"
},
{
"name": "CVE-2024-50015",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50015"
},
{
"name": "CVE-2024-50024",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50024"
},
{
"name": "CVE-2024-50033",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50033"
},
{
"name": "CVE-2024-50035",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50035"
},
{
"name": "CVE-2024-50040",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50040"
},
{
"name": "CVE-2024-50044",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50044"
},
{
"name": "CVE-2024-50045",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50045"
},
{
"name": "CVE-2024-50046",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50046"
},
{
"name": "CVE-2024-50047",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50047"
},
{
"name": "CVE-2024-50049",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50049"
},
{
"name": "CVE-2024-50055",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50055"
},
{
"name": "CVE-2024-50058",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50058"
},
{
"name": "CVE-2024-50059",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50059"
},
{
"name": "CVE-2024-50074",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50074"
},
{
"name": "CVE-2024-50036",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50036"
},
{
"name": "CVE-2024-50072",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50072"
},
{
"name": "CVE-2024-50218",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50218"
},
{
"name": "CVE-2024-50229",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50229"
},
{
"name": "CVE-2024-50230",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50230"
},
{
"name": "CVE-2024-50233",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50233"
},
{
"name": "CVE-2024-50234",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50234"
},
{
"name": "CVE-2024-50236",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50236"
},
{
"name": "CVE-2024-50237",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50237"
},
{
"name": "CVE-2024-50251",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50251"
},
{
"name": "CVE-2024-50262",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50262"
},
{
"name": "CVE-2024-50264",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50264"
},
{
"name": "CVE-2024-50265",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50265"
},
{
"name": "CVE-2024-50267",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50267"
},
{
"name": "CVE-2024-50268",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50268"
},
{
"name": "CVE-2024-50269",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50269"
},
{
"name": "CVE-2024-50273",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50273"
},
{
"name": "CVE-2024-50278",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50278"
},
{
"name": "CVE-2024-50279",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50279"
},
{
"name": "CVE-2024-50282",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50282"
},
{
"name": "CVE-2024-50287",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50287"
},
{
"name": "CVE-2024-50290",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50290"
},
{
"name": "CVE-2024-50292",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50292"
},
{
"name": "CVE-2024-50295",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50295"
},
{
"name": "CVE-2024-50296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50296"
},
{
"name": "CVE-2024-50299",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50299"
},
{
"name": "CVE-2024-50301",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50301"
},
{
"name": "CVE-2024-50302",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50302"
},
{
"name": "CVE-2024-53042",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53042"
},
{
"name": "CVE-2024-53052",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53052"
},
{
"name": "CVE-2024-53057",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53057"
},
{
"name": "CVE-2024-53059",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53059"
},
{
"name": "CVE-2024-53060",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53060"
},
{
"name": "CVE-2024-53061",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53061"
},
{
"name": "CVE-2024-53063",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53063"
},
{
"name": "CVE-2024-53066",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53066"
},
{
"name": "CVE-2024-49925",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49925"
},
{
"name": "CVE-2024-50208",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50208"
},
{
"name": "CVE-2024-50082",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50082"
},
{
"name": "CVE-2024-50099",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50099"
},
{
"name": "CVE-2024-50142",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50142"
},
{
"name": "CVE-2024-50192",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50192"
},
{
"name": "CVE-2024-53241",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53241"
},
{
"name": "CVE-2024-53240",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53240"
},
{
"name": "CVE-2024-47679",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47679"
},
{
"name": "CVE-2024-47701",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47701"
},
{
"name": "CVE-2024-47740",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47740"
},
{
"name": "CVE-2024-49868",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49868"
},
{
"name": "CVE-2024-49884",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49884"
},
{
"name": "CVE-2024-49889",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49889"
},
{
"name": "CVE-2024-49915",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49915"
},
{
"name": "CVE-2024-49944",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49944"
},
{
"name": "CVE-2024-49948",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49948"
},
{
"name": "CVE-2024-49952",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49952"
},
{
"name": "CVE-2024-49977",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49977"
},
{
"name": "CVE-2024-49983",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49983"
},
{
"name": "CVE-2024-50039",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50039"
},
{
"name": "CVE-2024-50095",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50095"
},
{
"name": "CVE-2024-50096",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50096"
},
{
"name": "CVE-2024-50179",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50179"
},
{
"name": "CVE-2024-50180",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50180"
},
{
"name": "CVE-2024-50181",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50181"
},
{
"name": "CVE-2024-50184",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50184"
},
{
"name": "CVE-2024-50188",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50188"
},
{
"name": "CVE-2024-27407",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27407"
},
{
"name": "CVE-2024-49934",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49934"
},
{
"name": "CVE-2024-50103",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50103"
},
{
"name": "CVE-2024-50115",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50115"
},
{
"name": "CVE-2024-50116",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50116"
},
{
"name": "CVE-2024-50117",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50117"
},
{
"name": "CVE-2024-50121",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50121"
},
{
"name": "CVE-2024-50127",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50127"
},
{
"name": "CVE-2024-50131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50131"
},
{
"name": "CVE-2024-50134",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50134"
},
{
"name": "CVE-2024-50146",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50146"
},
{
"name": "CVE-2024-50148",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50148"
},
{
"name": "CVE-2024-50150",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50150"
},
{
"name": "CVE-2024-50153",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50153"
},
{
"name": "CVE-2024-50167",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50167"
},
{
"name": "CVE-2024-50171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50171"
},
{
"name": "CVE-2024-50194",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50194"
},
{
"name": "CVE-2024-50195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50195"
},
{
"name": "CVE-2024-50198",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50198"
},
{
"name": "CVE-2024-50201",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50201"
},
{
"name": "CVE-2024-50205",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50205"
},
{
"name": "CVE-2024-50209",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50209"
},
{
"name": "CVE-2024-50210",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50210"
},
{
"name": "CVE-2024-50248",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50248"
},
{
"name": "CVE-2024-50275",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50275"
},
{
"name": "CVE-2024-53096",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53096"
},
{
"name": "CVE-2024-53101",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53101"
},
{
"name": "CVE-2024-53104",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53104"
},
{
"name": "CVE-2024-53112",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53112"
},
{
"name": "CVE-2024-53121",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53121"
},
{
"name": "CVE-2024-53138",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53138"
},
{
"name": "CVE-2024-53142",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53142"
},
{
"name": "CVE-2024-50010",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50010"
},
{
"name": "CVE-2024-50083",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50083"
},
{
"name": "CVE-2024-50151",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50151"
},
{
"name": "CVE-2024-50185",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50185"
},
{
"name": "CVE-2024-50193",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50193"
},
{
"name": "CVE-2024-50199",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50199"
},
{
"name": "CVE-2024-50202",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50202"
},
{
"name": "CVE-2024-53097",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53097"
},
{
"name": "CVE-2024-53103",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53103"
},
{
"name": "CVE-2024-53119",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53119"
},
{
"name": "CVE-2024-53127",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53127"
},
{
"name": "CVE-2024-53130",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53130"
},
{
"name": "CVE-2024-53131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53131"
},
{
"name": "CVE-2024-53135",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53135"
},
{
"name": "CVE-2024-53136",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53136"
},
{
"name": "CVE-2024-53140",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53140"
},
{
"name": "CVE-2024-53099",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53099"
},
{
"name": "CVE-2024-53105",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53105"
},
{
"name": "CVE-2024-53125",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53125"
},
{
"name": "CVE-2024-53141",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53141"
},
{
"name": "CVE-2024-53146",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53146"
},
{
"name": "CVE-2024-53148",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53148"
},
{
"name": "CVE-2024-53150",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53150"
},
{
"name": "CVE-2024-53151",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53151"
},
{
"name": "CVE-2024-53154",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53154"
},
{
"name": "CVE-2024-53155",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53155"
},
{
"name": "CVE-2024-53156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53156"
},
{
"name": "CVE-2024-53157",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53157"
},
{
"name": "CVE-2024-53158",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53158"
},
{
"name": "CVE-2024-53161",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53161"
},
{
"name": "CVE-2024-53171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53171"
},
{
"name": "CVE-2024-53173",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53173"
},
{
"name": "CVE-2024-53174",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53174"
},
{
"name": "CVE-2024-53180",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53180"
},
{
"name": "CVE-2024-53190",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53190"
},
{
"name": "CVE-2024-53206",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53206"
},
{
"name": "CVE-2024-53207",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53207"
},
{
"name": "CVE-2024-53208",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53208"
},
{
"name": "CVE-2024-53210",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53210"
},
{
"name": "CVE-2024-53213",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53213"
},
{
"name": "CVE-2024-53214",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53214"
},
{
"name": "CVE-2024-53215",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53215"
},
{
"name": "CVE-2024-53217",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53217"
},
{
"name": "CVE-2024-53229",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53229"
},
{
"name": "CVE-2024-53234",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53234"
},
{
"name": "CVE-2024-53237",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53237"
},
{
"name": "CVE-2024-56539",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56539"
},
{
"name": "CVE-2024-56551",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56551"
},
{
"name": "CVE-2024-56562",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56562"
},
{
"name": "CVE-2024-56567",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56567"
},
{
"name": "CVE-2024-56576",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56576"
},
{
"name": "CVE-2024-56582",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56582"
},
{
"name": "CVE-2024-56599",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56599"
},
{
"name": "CVE-2024-56604",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56604"
},
{
"name": "CVE-2024-56605",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56605"
},
{
"name": "CVE-2024-56645",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56645"
},
{
"name": "CVE-2024-56754",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56754"
},
{
"name": "CVE-2024-56755",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56755"
},
{
"name": "CVE-2024-56756",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56756"
},
{
"name": "CVE-2024-53239",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53239"
},
{
"name": "CVE-2024-56548",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56548"
},
{
"name": "CVE-2024-56570",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56570"
},
{
"name": "CVE-2024-56575",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56575"
},
{
"name": "CVE-2024-56598",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56598"
},
{
"name": "CVE-2024-56619",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56619"
},
{
"name": "CVE-2024-56631",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56631"
},
{
"name": "CVE-2024-56704",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56704"
},
{
"name": "CVE-2024-36476",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36476"
},
{
"name": "CVE-2024-39282",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39282"
},
{
"name": "CVE-2024-45828",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45828"
},
{
"name": "CVE-2024-46896",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46896"
},
{
"name": "CVE-2024-47143",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47143"
},
{
"name": "CVE-2024-48881",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48881"
},
{
"name": "CVE-2024-49951",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49951"
},
{
"name": "CVE-2024-50051",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50051"
},
{
"name": "CVE-2024-52332",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52332"
},
{
"name": "CVE-2024-53170",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53170"
},
{
"name": "CVE-2024-53172",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53172"
},
{
"name": "CVE-2024-53175",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53175"
},
{
"name": "CVE-2024-53194",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53194"
},
{
"name": "CVE-2024-53196",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53196"
},
{
"name": "CVE-2024-53197",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53197"
},
{
"name": "CVE-2024-53198",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53198"
},
{
"name": "CVE-2024-53227",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53227"
},
{
"name": "CVE-2024-53230",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53230"
},
{
"name": "CVE-2024-53231",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53231"
},
{
"name": "CVE-2024-53233",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53233"
},
{
"name": "CVE-2024-53685",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53685"
},
{
"name": "CVE-2024-53690",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53690"
},
{
"name": "CVE-2024-55881",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55881"
},
{
"name": "CVE-2024-55916",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55916"
},
{
"name": "CVE-2024-56369",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56369"
},
{
"name": "CVE-2024-56531",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56531"
},
{
"name": "CVE-2024-56532",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56532"
},
{
"name": "CVE-2024-56533",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56533"
},
{
"name": "CVE-2024-56546",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56546"
},
{
"name": "CVE-2024-56557",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56557"
},
{
"name": "CVE-2024-56558",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56558"
},
{
"name": "CVE-2024-56568",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56568"
},
{
"name": "CVE-2024-56569",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56569"
},
{
"name": "CVE-2024-56572",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56572"
},
{
"name": "CVE-2024-56574",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56574"
},
{
"name": "CVE-2024-53164",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53164"
},
{
"name": "CVE-2024-56578",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56578"
},
{
"name": "CVE-2024-56584",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56584"
},
{
"name": "CVE-2024-56587",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56587"
},
{
"name": "CVE-2024-56589",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56589"
},
{
"name": "CVE-2024-56590",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56590"
},
{
"name": "CVE-2024-56593",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56593"
},
{
"name": "CVE-2024-56594",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56594"
},
{
"name": "CVE-2024-56595",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56595"
},
{
"name": "CVE-2024-56596",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56596"
},
{
"name": "CVE-2024-56597",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56597"
},
{
"name": "CVE-2024-56602",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56602"
},
{
"name": "CVE-2024-56603",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56603"
},
{
"name": "CVE-2024-56606",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56606"
},
{
"name": "CVE-2024-56614",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56614"
},
{
"name": "CVE-2024-56615",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56615"
},
{
"name": "CVE-2024-56616",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56616"
},
{
"name": "CVE-2024-56622",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56622"
},
{
"name": "CVE-2024-56623",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56623"
},
{
"name": "CVE-2024-56625",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56625"
},
{
"name": "CVE-2024-56629",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56629"
},
{
"name": "CVE-2024-56630",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56630"
},
{
"name": "CVE-2024-56634",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56634"
},
{
"name": "CVE-2024-56636",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56636"
},
{
"name": "CVE-2024-56637",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56637"
},
{
"name": "CVE-2024-56642",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56642"
},
{
"name": "CVE-2024-56643",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56643"
},
{
"name": "CVE-2024-56644",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56644"
},
{
"name": "CVE-2024-56648",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56648"
},
{
"name": "CVE-2024-56651",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56651"
},
{
"name": "CVE-2024-56659",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56659"
},
{
"name": "CVE-2024-56660",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56660"
},
{
"name": "CVE-2024-56661",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56661"
},
{
"name": "CVE-2024-56662",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56662"
},
{
"name": "CVE-2024-56663",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56663"
},
{
"name": "CVE-2024-56664",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56664"
},
{
"name": "CVE-2024-56670",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56670"
},
{
"name": "CVE-2024-56672",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56672"
},
{
"name": "CVE-2024-56675",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56675"
},
{
"name": "CVE-2024-56677",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56677"
},
{
"name": "CVE-2024-56678",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56678"
},
{
"name": "CVE-2024-56681",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56681"
},
{
"name": "CVE-2024-56683",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56683"
},
{
"name": "CVE-2024-56687",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56687"
},
{
"name": "CVE-2024-56688",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56688"
},
{
"name": "CVE-2024-56690",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56690"
},
{
"name": "CVE-2024-56691",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56691"
},
{
"name": "CVE-2024-56694",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56694"
},
{
"name": "CVE-2024-56698",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56698"
},
{
"name": "CVE-2024-56700",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56700"
},
{
"name": "CVE-2024-56701",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56701"
},
{
"name": "CVE-2024-56705",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56705"
},
{
"name": "CVE-2024-56708",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56708"
},
{
"name": "CVE-2024-56709",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56709"
},
{
"name": "CVE-2024-56716",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56716"
},
{
"name": "CVE-2024-56722",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56722"
},
{
"name": "CVE-2024-56723",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56723"
},
{
"name": "CVE-2024-56724",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56724"
},
{
"name": "CVE-2024-56739",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56739"
},
{
"name": "CVE-2024-56741",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56741"
},
{
"name": "CVE-2024-56745",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56745"
},
{
"name": "CVE-2024-56746",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56746"
},
{
"name": "CVE-2024-56747",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56747"
},
{
"name": "CVE-2024-56748",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56748"
},
{
"name": "CVE-2024-56759",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56759"
},
{
"name": "CVE-2024-56765",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56765"
},
{
"name": "CVE-2024-56766",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56766"
},
{
"name": "CVE-2024-56767",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56767"
},
{
"name": "CVE-2024-56769",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56769"
},
{
"name": "CVE-2024-56774",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56774"
},
{
"name": "CVE-2024-56776",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56776"
},
{
"name": "CVE-2024-56777",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56777"
},
{
"name": "CVE-2024-56778",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56778"
},
{
"name": "CVE-2024-56779",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56779"
},
{
"name": "CVE-2024-56780",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56780"
},
{
"name": "CVE-2024-56787",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56787"
},
{
"name": "CVE-2024-57791",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57791"
},
{
"name": "CVE-2024-57792",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57792"
},
{
"name": "CVE-2024-57798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57798"
},
{
"name": "CVE-2024-57838",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57838"
},
{
"name": "CVE-2024-57849",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57849"
},
{
"name": "CVE-2024-57850",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57850"
},
{
"name": "CVE-2024-57874",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57874"
},
{
"name": "CVE-2024-57876",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57876"
},
{
"name": "CVE-2024-57887",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57887"
},
{
"name": "CVE-2024-57890",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57890"
},
{
"name": "CVE-2024-57892",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57892"
},
{
"name": "CVE-2024-57893",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57893"
},
{
"name": "CVE-2024-57896",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57896"
},
{
"name": "CVE-2024-57897",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57897"
},
{
"name": "CVE-2024-57903",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57903"
},
{
"name": "CVE-2024-57904",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57904"
},
{
"name": "CVE-2024-57906",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57906"
},
{
"name": "CVE-2024-57907",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57907"
},
{
"name": "CVE-2024-57908",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57908"
},
{
"name": "CVE-2024-57910",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57910"
},
{
"name": "CVE-2024-57911",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57911"
},
{
"name": "CVE-2024-57912",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57912"
},
{
"name": "CVE-2024-57913",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57913"
},
{
"name": "CVE-2024-57916",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57916"
},
{
"name": "CVE-2024-57922",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57922"
},
{
"name": "CVE-2024-57929",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57929"
},
{
"name": "CVE-2024-57940",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57940"
},
{
"name": "CVE-2025-21646",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21646"
},
{
"name": "CVE-2025-21662",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21662"
},
{
"name": "CVE-2024-50258",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50258"
},
{
"name": "CVE-2024-50304",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50304"
},
{
"name": "CVE-2024-56600",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56600"
},
{
"name": "CVE-2024-56601",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56601"
},
{
"name": "CVE-2024-56608",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56608"
},
{
"name": "CVE-2024-56610",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56610"
},
{
"name": "CVE-2024-56650",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56650"
},
{
"name": "CVE-2024-56658",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56658"
},
{
"name": "CVE-2024-56665",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56665"
},
{
"name": "CVE-2024-56679",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56679"
},
{
"name": "CVE-2024-56693",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56693"
},
{
"name": "CVE-2024-56707",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56707"
},
{
"name": "CVE-2024-56715",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56715"
},
{
"name": "CVE-2024-56725",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56725"
},
{
"name": "CVE-2024-56726",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56726"
},
{
"name": "CVE-2024-56727",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56727"
},
{
"name": "CVE-2024-56728",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56728"
},
{
"name": "CVE-2024-56763",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56763"
},
{
"name": "CVE-2024-57802",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57802"
},
{
"name": "CVE-2024-57882",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57882"
},
{
"name": "CVE-2024-57884",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57884"
},
{
"name": "CVE-2024-57917",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57917"
},
{
"name": "CVE-2024-57931",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57931"
},
{
"name": "CVE-2024-57938",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57938"
},
{
"name": "CVE-2024-57946",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57946"
},
{
"name": "CVE-2025-21653",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21653"
},
{
"name": "CVE-2025-21655",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21655"
},
{
"name": "CVE-2025-21664",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21664"
},
{
"name": "CVE-2025-21666",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21666"
},
{
"name": "CVE-2025-21669",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21669"
},
{
"name": "CVE-2025-21675",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21675"
},
{
"name": "CVE-2025-21678",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21678"
},
{
"name": "CVE-2024-49994",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49994"
},
{
"name": "CVE-2024-50164",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50164"
},
{
"name": "CVE-2024-53124",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53124"
},
{
"name": "CVE-2024-53128",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53128"
},
{
"name": "CVE-2024-56703",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56703"
},
{
"name": "CVE-2024-57925",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57925"
},
{
"name": "CVE-2024-57939",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57939"
},
{
"name": "CVE-2024-57948",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57948"
},
{
"name": "CVE-2025-21631",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21631"
},
{
"name": "CVE-2025-21636",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21636"
},
{
"name": "CVE-2025-21637",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21637"
},
{
"name": "CVE-2025-21638",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21638"
},
{
"name": "CVE-2025-21639",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21639"
},
{
"name": "CVE-2025-21640",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21640"
},
{
"name": "CVE-2025-21647",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21647"
},
{
"name": "CVE-2025-21648",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21648"
},
{
"name": "CVE-2025-21660",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21660"
},
{
"name": "CVE-2025-21665",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21665"
},
{
"name": "CVE-2025-21667",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21667"
},
{
"name": "CVE-2025-21668",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21668"
},
{
"name": "CVE-2025-21671",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21671"
},
{
"name": "CVE-2025-21680",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21680"
},
{
"name": "CVE-2025-21681",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21681"
},
{
"name": "CVE-2025-21683",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21683"
},
{
"name": "CVE-2024-56633",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56633"
},
{
"name": "CVE-2022-49034",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49034"
},
{
"name": "CVE-2024-53145",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53145"
},
{
"name": "CVE-2024-53165",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53165"
},
{
"name": "CVE-2024-53181",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53181"
},
{
"name": "CVE-2024-53183",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53183"
},
{
"name": "CVE-2024-53184",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53184"
},
{
"name": "CVE-2024-53220",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53220"
},
{
"name": "CVE-2024-53226",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53226"
},
{
"name": "CVE-2024-56720",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56720"
},
{
"name": "CVE-2024-56751",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56751"
},
{
"name": "CVE-2024-56579",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56579"
},
{
"name": "CVE-2024-57889",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57889"
},
{
"name": "CVE-2025-21687",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21687"
},
{
"name": "CVE-2025-21688",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21688"
},
{
"name": "CVE-2025-21689",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21689"
},
{
"name": "CVE-2025-21690",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21690"
},
{
"name": "CVE-2025-21692",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21692"
},
{
"name": "CVE-2025-21697",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21697"
},
{
"name": "CVE-2025-21699",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21699"
},
{
"name": "CVE-2023-52926",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52926"
},
{
"name": "CVE-2024-43098",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43098"
},
{
"name": "CVE-2024-47408",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47408"
},
{
"name": "CVE-2024-49571",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49571"
},
{
"name": "CVE-2024-53680",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53680"
},
{
"name": "CVE-2024-54031",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54031"
},
{
"name": "CVE-2024-56581",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56581"
},
{
"name": "CVE-2024-56585",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56585"
},
{
"name": "CVE-2024-56586",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56586"
},
{
"name": "CVE-2024-56626",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56626"
},
{
"name": "CVE-2024-56627",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56627"
},
{
"name": "CVE-2024-56628",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56628"
},
{
"name": "CVE-2024-56640",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56640"
},
{
"name": "CVE-2024-56717",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56717"
},
{
"name": "CVE-2024-56718",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56718"
},
{
"name": "CVE-2024-56770",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56770"
},
{
"name": "CVE-2024-56781",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56781"
},
{
"name": "CVE-2024-56783",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56783"
},
{
"name": "CVE-2024-56785",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56785"
},
{
"name": "CVE-2024-57807",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57807"
},
{
"name": "CVE-2024-57841",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57841"
},
{
"name": "CVE-2024-57894",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57894"
},
{
"name": "CVE-2024-57900",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57900"
},
{
"name": "CVE-2024-57901",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57901"
},
{
"name": "CVE-2024-57902",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57902"
},
{
"name": "CVE-2024-57930",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57930"
},
{
"name": "CVE-2024-57949",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57949"
},
{
"name": "CVE-2024-57951",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57951"
},
{
"name": "CVE-2025-21629",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21629"
},
{
"name": "CVE-2025-21694",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21694"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0184",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-03-07T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de Debian LTS. Elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un d\u00e9ni de service.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de Debian LTS",
"vendor_advisories": [
{
"published_at": "2025-03-01",
"title": "Bulletin de s\u00e9curit\u00e9 Debian LTS DLA-4075-1",
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
},
{
"published_at": "2025-03-01",
"title": "Bulletin de s\u00e9curit\u00e9 Debian LTS DLA-4076-1",
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
}
]
}
CERTFR-2025-AVI-0212
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SUSE | N/A | SUSE Manager Proxy 4.3 | ||
| SUSE | N/A | SUSE Linux Enterprise High Availability Extension 15 SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Live Patching 15-SP5 | ||
| SUSE | N/A | Public Cloud Module 15-SP6 | ||
| SUSE | N/A | Development Tools Module 15-SP6 | ||
| SUSE | N/A | SUSE Linux Enterprise Server 15 SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 | ||
| SUSE | N/A | SUSE Manager Server 4.3 | ||
| SUSE | N/A | SUSE Linux Enterprise High Performance Computing 15 SP4 | ||
| SUSE | N/A | SUSE Linux Enterprise Server 12 SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Live Patching 15-SP6 | ||
| SUSE | N/A | SUSE Linux Enterprise Live Patching 15-SP3 | ||
| SUSE | N/A | SUSE Linux Enterprise Micro 5.2 | ||
| SUSE | N/A | SUSE Enterprise Storage 7.1 | ||
| SUSE | N/A | SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 | ||
| SUSE | N/A | SUSE Linux Enterprise High Availability Extension 15 SP4 | ||
| SUSE | N/A | SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Real Time 15 SP6 | ||
| SUSE | N/A | SUSE Linux Enterprise Server for SAP Applications 15 SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security | ||
| SUSE | N/A | Basesystem Module 15-SP6 | ||
| SUSE | N/A | SUSE Linux Enterprise Micro 5.1 | ||
| SUSE | N/A | SUSE Linux Enterprise High Availability Extension 12 SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Server 15 SP4 | ||
| SUSE | N/A | SUSE Linux Enterprise High Performance Computing 12 SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Real Time 15 SP5 | ||
| SUSE | N/A | SUSE Manager Server 4.2 | ||
| SUSE | N/A | SUSE Linux Enterprise Server for SAP Applications 15 SP3 | ||
| SUSE | N/A | openSUSE Leap 15.3 | ||
| SUSE | N/A | SUSE Linux Enterprise Micro for Rancher 5.3 | ||
| SUSE | N/A | SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 | ||
| SUSE | N/A | SUSE Linux Enterprise Real Time 15 SP4 | ||
| SUSE | N/A | SUSE Linux Enterprise Live Patching 12-SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise High Availability Extension 15 SP6 | ||
| SUSE | N/A | SUSE Linux Enterprise Server 15 SP3 | ||
| SUSE | N/A | SUSE Linux Enterprise Server 15 SP3 Business Critical Linux | ||
| SUSE | N/A | SUSE Linux Enterprise High Performance Computing 15 SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Server 12 SP5 LTSS | ||
| SUSE | N/A | SUSE Manager Proxy 4.2 | ||
| SUSE | N/A | SUSE Linux Enterprise Workstation Extension 15 SP6 | ||
| SUSE | N/A | SUSE Manager Retail Branch Server 4.2 | ||
| SUSE | N/A | SUSE Linux Enterprise Live Patching 15-SP4 | ||
| SUSE | N/A | SUSE Linux Enterprise Server 15 SP6 | ||
| SUSE | N/A | SUSE Linux Enterprise High Performance Computing 15 SP3 | ||
| SUSE | N/A | SUSE Linux Enterprise Desktop 15 SP6 | ||
| SUSE | N/A | SUSE Linux Enterprise Server for SAP Applications 15 SP6 | ||
| SUSE | N/A | SUSE Manager Retail Branch Server 4.3 | ||
| SUSE | N/A | SUSE Linux Enterprise Server 15 SP4 LTSS | ||
| SUSE | N/A | openSUSE Leap 15.5 | ||
| SUSE | N/A | SUSE Linux Enterprise Micro for Rancher 5.4 | ||
| SUSE | N/A | Legacy Module 15-SP6 | ||
| SUSE | N/A | SUSE Linux Enterprise Server 15 SP3 LTSS | ||
| SUSE | N/A | SUSE Linux Enterprise Micro 5.5 | ||
| SUSE | N/A | SUSE Linux Enterprise Server 15 SP5 LTSS | ||
| SUSE | N/A | SUSE Linux Enterprise High Availability Extension 15 SP3 | ||
| SUSE | N/A | SUSE Linux Enterprise Micro for Rancher 5.2 | ||
| SUSE | N/A | SUSE Linux Enterprise Micro 5.4 | ||
| SUSE | N/A | SUSE Linux Enterprise Micro 5.3 | ||
| SUSE | N/A | SUSE Linux Enterprise Server for SAP Applications 12 SP5 | ||
| SUSE | N/A | openSUSE Leap 15.6 | ||
| SUSE | N/A | SUSE Linux Enterprise Server for SAP Applications 15 SP4 | ||
| SUSE | N/A | openSUSE Leap 15.4 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SUSE Manager Proxy 4.3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Availability Extension 15 SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 15-SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "Public Cloud Module 15-SP6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "Development Tools Module 15-SP6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15 SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Server 4.3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 15 SP4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 12 SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 15-SP6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 15-SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro 5.2",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Enterprise Storage 7.1",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing LTSS 15 SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Availability Extension 15 SP4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Real Time 15 SP6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing LTSS 15 SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "Basesystem Module 15-SP6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro 5.1",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Availability Extension 12 SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15 SP4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 12 SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Real Time 15 SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Server 4.2",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "openSUSE Leap 15.3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro for Rancher 5.3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing LTSS 15 SP4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Real Time 15 SP4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 12-SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Availability Extension 15 SP6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15 SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15 SP3 Business Critical Linux",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 15 SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 12 SP5 LTSS",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Proxy 4.2",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Workstation Extension 15 SP6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Retail Branch Server 4.2",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 15-SP4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15 SP6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 15 SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Desktop 15 SP6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Retail Branch Server 4.3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15 SP4 LTSS",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "openSUSE Leap 15.5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro for Rancher 5.4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "Legacy Module 15-SP6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15 SP3 LTSS",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro 5.5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15 SP5 LTSS",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Availability Extension 15 SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro for Rancher 5.2",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro 5.4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro 5.3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "openSUSE Leap 15.6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "openSUSE Leap 15.4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2021-22543",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22543"
},
{
"name": "CVE-2021-37159",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37159"
},
{
"name": "CVE-2022-2991",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2991"
},
{
"name": "CVE-2023-0394",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0394"
},
{
"name": "CVE-2022-36280",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36280"
},
{
"name": "CVE-2023-1382",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1382"
},
{
"name": "CVE-2023-33951",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33951"
},
{
"name": "CVE-2023-33952",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33952"
},
{
"name": "CVE-2023-1192",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1192"
},
{
"name": "CVE-2023-4244",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4244"
},
{
"name": "CVE-2023-6606",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6606"
},
{
"name": "CVE-2024-24860",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24860"
},
{
"name": "CVE-2024-23307",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23307"
},
{
"name": "CVE-2024-26810",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26810"
},
{
"name": "CVE-2023-52572",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52572"
},
{
"name": "CVE-2021-47202",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47202"
},
{
"name": "CVE-2024-26931",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26931"
},
{
"name": "CVE-2024-27388",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27388"
},
{
"name": "CVE-2024-26924",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26924"
},
{
"name": "CVE-2024-27054",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27054"
},
{
"name": "CVE-2022-48650",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48650"
},
{
"name": "CVE-2023-52646",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52646"
},
{
"name": "CVE-2024-26929",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26929"
},
{
"name": "CVE-2023-52653",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52653"
},
{
"name": "CVE-2022-48636",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48636"
},
{
"name": "CVE-2024-26930",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26930"
},
{
"name": "CVE-2023-52853",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52853"
},
{
"name": "CVE-2024-26758",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26758"
},
{
"name": "CVE-2024-26943",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26943"
},
{
"name": "CVE-2024-36898",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36898"
},
{
"name": "CVE-2024-38599",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38599"
},
{
"name": "CVE-2024-27397",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27397"
},
{
"name": "CVE-2024-26886",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26886"
},
{
"name": "CVE-2024-36915",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36915"
},
{
"name": "CVE-2024-26708",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26708"
},
{
"name": "CVE-2024-40980",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40980"
},
{
"name": "CVE-2024-35949",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35949"
},
{
"name": "CVE-2024-41055",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41055"
},
{
"name": "CVE-2024-42232",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42232"
},
{
"name": "CVE-2024-41047",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41047"
},
{
"name": "CVE-2024-44974",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44974"
},
{
"name": "CVE-2024-45009",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45009"
},
{
"name": "CVE-2024-45010",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45010"
},
{
"name": "CVE-2024-45019",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45019"
},
{
"name": "CVE-2024-46858",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46858"
},
{
"name": "CVE-2022-48664",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48664"
},
{
"name": "CVE-2022-48953",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48953"
},
{
"name": "CVE-2022-48975",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48975"
},
{
"name": "CVE-2022-49006",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49006"
},
{
"name": "CVE-2024-44934",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44934"
},
{
"name": "CVE-2024-49867",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49867"
},
{
"name": "CVE-2024-49950",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49950"
},
{
"name": "CVE-2024-49963",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49963"
},
{
"name": "CVE-2024-49975",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49975"
},
{
"name": "CVE-2024-50073",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50073"
},
{
"name": "CVE-2024-50036",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50036"
},
{
"name": "CVE-2024-50067",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50067"
},
{
"name": "CVE-2024-50251",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50251"
},
{
"name": "CVE-2024-50256",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50256"
},
{
"name": "CVE-2024-50262",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50262"
},
{
"name": "CVE-2024-50278",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50278"
},
{
"name": "CVE-2024-50279",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50279"
},
{
"name": "CVE-2024-50280",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50280"
},
{
"name": "CVE-2024-50296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50296"
},
{
"name": "CVE-2024-50299",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50299"
},
{
"name": "CVE-2024-53055",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53055"
},
{
"name": "CVE-2024-53072",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53072"
},
{
"name": "CVE-2024-50142",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50142"
},
{
"name": "CVE-2024-53241",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53241"
},
{
"name": "CVE-2024-53240",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53240"
},
{
"name": "CVE-2024-47666",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47666"
},
{
"name": "CVE-2024-47701",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47701"
},
{
"name": "CVE-2024-49884",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49884"
},
{
"name": "CVE-2024-49944",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49944"
},
{
"name": "CVE-2024-49952",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49952"
},
{
"name": "CVE-2024-50181",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50181"
},
{
"name": "CVE-2023-52920",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52920"
},
{
"name": "CVE-2024-50115",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50115"
},
{
"name": "CVE-2024-50128",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50128"
},
{
"name": "CVE-2024-50136",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50136"
},
{
"name": "CVE-2024-50154",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50154"
},
{
"name": "CVE-2024-50166",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50166"
},
{
"name": "CVE-2024-50195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50195"
},
{
"name": "CVE-2024-50210",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50210"
},
{
"name": "CVE-2024-50275",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50275"
},
{
"name": "CVE-2024-53051",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53051"
},
{
"name": "CVE-2024-53056",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53056"
},
{
"name": "CVE-2024-53095",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53095"
},
{
"name": "CVE-2024-53101",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53101"
},
{
"name": "CVE-2024-53104",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53104"
},
{
"name": "CVE-2024-53112",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53112"
},
{
"name": "CVE-2024-53114",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53114"
},
{
"name": "CVE-2024-53121",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53121"
},
{
"name": "CVE-2024-53138",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53138"
},
{
"name": "CVE-2024-53142",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53142"
},
{
"name": "CVE-2024-47678",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47678"
},
{
"name": "CVE-2024-50085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50085"
},
{
"name": "CVE-2024-50143",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50143"
},
{
"name": "CVE-2024-50151",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50151"
},
{
"name": "CVE-2024-50185",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50185"
},
{
"name": "CVE-2024-50199",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50199"
},
{
"name": "CVE-2024-50202",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50202"
},
{
"name": "CVE-2024-53103",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53103"
},
{
"name": "CVE-2024-53113",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53113"
},
{
"name": "CVE-2024-53119",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53119"
},
{
"name": "CVE-2024-53120",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53120"
},
{
"name": "CVE-2024-53122",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53122"
},
{
"name": "CVE-2024-53123",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53123"
},
{
"name": "CVE-2024-53127",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53127"
},
{
"name": "CVE-2024-53129",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53129"
},
{
"name": "CVE-2024-53130",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53130"
},
{
"name": "CVE-2024-53131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53131"
},
{
"name": "CVE-2024-53135",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53135"
},
{
"name": "CVE-2024-53144",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53144"
},
{
"name": "CVE-2024-8805",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8805"
},
{
"name": "CVE-2024-50018",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50018"
},
{
"name": "CVE-2024-50211",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50211"
},
{
"name": "CVE-2024-53064",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53064"
},
{
"name": "CVE-2024-53090",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53090"
},
{
"name": "CVE-2024-53125",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53125"
},
{
"name": "CVE-2024-53141",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53141"
},
{
"name": "CVE-2024-53146",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53146"
},
{
"name": "CVE-2024-53148",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53148"
},
{
"name": "CVE-2024-53150",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53150"
},
{
"name": "CVE-2024-53151",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53151"
},
{
"name": "CVE-2024-53156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53156"
},
{
"name": "CVE-2024-53157",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53157"
},
{
"name": "CVE-2024-53158",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53158"
},
{
"name": "CVE-2024-53161",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53161"
},
{
"name": "CVE-2024-53162",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53162"
},
{
"name": "CVE-2024-53166",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53166"
},
{
"name": "CVE-2024-53169",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53169"
},
{
"name": "CVE-2024-53171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53171"
},
{
"name": "CVE-2024-53173",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53173"
},
{
"name": "CVE-2024-53174",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53174"
},
{
"name": "CVE-2024-53179",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53179"
},
{
"name": "CVE-2024-53206",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53206"
},
{
"name": "CVE-2024-53208",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53208"
},
{
"name": "CVE-2024-53209",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53209"
},
{
"name": "CVE-2024-53210",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53210"
},
{
"name": "CVE-2024-53213",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53213"
},
{
"name": "CVE-2024-53214",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53214"
},
{
"name": "CVE-2024-53215",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53215"
},
{
"name": "CVE-2024-53217",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53217"
},
{
"name": "CVE-2024-53224",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53224"
},
{
"name": "CVE-2024-53229",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53229"
},
{
"name": "CVE-2024-56539",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56539"
},
{
"name": "CVE-2024-56549",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56549"
},
{
"name": "CVE-2024-56562",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56562"
},
{
"name": "CVE-2024-56567",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56567"
},
{
"name": "CVE-2024-56604",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56604"
},
{
"name": "CVE-2024-56605",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56605"
},
{
"name": "CVE-2024-56645",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56645"
},
{
"name": "CVE-2024-56754",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56754"
},
{
"name": "CVE-2024-56755",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56755"
},
{
"name": "CVE-2024-56756",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56756"
},
{
"name": "CVE-2022-48742",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48742"
},
{
"name": "CVE-2022-49033",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49033"
},
{
"name": "CVE-2022-49035",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49035"
},
{
"name": "CVE-2024-53239",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53239"
},
{
"name": "CVE-2024-56548",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56548"
},
{
"name": "CVE-2024-56570",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56570"
},
{
"name": "CVE-2024-56571",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56571"
},
{
"name": "CVE-2024-56575",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56575"
},
{
"name": "CVE-2024-56598",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56598"
},
{
"name": "CVE-2024-56619",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56619"
},
{
"name": "CVE-2024-56631",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56631"
},
{
"name": "CVE-2024-56704",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56704"
},
{
"name": "CVE-2024-50051",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50051"
},
{
"name": "CVE-2024-53227",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53227"
},
{
"name": "CVE-2024-53690",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53690"
},
{
"name": "CVE-2024-54680",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54680"
},
{
"name": "CVE-2024-55916",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55916"
},
{
"name": "CVE-2024-56531",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56531"
},
{
"name": "CVE-2024-56532",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56532"
},
{
"name": "CVE-2024-56533",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56533"
},
{
"name": "CVE-2024-56557",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56557"
},
{
"name": "CVE-2024-56558",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56558"
},
{
"name": "CVE-2024-56568",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56568"
},
{
"name": "CVE-2024-56588",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56588"
},
{
"name": "CVE-2024-56595",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56595"
},
{
"name": "CVE-2024-56596",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56596"
},
{
"name": "CVE-2024-56597",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56597"
},
{
"name": "CVE-2024-56602",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56602"
},
{
"name": "CVE-2024-56623",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56623"
},
{
"name": "CVE-2024-56629",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56629"
},
{
"name": "CVE-2024-56642",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56642"
},
{
"name": "CVE-2024-56644",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56644"
},
{
"name": "CVE-2024-56648",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56648"
},
{
"name": "CVE-2024-56661",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56661"
},
{
"name": "CVE-2024-56664",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56664"
},
{
"name": "CVE-2024-56678",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56678"
},
{
"name": "CVE-2024-56681",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56681"
},
{
"name": "CVE-2024-56688",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56688"
},
{
"name": "CVE-2024-56698",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56698"
},
{
"name": "CVE-2024-56701",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56701"
},
{
"name": "CVE-2024-56722",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56722"
},
{
"name": "CVE-2024-56739",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56739"
},
{
"name": "CVE-2024-56745",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56745"
},
{
"name": "CVE-2024-56747",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56747"
},
{
"name": "CVE-2024-56759",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56759"
},
{
"name": "CVE-2024-56765",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56765"
},
{
"name": "CVE-2024-56776",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56776"
},
{
"name": "CVE-2024-56777",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56777"
},
{
"name": "CVE-2024-56778",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56778"
},
{
"name": "CVE-2024-57791",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57791"
},
{
"name": "CVE-2024-57792",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57792"
},
{
"name": "CVE-2024-57793",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57793"
},
{
"name": "CVE-2024-57798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57798"
},
{
"name": "CVE-2024-57849",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57849"
},
{
"name": "CVE-2024-57850",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57850"
},
{
"name": "CVE-2024-57876",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57876"
},
{
"name": "CVE-2024-57893",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57893"
},
{
"name": "CVE-2024-57896",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57896"
},
{
"name": "CVE-2024-57897",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57897"
},
{
"name": "CVE-2024-50304",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50304"
},
{
"name": "CVE-2024-56592",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56592"
},
{
"name": "CVE-2024-56600",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56600"
},
{
"name": "CVE-2024-56601",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56601"
},
{
"name": "CVE-2024-56650",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56650"
},
{
"name": "CVE-2024-56658",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56658"
},
{
"name": "CVE-2024-57882",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57882"
},
{
"name": "CVE-2025-21666",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21666"
},
{
"name": "CVE-2025-21669",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21669"
},
{
"name": "CVE-2025-21670",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21670"
},
{
"name": "CVE-2025-21675",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21675"
},
{
"name": "CVE-2024-57948",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57948"
},
{
"name": "CVE-2025-21636",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21636"
},
{
"name": "CVE-2025-21637",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21637"
},
{
"name": "CVE-2025-21638",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21638"
},
{
"name": "CVE-2025-21639",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21639"
},
{
"name": "CVE-2025-21640",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21640"
},
{
"name": "CVE-2025-21647",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21647"
},
{
"name": "CVE-2025-21665",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21665"
},
{
"name": "CVE-2025-21667",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21667"
},
{
"name": "CVE-2025-21668",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21668"
},
{
"name": "CVE-2025-21680",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21680"
},
{
"name": "CVE-2025-21681",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21681"
},
{
"name": "CVE-2024-53177",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53177"
},
{
"name": "CVE-2024-56633",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56633"
},
{
"name": "CVE-2025-21673",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21673"
},
{
"name": "CVE-2024-50029",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50029"
},
{
"name": "CVE-2024-50294",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50294"
},
{
"name": "CVE-2024-53147",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53147"
},
{
"name": "CVE-2024-53176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53176"
},
{
"name": "CVE-2024-53178",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53178"
},
{
"name": "CVE-2024-53226",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53226"
},
{
"name": "CVE-2024-56720",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56720"
},
{
"name": "CVE-2023-52924",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52924"
},
{
"name": "CVE-2023-52925",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52925"
},
{
"name": "CVE-2024-56579",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56579"
},
{
"name": "CVE-2024-56647",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56647"
},
{
"name": "CVE-2024-57889",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57889"
},
{
"name": "CVE-2025-21684",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21684"
},
{
"name": "CVE-2025-21687",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21687"
},
{
"name": "CVE-2025-21688",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21688"
},
{
"name": "CVE-2025-21689",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21689"
},
{
"name": "CVE-2025-21690",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21690"
},
{
"name": "CVE-2025-21692",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21692"
},
{
"name": "CVE-2025-21697",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21697"
},
{
"name": "CVE-2025-21699",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21699"
},
{
"name": "CVE-2025-21700",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21700"
},
{
"name": "CVE-2021-47633",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47633"
},
{
"name": "CVE-2021-47634",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47634"
},
{
"name": "CVE-2021-47644",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47644"
},
{
"name": "CVE-2022-49076",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49076"
},
{
"name": "CVE-2022-49080",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49080"
},
{
"name": "CVE-2022-49089",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49089"
},
{
"name": "CVE-2022-49124",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49124"
},
{
"name": "CVE-2022-49134",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49134"
},
{
"name": "CVE-2022-49135",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49135"
},
{
"name": "CVE-2022-49151",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49151"
},
{
"name": "CVE-2022-49178",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49178"
},
{
"name": "CVE-2022-49182",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49182"
},
{
"name": "CVE-2022-49201",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49201"
},
{
"name": "CVE-2022-49247",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49247"
},
{
"name": "CVE-2022-49490",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49490"
},
{
"name": "CVE-2022-49626",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49626"
},
{
"name": "CVE-2022-49661",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49661"
},
{
"name": "CVE-2024-57979",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57979"
},
{
"name": "CVE-2024-57994",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57994"
},
{
"name": "CVE-2025-21705",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21705"
},
{
"name": "CVE-2025-21715",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21715"
},
{
"name": "CVE-2025-21716",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21716"
},
{
"name": "CVE-2025-21719",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21719"
},
{
"name": "CVE-2025-21724",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21724"
},
{
"name": "CVE-2025-21725",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21725"
},
{
"name": "CVE-2025-21728",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21728"
},
{
"name": "CVE-2025-21733",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21733"
},
{
"name": "CVE-2025-21753",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21753"
},
{
"name": "CVE-2025-21754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21754"
},
{
"name": "CVE-2025-21767",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21767"
},
{
"name": "CVE-2025-21790",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21790"
},
{
"name": "CVE-2025-21795",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21795"
},
{
"name": "CVE-2025-21799",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21799"
},
{
"name": "CVE-2025-21802",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21802"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0212",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-03-14T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de SUSE. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de SUSE",
"vendor_advisories": [
{
"published_at": "2025-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2025:0833-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250833-1"
},
{
"published_at": "2025-03-12",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2025:0847-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250847-1"
},
{
"published_at": "2025-03-13",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2025:0855-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250855-1"
},
{
"published_at": "2025-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2025:0833-2",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250833-2"
},
{
"published_at": "2025-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2025:0577-2",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250577-2"
},
{
"published_at": "2025-03-13",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2025:0856-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250856-1"
},
{
"published_at": "2025-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2025:0834-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250834-1"
},
{
"published_at": "2025-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2025:0835-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250835-1"
},
{
"published_at": "2025-03-13",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2025:0853-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250853-1"
},
{
"published_at": "2025-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2025:0201-2",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250201-2"
}
]
}
SUSE-SU-2025:20192-1
Vulnerability from csaf_suse - Published: 2025-04-17 14:37 - Updated: 2025-04-17 14:37Summary
Security update for the Linux Kernel
Notes
Title of the patch
Security update for the Linux Kernel
Description of the patch
The SUSE Linux Enterprise Micro 6.0 and 6.1 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2023-52927: netfilter: allow exp not to be removed in nf_ct_find_expectation (bsc#1239644).
- CVE-2024-26708: mptcp: fix inconsistent state on fastopen race (bsc#1222672).
- CVE-2024-27415: netfilter: br_netfilter: skip conntrack input hook for promisc packets (bsc#1224757).
- CVE-2024-35910: kABI fix for tcp: properly terminate timers for kernel sockets (bsc#1224489).
- CVE-2024-40980: drop_monitor: replace spin_lock by raw_spin_lock (bsc#1227937).
- CVE-2024-41005: netpoll: Fix race condition in netpoll_owner_active (bsc#1227858).
- CVE-2024-44974: mptcp: pm: avoid possible UaF when selecting endp (bsc#1230235).
- CVE-2024-45009: mptcp: pm: only decrement add_addr_accepted for MPJ req (bsc#1230438).
- CVE-2024-45010: mptcp: pm: only mark 'subflow' endp as available (bsc#1230439).
- CVE-2024-46782: ila: call nf_unregister_net_hooks() sooner (bsc#1230769).
- CVE-2024-46858: mptcp: pm: Fix uaf in __timer_delete_sync (bsc#1231088).
- CVE-2024-47408: net/smc: check smcd_v2_ext_offset when receiving proposal msg (bsc#1235711).
- CVE-2024-47794: kABI: bpf: Prevent tailcall infinite loop caused by freplace kABI workaround (bsc#1235712).
- CVE-2024-49571: net/smc: check iparea_offset and ipv6_prefixes_cnt when receiving proposal msg (bsc#1235733).
- CVE-2024-49940: l2tp: prevent possible tunnel refcount underflow (bsc#1232812).
- CVE-2024-50029: Bluetooth: hci_conn: Fix UAF in hci_enhanced_setup_sync (bsc#1231949).
- CVE-2024-50036: net: do not delay dst_entries_add() in dst_release() (bsc#1231912).
- CVE-2024-50038: netfilter: xtables: fix typo causing some targets not to load on IPv6 (bsc#1231910).
- CVE-2024-50056: usb: gadget: uvc: Fix ERR_PTR dereference in uvc_v4l2.c (bsc#1232389).
- CVE-2024-50085: mptcp: pm: fix UaF read in mptcp_pm_nl_rm_addr_or_subflow (bsc#1232508).
- CVE-2024-50140: net: sched: use RCU read-side critical section in taprio_dump() (bsc#1233060).
- CVE-2024-50142: xfrm: validate new SA's prefixlen using SA family when sel.family is unset (bsc#1233028).
- CVE-2024-50185: kABI fix for mptcp: handle consistently DSS corruption (bsc#1233109).
- CVE-2024-50251: netfilter: nft_payload: sanitize offset and length before calling skb_checksum() (bsc#1233248).
- CVE-2024-50258: net: fix crash when config small gso_max_size/gso_ipv4_max_size (bsc#1233221).
- CVE-2024-50294: rxrpc: Fix missing locking causing hanging calls (bsc#1233483).
- CVE-2024-50304: ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_find() (bsc#1233522).
- CVE-2024-53057: net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT (bsc#1233551).
- CVE-2024-53123: mptcp: error out earlier on disconnect (bsc#1234070).
- CVE-2024-53124: net: fix data-races around sk->sk_forward_alloc (bsc#1234074).
- CVE-2024-53139: sctp: fix possible UAF in sctp_v6_available() (bsc#1234157).
- CVE-2024-53140: netlink: terminate outstanding dump on socket close (bsc#1234222).
- CVE-2024-53147: exfat: fix out-of-bounds access of directory entries (bsc#1234857).
- CVE-2024-53176: smb: During unmount, ensure all cached dir instances drop their dentry (bsc#1234894).
- CVE-2024-53177: smb: prevent use-after-free due to open_cached_dir error paths (bsc#1234896).
- CVE-2024-53178: smb: Do not leak cfid when reconnect races with open_cached_dir (bsc#1234895).
- CVE-2024-53680: ipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init() (bsc#1235715).
- CVE-2024-54683: netfilter: IDLETIMER: Fix for possible ABBA deadlock (bsc#1235729).
- CVE-2024-56592: bpf: Call free_htab_elem() after htab_unlock_bucket() (bsc#1235244).
- CVE-2024-56633: selftests/bpf: Add apply_bytes test to test_txmsg_redir_wait_sndmem in test_sockmap (bsc#1235485).
- CVE-2024-56638: kABI fix for "netfilter: nft_inner: incorrect percpu area handling under softirq" (bsc#1235524).
- CVE-2024-56640: net/smc: fix LGR and link use-after-free issue (bsc#1235436).
- CVE-2024-56647: net: Fix icmp host relookup triggering ip_rt_bug (bsc#1235435).
- CVE-2024-56658: net: defer final 'struct net' free in netns dismantle (bsc#1235441).
- CVE-2024-56702: bpf: Add tracepoints with null-able arguments (bsc#1235501).
- CVE-2024-56703: ipv6: Fix soft lockups in fib6_select_path under high next hop churn (bsc#1235455).
- CVE-2024-56718: net/smc: protect link down work from execute after lgr freed (bsc#1235589).
- CVE-2024-56719: net: stmmac: fix TSO DMA API usage causing oops (bsc#1235591).
- CVE-2024-56720: bpf, sockmap: Several fixes to bpf_msg_pop_data (bsc#1235592).
- CVE-2024-56751: ipv6: release nexthop on device removal (bsc#1234936).
- CVE-2024-56758: btrfs: check folio mapping after unlock in relocate_one_folio() (bsc#1235621).
- CVE-2024-56770: net/sched: netem: account for backlog updates from child qdisc (bsc#1235637).
- CVE-2024-57882: mptcp: fix TCP options overflow. (bsc#1235914).
- CVE-2024-57900: ila: serialize calls to nf_register_net_hooks() (bsc#1235973).
- CVE-2024-57947: netfilter: nf_set_pipapo: fix initial map fill (bsc#1236333).
- CVE-2024-57974: udp: Deal with race between UDP socket address change and rehash (bsc#1238532).
- CVE-2024-57979: kABI workaround for pps changes (bsc#1238521).
- CVE-2024-57994: ptr_ring: do not block hard interrupts in ptr_ring_resize_multiple() (bsc#1237901).
- CVE-2024-57996: net_sched: sch_sfq: do not allow 1 packet limit (bsc#1239076).
- CVE-2024-58012: ASoC: SOF: Intel: hda-dai: Ensure DAI widget is valid during params (bsc#1239104).
- CVE-2024-58018: nvkm: correctly calculate the available space of the GSP cmdq buffer (bsc#1238990).
- CVE-2024-58019: nvkm/gsp: correctly advance the read pointer of GSP message queue (bsc#1238997).
- CVE-2024-58071: team: prevent adding a device which is already a team device lower (bsc#1238970).
- CVE-2024-58083: KVM: Explicitly verify target vCPU is online in kvm_get_vcpu() (bsc#1239036).
- CVE-2025-21635: rds: sysctl: rds_tcp_{rcv,snd}buf: avoid using current->nsproxy (bsc#1236111).
- CVE-2025-21636: sctp: sysctl: plpmtud_probe_interval: avoid using current->nsproxy (bsc#1236113).
- CVE-2025-21637: sctp: sysctl: udp_port: avoid using current->nsproxy (bsc#1236114).
- CVE-2025-21638: sctp: sysctl: auth_enable: avoid using current->nsproxy (bsc#1236115).
- CVE-2025-21639: sctp: sysctl: rto_min/max: avoid using current->nsproxy (bsc#1236122).
- CVE-2025-21640: sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy (bsc#1236123).
- CVE-2025-21647: sched: sch_cake: add bounds checks to host bulk flow fairness counts (bsc#1236133).
- CVE-2025-21659: netdev: prevent accessing NAPI instances from another namespace (bsc#1236206).
- CVE-2025-21665: filemap: avoid truncating 64-bit offset to 32 bits (bsc#1236684).
- CVE-2025-21666: vsock: prevent null-ptr-deref in vsock_*[has_data|has_space] (bsc#1236680).
- CVE-2025-21667: iomap: avoid avoid truncating 64-bit offset to 32 bits (bsc#1236681).
- CVE-2025-21668: pmdomain: imx8mp-blk-ctrl: add missing loop break condition (bsc#1236682).
- CVE-2025-21669: vsock/virtio: discard packets if the transport changes (bsc#1236683).
- CVE-2025-21670: vsock/bpf: return early if transport is not assigned (bsc#1236685).
- CVE-2025-21673: smb: client: fix double free of TCP_Server_Info::hostname (bsc#1236689).
- CVE-2025-21675: net/mlx5: Clear port select structure when fail to create (bsc#1236694).
- CVE-2025-21678: gtp: Destroy device along with udp socket's netns dismantle (bsc#1236698).
- CVE-2025-21680: pktgen: Avoid out-of-bounds access in get_imix_entries (bsc#1236700).
- CVE-2025-21681: openvswitch: fix lockup on tx to unregistering netdev with carrier (bsc#1236702).
- CVE-2025-21687: vfio/platform: check the bounds of read/write syscalls (bsc#1237045).
- CVE-2025-21692: net: sched: fix ets qdisc OOB Indexing (bsc#1237028).
- CVE-2025-21693: mm: zswap: properly synchronize freeing resources during CPU hotunplug (bsc#1237029).
- CVE-2025-21700: net: sched: Disallow replacing of child qdisc from one parent to another (bsc#1237159).
- CVE-2025-21701: net: avoid race between device unregistration and ethnl ops (bsc#1237164).
- CVE-2025-21703: netem: Update sch->q.qlen before qdisc_tree_reduce_backlog() (bsc#1237313).
- CVE-2025-21705: mptcp: handle fastopen disconnect correctly (bsc#1238525).
- CVE-2025-21706: mptcp: pm: only set fullmesh for subflow endp (bsc#1238528).
- CVE-2025-21715: net: davicom: fix UAF in dm9000_drv_remove (bsc#1237889).
- CVE-2025-21716: vxlan: Fix uninit-value in vxlan_vnifilter_dump() (bsc#1237891).
- CVE-2025-21719: ipmr: do not call mr_mfc_uses_dev() for unres entries (bsc#1238860).
- CVE-2025-21724: iommufd/iova_bitmap: Fix shift-out-of-bounds in iova_bitmap_offset_to_index() (bsc#1238863).
- CVE-2025-21725: smb: client: fix oops due to unset link speed (bsc#1238877).
- CVE-2025-21728: bpf: Send signals asynchronously if !preemptible (bsc#1237879).
- CVE-2025-21729: wifi: rtw89: fix race between cancel_hw_scan and hw_scan completion (bsc#1237874).
- CVE-2025-21733: tracing/osnoise: Fix resetting of tracepoints (bsc#1238494).
- CVE-2025-21739: kABI: ufshcd: add ufshcd_dealloc_host back (bsc#1238506).
- CVE-2025-21753: btrfs: fix use-after-free when attempting to join an aborted transaction (bsc#1237875).
- CVE-2025-21754: btrfs: fix assertion failure when splitting ordered extent after transaction abort (bsc#1238496).
- CVE-2025-21755: vsock: Orphan socket after transport release (bsc#1237882).
- CVE-2025-21759: ipv6: mcast: extend RCU protection in igmp6_send() (bsc#1238738).
- CVE-2025-21760: ndisc: extend RCU protection in ndisc_send_skb() (bsc#1238763).
- CVE-2025-21761: openvswitch: use RCU protection in ovs_vport_cmd_fill_info() (bsc#1238775).
- CVE-2025-21762: arp: use RCU protection in arp_xmit() (bsc#1238780).
- CVE-2025-21763: neighbour: use RCU protection in __neigh_notify() (bsc#1237897).
- CVE-2025-21765: ipv6: use RCU protection in ip6_default_advmss() (bsc#1237906).
- CVE-2025-21766: ipv4: use RCU protection in __ip_rt_update_pmtu() (bsc#1238754).
- CVE-2025-21767: clocksource: Use migrate_disable() to avoid calling get_random_u32() in atomic context (bsc#1238509).
- CVE-2025-21790: vxlan: check vxlan_vnigroup_init() return value (bsc#1238753).
- CVE-2025-21791: vrf: use RCU protection in l3mdev_l3_out() (bsc#1238512).
- CVE-2025-21795: NFSD: fix hang in nfsd4_shutdown_callback (bsc#1238759).
- CVE-2025-21799: net: ethernet: ti: am65-cpsw: fix freeing IRQ in am65_cpsw_nuss_remove_tx_chns() (bsc#1238739).
- CVE-2025-21802: net: hns3: fix oops when unload drivers paralleling (bsc#1238751).
- CVE-2025-21806: net: let net.core.dev_weight always be non-zero (bsc#1238746).
- CVE-2025-21825: selftests/bpf: Add test case for the freeing of bpf_timer (bsc#1238971).
- CVE-2025-21836: io_uring/kbuf: reallocate buf lists on upgrade (bsc#1239066).
- CVE-2025-21844: smb: client: Add check for next_buffer in receive_encrypted_standard() (bsc#1239512).
- CVE-2025-21848: nfp: bpf: Add check for nfp_app_ctrl_msg_alloc() (bsc#1239479).
- CVE-2025-21856: s390/ism: add release function for struct device (bsc#1239486).
- CVE-2025-21857: net/sched: cls_api: fix error handling causing NULL dereference (bsc#1239478).
- CVE-2025-21861: mm/migrate_device: do not add folio to be freed to LRU in migrate_device_finalize() (bsc#1239483).
- CVE-2025-21862: drop_monitor: fix incorrect initialization order (bsc#1239474).
- CVE-2025-21863: io_uring: prevent opcode speculation (bsc#1239475).
- CVE-2025-21864: kABI fix for tcp: drop secpath at the same time as we currently drop (bsc#1239482).
- CVE-2025-21865: gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl() (bsc#1239481).
- CVE-2025-21870: ASoC: SOF: ipc4-topology: Harden loops for looking up ALH copiers (bsc#1240191).
- CVE-2025-21871: tee: optee: Fix supplicant wait loop (bsc#1240183).
- CVE-2025-21873: scsi: ufs: core: bsg: Fix crash when arpmb command fails (bsc#1240184).
- CVE-2025-21875: mptcp: always handle address removal under msk socket lock (bsc#1240168).
- CVE-2025-21881: uprobes: Reject the shared zeropage in uprobe_write_opcode() (bsc#1240185).
- CVE-2025-21883: ice: Fix deinitializing VF in error path (bsc#1240189).
- CVE-2025-21884: net: better track kernel sockets lifetime (bsc#1240171).
- CVE-2025-21887: ovl: fix UAF in ovl_dentry_update_reval by moving dput() in ovl_link_up (bsc#1240176).
- CVE-2025-21889: perf/core: Add RCU read lock protection to perf_iterate_ctx() (bsc#1240167).
- CVE-2025-21890: idpf: fix checksums set in idpf_rx_rsc() (bsc#1240173).
- CVE-2025-21891: ipvlan: ensure network headers are in skb linear part (bsc#1240186).
- CVE-2025-21894: net: enetc: VFs do not support HWTSTAMP_TX_ONESTEP_SYNC (bsc#1240581).
- CVE-2025-21895: perf/core: Order the PMU list to fix warning about unordered pmu_ctx_list (bsc#1240585).
- CVE-2025-21906: wifi: iwlwifi: mvm: clean up ROC on failure (bsc#1240587).
- CVE-2025-21908: NFS: fix nfs_release_folio() to not deadlock via kcompactd writeback (bsc#1240600).
- CVE-2025-21913: x86/amd_nb: Use rdmsr_safe() in amd_get_mmconfig_range() (bsc#1240591).
- CVE-2025-21922: ppp: Fix KMSAN uninit-value warning with bpf (bsc#1240639).
- CVE-2025-21924: net: hns3: make sure ptp clock is unregister and freed
if hclge_ptp_get_cycle returns an error (bsc#1240720).
- CVE-2025-21957: scsi: qla1280: Fix kernel oops when debug level > 2 (bsc#1240742).
- CVE-2025-21960: eth: bnxt: do not update checksum in bnxt_xdp_build_skb() (bsc#1240815).
- CVE-2025-21961: eth: bnxt: fix truesize for mb-xdp-pass case (bsc#1240816).
- CVE-2025-21969: Bluetooth: L2CAP: Fix build errors in some archs (bsc#1240784).
- CVE-2025-21970: net/mlx5: Bridge, fix the crash caused by LAG state check (bsc#1240819).
- CVE-2025-21972: net: mctp: unshare packets when reassembling (bsc#1240813).
- CVE-2025-21975: net/mlx5: handle errors in mlx5_chains_create_table() (bsc#1240812).
- CVE-2025-21981: ice: fix memory leak in aRFS after reset (bsc#1240612).
- CVE-2025-21991: x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes (bsc#1240795).
- CVE-2025-21993: iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic() (bsc#1240797).
- CVE-2025-2312: CIFS: New mount option for cifs.upcall namespace resolution (bsc#1239684).
The following non-security bugs were fixed:
- ACPI: PRM: Remove unnecessary strict handler address checks (git-fixes).
- ACPI: processor: idle: Return an error if both P_LVL{2,3} idle states are invalid (bsc#1237530).
- ACPI: property: Fix return value for nval == 0 in acpi_data_prop_read() (git-fixes).
- ACPI: resource: IRQ override for Eluktronics MECH-17 (stable-fixes).
- ACPI: resource: Skip IRQ override on ASUS Vivobook 14 X1404VAP (stable-fixes).
- ACPI: x86: Add skip i2c clients quirk for Vexia EDU ATLA 10 tablet 5V (stable-fixes).
- ACPI: x86: Extend Lenovo Yoga Tab 3 quirk with skip GPIO event-handlers (git-fixes).
- ALSA: hda/cirrus: Correct the full scale volume set logic (git-fixes).
- ALSA: hda/conexant: Add quirk for HP ProBook 450 G4 mute LED (stable-fixes).
- ALSA: hda/realtek - add supported Mic Mute LED for Lenovo platform (stable-fixes).
- ALSA: hda/realtek: Add mute LED quirk for HP Pavilion x360 14-dy1xxx (stable-fixes).
- ALSA: hda/realtek: Add support for ASUS B3405 and B3605 Laptops using CS35L41 HDA (stable-fixes).
- ALSA: hda/realtek: Add support for ASUS B5405 and B5605 Laptops using CS35L41 HDA (stable-fixes).
- ALSA: hda/realtek: Add support for ASUS ROG Strix G614 Laptops using CS35L41 HDA (stable-fixes).
- ALSA: hda/realtek: Add support for ASUS ROG Strix G814 Laptop using CS35L41 HDA (stable-fixes).
- ALSA: hda/realtek: Add support for ASUS ROG Strix GA603 Laptops using CS35L41 HDA (stable-fixes).
- ALSA: hda/realtek: Add support for ASUS Zenbook UM3406KA Laptops using CS35L41 HDA (stable-fixes).
- ALSA: hda/realtek: Add support for various ASUS Laptops using CS35L41 HDA (stable-fixes).
- ALSA: hda/realtek: Add support for various HP Laptops using CS35L41 HDA (stable-fixes).
- ALSA: hda/realtek: Always honor no_shutup_pins (git-fixes).
- ALSA: hda/realtek: Fix Asus Z13 2025 audio (stable-fixes).
- ALSA: hda/realtek: Fix built-in mic assignment on ASUS VivoBook X515UA (git-fixes).
- ALSA: hda/realtek: Fix built-in mic breakage on ASUS VivoBook X515JA (git-fixes).
- ALSA: hda/realtek: Fix built-in mic on another ASUS VivoBook model (git-fixes).
- ALSA: hda/realtek: Fix microphone regression on ASUS N705UD (git-fixes).
- ALSA: hda/realtek: Fix wrong mic setup for ASUS VivoBook 15 (git-fixes).
- ALSA: hda/realtek: Fixup ALC225 depop procedure (git-fixes).
- ALSA: hda/realtek: Limit mic boost on Positivo ARN50 (stable-fixes).
- ALSA: hda/realtek: Remove (revert) duplicate Ally X config (git-fixes).
- ALSA: hda/realtek: Support mute LED on HP Laptop 15s-du3xxx (stable-fixes).
- ALSA: hda/realtek: update ALC222 depop optimize (stable-fixes).
- ALSA: hda: Add error check for snd_ctl_rename_id() in snd_hda_create_dig_out_ctls() (git-fixes).
- ALSA: hda: Fix speakers on ASUS EXPERTBOOK P5405CSA 1.0 (stable-fixes).
- ALSA: hda: intel: Add Dell ALC3271 to power_save denylist (stable-fixes).
- ALSA: hda: realtek: fix incorrect IS_REACHABLE() usage (git-fixes).
- ALSA: pcm: Drop superfluous NULL check in snd_pcm_format_set_silence() (git-fixes).
- ALSA: seq: Avoid module auto-load handling at event delivery (stable-fixes).
- ALSA: seq: Drop UMP events when no UMP-conversion is set (git-fixes).
- ALSA: seq: Make dependency on UMP clearer (git-fixes).
- ALSA: seq: remove redundant 'tristate' for SND_SEQ_UMP_CLIENT (stable-fixes).
- ALSA: usb-audio: Add quirk for Plantronics headsets to fix control names (stable-fixes).
- ALSA: usb-audio: Avoid dropping MIDI events at closing multiple ports (git-fixes).
- ALSA: usb-audio: Re-add sample rate quirk for Pioneer DJM-900NXS2 (stable-fixes).
- ALSA: usb-audio: separate DJM-A9 cap lvl options (git-fixes).
- ALSA: usx2y: validate nrpacks module parameter on probe (git-fixes).
- APEI: GHES: Have GHES honor the panic= setting (stable-fixes).
- ASoC: Intel: avs: Abstract IPC handling (stable-fixes).
- ASoC: Intel: avs: Do not readq() u32 registers (git-fixes).
- ASoC: Intel: avs: Prefix SKL/APL-specific members (stable-fixes).
- ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet 5V (stable-fixes).
- ASoC: SOF: Intel: hda: add softdep pre to snd-hda-codec-hdmi module (stable-fixes).
- ASoC: SOF: amd: Handle IPC replies before FW_BOOT_COMPLETE (stable-fixes).
- ASoC: SOF: pcm: Clear the susbstream pointer to NULL on close (git-fixes).
- ASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data() (git-fixes).
- ASoC: amd: Add ACPI dependency to fix build error (stable-fixes).
- ASoC: amd: yc: Support mic on another Lenovo ThinkPad E16 Gen 2 model (stable-fixes).
- ASoC: arizona/madera: use fsleep() in up/down DAPM event delays (stable-fixes).
- ASoC: codecs: wm0010: Fix error handling path in wm0010_spi_probe() (git-fixes).
- ASoC: cs35l41: check the return value from spi_setup() (git-fixes).
- ASoC: es8328: fix route from DAC to output (git-fixes).
- ASoC: fsl_micfil: Enable default case in micfil_set_quality() (git-fixes).
- ASoC: imx-card: Add NULL check in imx_card_probe() (git-fixes).
- ASoC: ops: Consistently treat platform_max as control value (git-fixes).
- ASoC: qdsp6: q6apm-dai: fix capture pipeline overruns (git-fixes).
- ASoC: qdsp6: q6apm-dai: set 10 ms period and buffer alignment (git-fixes).
- ASoC: qdsp6: q6asm-dai: fix q6asm_dai_compr_set_params error path (git-fixes).
- ASoC: rockchip: i2s-tdm: fix shift config for SND_SOC_DAIFMT_DSP_[AB] (git-fixes).
- ASoC: rt722-sdca: add missing readable registers (git-fixes).
- ASoC: tas2764: Fix power control mask (stable-fixes).
- ASoC: tas2764: Set the SDOUT polarity correctly (stable-fixes).
- ASoC: tas2770: Fix volume scale (stable-fixes).
- ASoC: ti: j721e-evm: Fix clock configuration for ti,j7200-cpb-audio compatible (git-fixes).
- Bluetooth: Add check for mgmt_alloc_skb() in mgmt_device_connected() (git-fixes).
- Bluetooth: Add check for mgmt_alloc_skb() in mgmt_remote_name() (git-fixes).
- Bluetooth: Fix error code in chan_alloc_skb_cb() (git-fixes).
- Bluetooth: HCI: Add definition of hci_rp_remote_name_req_cancel (git-fixes).
- Bluetooth: Improve setsockopt() handling of malformed user input (git-fixes).
- Bluetooth: L2CAP: Fix L2CAP_ECRED_CONN_RSP response (git-fixes).
- Bluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync (stable-fixes).
- Bluetooth: hci_event: Fix connection regression between LE and non-LE adapters (git-fixes).
- Bluetooth: hci_event: Fix enabling passive scanning (git-fixes).
- Documentation: qat: fix auto_reset attribute details (git-fixes).
- Documentation: qat: fix auto_reset section (git-fixes).
- Drivers: hv: vmbus: Do not release fb_mmio resource in vmbus_free_mmio() (git-fixes).
- Fix memory-hotplug regression (bsc#1237504)
- Grab mm lock before grabbing pt lock (git-fixes).
- HID: Enable playstation driver independently of sony driver (git-fixes).
- HID: Wacom: Add PCI Wacom device support (stable-fixes).
- HID: apple: disable Fn key handling on the Omoton KB066 (git-fixes).
- HID: apple: fix up the F6 key on the Omoton KB066 keyboard (stable-fixes).
- HID: appleir: Fix potential NULL dereference at raw event handle (git-fixes).
- HID: google: fix unused variable warning under !CONFIG_ACPI (git-fixes).
- HID: hid-apple: Apple Magic Keyboard a3203 USB-C support (stable-fixes).
- HID: hid-plantronics: Add mic mute mapping and generalize quirks (stable-fixes).
- HID: hid-steam: Add Deck IMU support (stable-fixes).
- HID: hid-steam: Add gamepad-only mode switched to by holding options (stable-fixes).
- HID: hid-steam: Avoid overwriting smoothing parameter (stable-fixes).
- HID: hid-steam: Clean up locking (stable-fixes).
- HID: hid-steam: Disable watchdog instead of using a heartbeat (stable-fixes).
- HID: hid-steam: Do not use cancel_delayed_work_sync in IRQ context (git-fixes).
- HID: hid-steam: Fix cleanup in probe() (git-fixes).
- HID: hid-steam: Fix use-after-free when detaching device (git-fixes).
- HID: hid-steam: Make sure rumble work is canceled on removal (stable-fixes).
- HID: hid-steam: Move hidraw input (un)registering to work (git-fixes).
- HID: hid-steam: Update list of identifiers from SDL (stable-fixes).
- HID: hid-steam: remove pointless error message (stable-fixes).
- HID: hid-thrustmaster: fix stack-out-of-bounds read in usb_check_int_endpoints() (git-fixes).
- HID: i2c-hid: Skip SET_POWER SLEEP for Cirque touchpad on system suspend (stable-fixes).
- HID: i2c-hid: improve i2c_hid_get_report error message (stable-fixes).
- HID: ignore non-functional sensor in HP 5MP Camera (stable-fixes).
- HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() (git-fixes).
- HID: intel-ish-hid: Send clock sync message immediately after reset (stable-fixes).
- HID: intel-ish-hid: fix the length of MNG_SYNC_FW_CLOCK in doorbell (stable-fixes).
- HID: multitouch: Add NULL check in mt_input_configured (git-fixes).
- HID: remove superfluous (and wrong) Makefile entry for CONFIG_INTEL_ISH_FIRMWARE_DOWNLOADER (git-fixes).
- HID: topre: Fix n-key rollover on Realforce R3S TKL boards (stable-fixes).
- IB/mad: Check available slots before posting receive WRs (git-fixes)
- IB/mlx5: Set and get correct qp_num for a DCT QP (git-fixes)
- Input: ads7846 - fix gpiod allocation (git-fixes).
- Input: allocate keycode for phone linking (stable-fixes).
- Input: i8042 - add required quirks for missing old boardnames (stable-fixes).
- Input: i8042 - swap old quirk combination with new quirk for NHxxRZQ (stable-fixes).
- Input: i8042 - swap old quirk combination with new quirk for more devices (stable-fixes).
- Input: i8042 - swap old quirk combination with new quirk for several devices (stable-fixes).
- Input: iqs7222 - add support for Azoteq IQS7222D (git-fixes).
- Input: iqs7222 - add support for IQS7222D v1.1 and v1.2 (git-fixes).
- Input: iqs7222 - preserve system status register (git-fixes).
- Input: pm8941-pwrkey - fix dev_dbg() output in pm8941_pwrkey_irq() (git-fixes).
- Input: synaptics - hide unused smbus_pnp_ids[] array (git-fixes).
- Input: xpad - add 8BitDo SN30 Pro, Hyperkin X91 and Gamesir G7 SE controllers (stable-fixes).
- Input: xpad - add multiple supported devices (stable-fixes).
- Input: xpad - add support for TECNO Pocket Go (stable-fixes).
- Input: xpad - add support for ZOTAC Gaming Zone (stable-fixes).
- Input: xpad - rename QH controller to Legion Go S (stable-fixes).
- KVM: VMX: Allow toggling bits in MSR_IA32_RTIT_CTL when enable bit is cleared (git-fixes).
- KVM: VMX: Fix comment of handle_vmx_instruction() (git-fixes).
- KVM: VMX: reset the segment cache after segment init in vmx_vcpu_reset() (jsc#PED-348 git-fixes).
- KVM: arm64: Do not eagerly teardown the vgic on init error (git-fixes).
- KVM: arm64: Ensure vgic_ready() is ordered against MMIO registration (git-fixes).
- KVM: arm64: Fix alignment of kvm_hyp_memcache allocations (git-fixes).
- KVM: arm64: Flush hyp bss section after initialization of variables in bss (git-fixes).
- KVM: arm64: Unconditionally save+flush host FPSIMD/SVE/SME state (git-fixes)
- KVM: arm64: vgic-v3: Sanitise guest writes to GICR_INVLPIR (git-fixes).
- KVM: nSVM: Enter guest mode before initializing nested NPT MMU (git-fixes).
- KVM: nVMX: Treat vpid01 as current if L2 is active, but with VPID disabled (jsc#PED-348 git-fixes).
- KVM: s390: vsie: fix some corner-cases when grabbing vsie pages (git-fixes bsc#1237155).
- KVM: x86/mmu: Skip the "try unsync" path iff the old SPTE was a leaf SPTE (git-fixes).
- KVM: x86: AMD's IBPB is not equivalent to Intel's IBPB (git-fixes).
- KVM: x86: Account for KVM-reserved CR4 bits when passing through CR4 on VMX (git-fixes).
- KVM: x86: Advertise SRSO_USER_KERNEL_NO to userspace (git-fixes).
- KVM: x86: Avoid double RDPKRU when loading host/guest PKRU (git-fixes).
- KVM: x86: Cache CPUID.0xD XSTATE offsets+sizes during module init (git-fixes).
- KVM: x86: Fix a comment inside __kvm_set_or_clear_apicv_inhibit() (git-fixes).
- KVM: x86: Reject Hyper-V's SEND_IPI hypercalls if local APIC isn't in-kernel (git-fixes).
- KVM: x86: Unconditionally set irr_pending when updating APICv state (jsc#PED-348).
- KVM: x86: Zero out PV features cache when the CPUID leaf is not present (git-fixes).
- Move upstreamed ACPI patch into sorted section
- Move upstreamed PCI and initramfs patches into sorted section
- Move upstreamed nfsd and sunrpc patches into sorted section
- Move upstreamed powerpc and SCSI patches into sorted section
- PCI/ACS: Fix 'pci=config_acs=' parameter (git-fixes).
- PCI/ASPM: Fix link state exit during switch upstream function removal (git-fixes).
- PCI/DOE: Poll DOE Busy bit for up to 1 second in pci_doe_send_req() (bsc#1237853)
- PCI/DOE: Support discovery version 2 (bsc#1237853)
- PCI/DPC: Quirk PIO log size for Intel Raptor Lake-P (stable-fixes).
- PCI/portdrv: Only disable pciehp interrupts early when needed (git-fixes).
- PCI: Avoid reset when disabled via sysfs (git-fixes).
- PCI: Fix BAR resizing when VF BARs are assigned (git-fixes).
- PCI: Fix reference leak in pci_alloc_child_bus() (git-fixes).
- PCI: Fix reference leak in pci_register_host_bridge() (git-fixes).
- PCI: Remove stray put_device() in pci_register_host_bridge() (git-fixes).
- PCI: Use downstream bridges for distributing resources (bsc#1237325).
- PCI: brcmstb: Fix error path after a call to regulator_bulk_get() (git-fixes).
- PCI: brcmstb: Fix missing of_node_put() in brcm_pcie_probe() (git-fixes).
- PCI: brcmstb: Fix potential premature regulator disabling (git-fixes).
- PCI: brcmstb: Set generation limit before PCIe link up (git-fixes).
- PCI: brcmstb: Use internal register to change link capability (git-fixes).
- PCI: cadence-ep: Fix the driver to send MSG TLP for INTx without data payload (git-fixes).
- PCI: dwc: ep: Return -ENOMEM for allocation failures (git-fixes).
- PCI: histb: Fix an error handling path in histb_pcie_probe() (git-fixes).
- PCI: hookup irq_get_affinity callback (bsc#1236896).
- PCI: imx6: Simplify clock handling by using clk_bulk*() function (git-fixes).
- PCI: pciehp: Do not enable HPIE when resuming in poll mode (git-fixes).
- PCI: switchtec: Add Microchip PCI100X device IDs (stable-fixes).
- PCI: xilinx-cpm: Fix IRQ domain leak in error path of probe (git-fixes).
- PM: sleep: Adjust check before setting power.must_resume (git-fixes).
- PM: sleep: Fix handling devices with direct_complete set on errors (git-fixes).
- RAS: Avoid build errors when CONFIG_DEBUG_FS=n (jsc#PED-7619).
- RDMA/bnxt_re: Add missing paranthesis in map_qp_id_to_tbl_indx (git-fixes)
- RDMA/bnxt_re: Avoid clearing VLAN_ID mask in modify qp path (git-fixes)
- RDMA/bnxt_re: Fix the page details for the srq created by kernel consumers (git-fixes)
- RDMA/bnxt_re: Fix the statistics for Gen P7 VF (git-fixes)
- RDMA/core: Do not expose hw_counters outside of init net namespace (git-fixes)
- RDMA/efa: Reset device on probe failure (git-fixes)
- RDMA/erdma: Prevent use-after-free in erdma_accept_newconn() (git-fixes)
- RDMA/hns: Fix a missing rollback in error path of hns_roce_create_qp_common() (git-fixes)
- RDMA/hns: Fix mbox timing out by adding retry mechanism (git-fixes)
- RDMA/hns: Fix missing xa_destroy() (git-fixes)
- RDMA/hns: Fix soft lockup during bt pages loop (git-fixes)
- RDMA/hns: Fix unmatched condition in error path of alloc_user_qp_db() (git-fixes)
- RDMA/hns: Fix wrong value of max_sge_rd (git-fixes)
- RDMA/mana_ib: Allocate PAGE aligned doorbell index (git-fixes).
- RDMA/mana_ib: Prefer struct_size over open coded arithmetic (bsc#1239016).
- RDMA/mlx5: Fix AH static rate parsing (git-fixes)
- RDMA/mlx5: Fix MR cache initialization error flow (git-fixes)
- RDMA/mlx5: Fix a WARN during dereg_mr for DM type (git-fixes)
- RDMA/mlx5: Fix a race for DMABUF MR which can lead to CQE with error (git-fixes)
- RDMA/mlx5: Fix bind QP error cleanup flow (git-fixes)
- RDMA/mlx5: Fix cache entry update on dereg error (git-fixes)
- RDMA/mlx5: Fix calculation of total invalidated pages (git-fixes)
- RDMA/mlx5: Fix implicit ODP hang on parent deregistration (git-fixes)
- RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow (git-fixes)
- RDMA/mlx5: Fix the recovery flow of the UMR QP (git-fixes)
- RDMA/mlx5: Handle errors returned from mlx5r_ib_rate() (git-fixes)
- RDMA/rxe: Fix the failure of ibv_query_device() and ibv_query_device_ex() tests (git-fixes)
- RDMA/rxe: Improve newline in printing messages (git-fixes)
- Reapply "wifi: ath11k: restore country code during resume" (bsc#1207948).
- Revert "blk-throttle: Fix IO hang for a corner case" (git-fixes).
- Revert "dm: requeue IO if mapping table not yet available" (git-fixes).
- Revert "drivers/card_reader/rtsx_usb: Restore interrupt based detection" (git-fixes).
- Revert "drm/amd/display: Use HW lock mgr for PSR1" (stable-fixes).
- Revert "leds-pca955x: Remove the unused function pca95xx_num_led_regs()" (stable-fixes).
- Revert "wifi: ath11k: restore country code during resume" (bsc#1207948).
- Revert "wifi: ath11k: support hibernation" (bsc#1207948).
- SUNRPC: Handle -ETIMEDOUT return from tlshd (git-fixes).
- SUNRPC: Prevent looping due to rpc_signal_task() races (git-fixes).
- SUNRPC: convert RPC_TASK_* constants to enum (git-fixes).
- UPSTREAM: tcp: fix DSACK undo in fast recovery to call tcp_try_to_open() (git-fixes).
- USB: Add USB_QUIRK_NO_LPM quirk for sony xperia xz1 smartphone (stable-fixes).
- USB: Fix the issue of task recovery failure caused by USB status when S4 wakes up (git-fixes).
- USB: cdc-acm: Fill in Renesas R-Car D3 USB Download mode quirk (git-fixes).
- USB: gadget: f_midi: f_midi_complete to call queue_work (git-fixes).
- USB: hub: Ignore non-compliant devices with too many configs or interfaces (stable-fixes).
- USB: pci-quirks: Fix HCCPARAMS register error for LS7A EHCI (stable-fixes).
- USB: quirks: add USB_QUIRK_NO_LPM quirk for Teclast dist (stable-fixes).
- USB: serial: ftdi_sio: add support for Altera USB Blaster 3 (stable-fixes).
- USB: serial: option: add MeiG Smart SLM828 (stable-fixes).
- USB: serial: option: add Telit Cinterion FE990B compositions (stable-fixes).
- USB: serial: option: add Telit Cinterion FN990B compositions (stable-fixes).
- USB: serial: option: drop MeiG Smart defines (stable-fixes).
- USB: serial: option: fix Telit Cinterion FE990A name (stable-fixes).
- USB: serial: option: fix Telit Cinterion FN990A name (stable-fixes).
- USB: serial: option: match on interface class for Telit FN990B (stable-fixes).
- Update "drm/mgag200: Added support for the new device G200eH5" (jsc#PED-12094)
- Use gcc-13 for build on SLE16 (jsc#PED-10028).
- accel/qaic: Fix integer overflow in qaic_validate_req() (git-fixes).
- accel/qaic: Fix possible data corruption in BOs > 2G (git-fixes).
- acct: block access to kernel internal filesystems (git-fixes).
- acct: perform last write from workqueue (git-fixes).
- acpi: nfit: fix narrowing conversion in acpi_nfit_ctl (git-fixes).
- af_packet: do not call packet_read_pending() from tpacket_destruct_skb() (bsc#1237849).
- af_unix: Annotate data-race of sk->sk_state in unix_stream_read_skb() (bsc#1239435).
- af_unix: Disable MSG_OOB handling for sockets in sockmap/sockhash (bsc#1239435).
- af_unix: Remove put_pid()/put_cred() in copy_peercred() (bsc#1240334).
- affs: do not write overlarge OFS data block size fields (git-fixes).
- affs: generate OFS sequence numbers starting at 1 (git-fixes).
- amdgpu/pm/legacy: fix suspend/resume issues (git-fixes).
- arch_topology: Make register_cpu_capacity_sysctl() tolerant to late (bsc#1238052)
- arch_topology: init capacity_freq_ref to 0 (bsc#1238052)
- arm64/amu: Use capacity_ref_freq() to set AMU ratio (bsc#1238052)
- arm64/mm: Ensure adequate HUGE_MAX_HSTATE (git-fixes)
- arm64: Do not call NULL in do_compat_alignment_fixup() (git-fixes)
- arm64: Handle .ARM.attributes section in linker scripts (git-fixes)
- arm64: Provide an AMU-based version of arch_freq_get_on_cpu (bsc#1238052)
- arm64: Update AMU-based freq scale factor on entering idle (bsc#1238052)
- arm64: Utilize for_each_cpu_wrap for reference lookup (bsc#1238052)
- arm64: amu: Delay allocating cpumask for AMU FIE support (bsc#1238052)
- arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array (git-fixes)
- arm64: cputype: Add MIDR_CORTEX_A76AE (git-fixes)
- arm64: dts: freescale: imx8mm-verdin-dahlia: add Microphone Jack to (git-fixes)
- arm64: dts: freescale: tqma8mpql: Fix vqmmc-supply (git-fixes)
- arm64: dts: rockchip: Add avdd HDMI supplies to RockPro64 board dtsi (git-fixes)
- arm64: dts: rockchip: Add missing PCIe supplies to RockPro64 board (git-fixes)
- arm64: dts: rockchip: Fix PWM pinctrl names (git-fixes)
- arm64: dts: rockchip: Remove bluetooth node from rock-3a (git-fixes)
- arm64: dts: rockchip: Remove undocumented sdmmc property from (git-fixes)
- arm64: dts: rockchip: add rs485 support on uart5 of (git-fixes)
- arm64: dts: rockchip: fix pinmux of UART0 for PX30 Ringneck on Haikou (git-fixes)
- arm64: dts: rockchip: fix pinmux of UART5 for PX30 Ringneck on Haikou (git-fixes)
- arm64: errata: Add KRYO 2XX/3XX/4XX silver cores to Spectre BHB safe (git-fixes)
- arm64: errata: Add QCOM_KRYO_4XX_GOLD to the spectre_bhb_k24_list (git-fixes)
- arm64: errata: Add newer ARM cores to the spectre_bhb_loop_affected() (git-fixes)
- arm64: errata: Assume that unknown CPUs _are_ vulnerable to Spectre (git-fixes)
- arm64: hugetlb: Fix flush_hugetlb_tlb_range() invalidation level (git-fixes)
- arm64: hugetlb: Fix huge_ptep_get_and_clear() for non-present ptes (git-fixes)
- arm64: hugetlb: enable __HAVE_ARCH_FLUSH_HUGETLB_TLB_RANGE (git-fixes)
- arm64: mm: Correct the update of max_pfn (git-fixes)
- arm64: mm: Populate vmemmap at the page level if not section aligned (git-fixes)
- arm64: tegra: Remove the Orin NX/Nano suspend key (git-fixes)
- ata: ahci: Add mask_port_map module parameter (git-fixes).
- ata: libata-scsi: Check ATA_QCFLAG_RTF_FILLED before using result_tf (git-fixes).
- ata: libata-scsi: Remove redundant sense_buffer memsets (git-fixes).
- ata: libata-sff: Ensure that we cannot write outside the allocated buffer (stable-fixes).
- ata: libata: Fix NCQ Non-Data log not supported print (git-fixes).
- ata: pata_parport: add custom version of wait_after_reset (git-fixes).
- ata: pata_parport: fit3: implement IDE command set registers (git-fixes).
- ata: pata_serverworks: Do not use the term blacklist (git-fixes).
- ata: sata_highbank: fix OF node reference leak in highbank_initialize_phys() (git-fixes).
- ata: sata_sil: Rename sil_blacklist to sil_quirks (git-fixes).
- auxdisplay: panel: Fix an API misuse in panel.c (git-fixes).
- backlight: led_bl: Hold led_access lock when calling led_sysfs_disable() (git-fixes).
- batman-adv: Drop unmanaged ELP metric worker (git-fixes).
- batman-adv: Ignore neighbor throughput metrics in error case (stable-fixes).
- batman-adv: Ignore own maximum aggregation size during RX (git-fixes).
- batman-adv: fix panic during interface removal (git-fixes).
- bio-integrity: do not restrict the size of integrity metadata (git-fixes).
- bitmap: introduce generic optimized bitmap_size() (git-fixes).
- blk-cgroup: Fix class @block_class's subsystem refcount leakage (bsc#1237558).
- blk-cgroup: Properly propagate the iostat update up the hierarchy (bsc#1225606).
- blk-iocost: Avoid using clamp() on inuse in __propagate_weights() (git-fixes).
- blk-mq: Make blk_mq_quiesce_tagset() hold the tag list mutex less long (git-fixes).
- blk-mq: add number of queue calc helper (bsc#1236897).
- blk-mq: create correct map for fallback case (bsc#1236896).
- blk-mq: do not count completed flush data request as inflight in case of quiesce (git-fixes).
- blk-mq: introduce blk_mq_map_hw_queues (bsc#1236896).
- blk-mq: issue warning when offlining hctx with online isolcpus (bsc#1236897).
- blk-mq: move cpuhp callback registering out of q->sysfs_lock (git-fixes).
- blk-mq: register cpuhp callback after hctx is added to xarray table (git-fixes).
- blk-mq: use hk cpus only when isolcpus=managed_irq is enabled (bsc#1236897).
- blk_iocost: remove some duplicate irq disable/enables (git-fixes).
- block, bfq: fix waker_bfqq UAF after bfq_split_bfqq() (git-fixes).
- block: Clear zone limits for a non-zoned stacked queue (git-fixes).
- block: Fix elevator_get_default() checking for NULL q->tag_set (git-fixes).
- block: Fix lockdep warning in blk_mq_mark_tag_wait (git-fixes).
- block: Fix page refcounts for unaligned buffers in __bio_release_pages() (git-fixes).
- block: Provide bdev_open_* functions (git-fixes).
- block: Remove special-casing of compound pages (git-fixes).
- block: Set memalloc_noio to false on device_add_disk() error path (git-fixes).
- block: add a disk_has_partscan helper (git-fixes).
- block: add a partscan sysfs attribute for disks (git-fixes).
- block: add check of 'minors' and 'first_minor' in device_add_disk() (git-fixes).
- block: avoid to reuse `hctx` not removed from cpuhp callback list (git-fixes).
- block: change rq_integrity_vec to respect the iterator (git-fixes).
- block: cleanup and fix batch completion adding conditions (git-fixes).
- block: copy back bounce buffer to user-space correctly in case of split (git-fixes).
- block: do not revert iter for -EIOCBQUEUED (git-fixes).
- block: ensure we hold a queue reference when using queue limits (git-fixes).
- block: fix and simplify blkdevparts= cmdline parsing (git-fixes).
- block: fix bio_split_rw_at to take zone_write_granularity into account (git-fixes).
- block: fix integer overflow in BLKSECDISCARD (git-fixes).
- block: fix missing dispatching request when queue is started or unquiesced (git-fixes).
- block: fix ordering between checking BLK_MQ_S_STOPPED request adding (git-fixes).
- block: fix ordering between checking QUEUE_FLAG_QUIESCED request adding (git-fixes).
- block: fix sanity checks in blk_rq_map_user_bvec (git-fixes).
- block: propagate partition scanning errors to the BLKRRPART ioctl (git-fixes).
- block: remove the blk_flush_integrity call in blk_integrity_unregister (git-fixes).
- block: retry call probe after request_module in blk_request_module (git-fixes).
- block: return unsigned int from bdev_io_min (git-fixes).
- block: sed-opal: avoid possible wrong address reference in read_sed_opal_key() (git-fixes).
- block: support to account io_ticks precisely (git-fixes).
- block: use the right type for stub rq_integrity_vec() (git-fixes).
- bluetooth: btusb: Initialize .owner field of force_poll_sync_fops (git-fixes).
- bnxt_en: Fix possible memory leak when hwrm_req_replace fails (git-fixes).
- bnxt_en: Refactor bnxt_ptp_init() (git-fixes).
- bnxt_en: Unregister PTP during PCI shutdown and suspend (git-fixes).
- bpf: Avoid kfree_rcu() under lock in bpf_lpm_trie (git-fixes).
- bpf: Check size for BTF-based ctx access of pointer members (git-fixes).
- bpf: Fix a verifier verbose message (git-fixes).
- bpf: Fix theoretical prog_array UAF in __uprobe_perf_func() (git-fixes).
- bpf: Replace bpf_lpm_trie_key 0-length array with flexible array (git-fixes).
- bpf: Use -Wno-error in certain tests when building with GCC (git-fixes).
- bpf: avoid holding freeze_mutex during mmap operation (git-fixes).
- bpf: fix potential error return (git-fixes).
- bpf: prevent r10 register from being marked as precise (git-fixes).
- bpf: unify VM_WRITE vs VM_MAYWRITE use in BPF map mmaping logic (git-fixes).
- broadcom: fix supported flag check in periodic output function (git-fixes).
- btrfs: check delayed refs when we're checking if a ref exists (bsc#1239605).
- btrfs: do not use btrfs_bio_ctrl for extent buffer writing (bsc#1239045).
- btrfs: drop the backref cache during relocation if we commit (bsc#1239605).
- btrfs: fix defrag not merging contiguous extents due to merged extent maps (bsc#1237232).
- btrfs: fix extent map merging not happening for adjacent extents (bsc#1237232).
- btrfs: remove the mirror_num argument to btrfs_submit_compressed_read (bsc#1239045).
- btrfs: subpage: fix error handling in end_bio_subpage_eb_writepage (bsc#1239045).
- btrfs: use a separate end_io handler for extent_buffer writing (bsc#1239045).
- bus: mhi: host: Fix race between unprepare and queue_buf (git-fixes).
- bus: mhi: host: pci_generic: Use pci_try_reset_function() to avoid deadlock (git-fixes).
- bus: qcom-ssc-block-bus: Fix the error handling path of qcom_ssc_block_bus_probe() (git-fixes).
- bus: qcom-ssc-block-bus: Remove some duplicated iounmap() calls (git-fixes).
- bus: simple-pm-bus: fix forced runtime PM use (git-fixes).
- can: c_can: fix unbalanced runtime PM disable in error path (git-fixes).
- can: ctucanfd: handle skb allocation failure (git-fixes).
- can: etas_es58x: fix potential NULL pointer dereference on udev->serial (git-fixes).
- can: flexcan: disable transceiver during system PM (git-fixes).
- can: flexcan: only change CAN state when link up in system PM (git-fixes).
- can: j1939: j1939_sk_send_loop(): fix unable to send messages with data length zero (git-fixes).
- can: rcar_canfd: Fix page entries in the AFL list (git-fixes).
- can: ucan: fix out of bound read in strscpy() source (git-fixes).
- cdx: Fix possible UAF error in driver_override_show() (git-fixes).
- char: misc: deallocate static minor in error path (git-fixes).
- chelsio/chtls: prevent potential integer overflow on 32bit (git-fixes).
- cifs: Fix parsing reparse point with native symlink in SMB1 non-UNICODE session (git-fixes).
- cifs: Remove intermediate object of failed create reparse call (git-fixes).
- cifs: commands that are retried should have replay flag set (bsc#1231432).
- cifs: fix potential null pointer use in destroy_workqueue in init_cifs error path (bsc#1231432).
- cifs: helper function to check replayable error codes (bsc#1231432).
- cifs: new mount option called retrans (bsc#1231432).
- cifs: open_cached_dir should not rely on primary channel (bsc#1231432).
- cifs: open_cached_dir(): add FILE_READ_EA to desired access (git-fixes).
- cifs: update desired access while requesting for directory lease (git-fixes).
- cifs: update the same create_guid on replay (git-fixes).
- clk: mediatek: mt2701-aud: fix conversion to mtk_clk_simple_probe (git-fixes).
- clk: mediatek: mt2701-bdp: add missing dummy clk (git-fixes).
- clk: mediatek: mt2701-img: add missing dummy clk (git-fixes).
- clk: mediatek: mt2701-mm: add missing dummy clk (git-fixes).
- clk: mediatek: mt2701-vdec: fix conversion to mtk_clk_simple_probe (git-fixes).
- clk: qcom: clk-alpha-pll: fix alpha mode configuration (git-fixes).
- clk: qcom: clk-rpmh: prevent integer overflow in recalc_rate (git-fixes).
- clk: qcom: dispcc-sm6350: Add missing parent_map for a clock (git-fixes).
- clk: qcom: gcc-mdm9607: Fix cmd_rcgr offset for blsp1_uart6 rcg (git-fixes).
- clk: qcom: gcc-sm6350: Add missing parent_map for two clocks (git-fixes).
- clk: qcom: gcc-sm8550: Do not turn off PCIe GDSCs during gdsc_disable() (git-fixes).
- clk: sunxi-ng: a100: enable MMC clock reparenting (git-fixes).
- clockevents/drivers/i8253: Fix stop sequence for timer 0 (git-fixes).
- config: Set gcc version (jsc#PED-12251).
- coredump: Fixes core_pipe_limit sysctl proc_handler (git-fixes).
- counter: fix privdata alignment (git-fixes).
- counter: microchip-tcb-capture: Fix undefined counter channel state on probe (git-fixes).
- counter: stm32-lptimer-cnt: fix error handling when enabling (git-fixes).
- cppc_cpufreq: Use desired perf if feedback ctrs are 0 or unchanged (bsc#1237856)
- cpu/hotplug: Do not offline the last non-isolated CPU (bsc#1237562).
- cpu/hotplug: Prevent self deadlock on CPU hot-unplug (bsc#1237562).
- cpufreq/amd-pstate: Fix max_perf updation with schedutil (bsc#1239707).
- cpufreq/cppc: Do not compare desired_perf in target() (bsc#1237856)
- cpufreq/cppc: Move and rename (bsc#1237856)
- cpufreq/cppc: Set the frequency used for computing the capacity (bsc#1238052)
- cpufreq: Allow arch_freq_get_on_cpu to return an error (bsc#1238052)
- cpufreq: Introduce an optional cpuinfo_avg_freq sysfs entry (bsc#1238052)
Keep the feature disabled by default on x86_64
- cpufreq: cppc: Set fie_disabled to FIE_DISABLED if fails to create (bsc#1237856)
- cpufreq: cppc: cppc_cpufreq_get_rate() returns zero in all error (bsc#1237856)
- cpufreq: imx6q: Do not disable 792 Mhz OPP unnecessarily (git-fixes).
- cpufreq: imx6q: do not warn for disabling a non-existing frequency (git-fixes).
- cpufreq: mediatek-hw: Do not error out if supply is not found (git-fixes).
- cpufreq: mediatek-hw: Wait for CPU supplies before probing (git-fixes).
- cpufreq: qcom-nvmem: Enable virtual power domain devices (git-fixes).
- cpufreq: qcom-nvmem: Simplify driver data allocation (stable-fixes).
- cpufreq: qcom-nvmem: add support for IPQ8064 (git-fixes).
- cpufreq: qcom-nvmem: drop pvs_ver for format a fuses (git-fixes).
- cpufreq: qcom-nvmem: fix memory leaks in probe error paths (git-fixes).
- cpufreq: qcom-nvmem: use SoC ID-s from bindings (git-fixes).
- cpufreq: qcom-nvmem: use helper to get SMEM SoC ID (git-fixes).
- cpufreq: qcom: Fix qcom_cpufreq_hw_recalc_rate() to query LUT if LMh IRQ is not available (git-fixes).
- cpufreq: qcom: Implement clk_ops::determine_rate() for qcom_cpufreq* clocks (git-fixes).
- cpufreq: s3c64xx: Fix compilation warning (stable-fixes).
- cpumask: add cpumask_weight_andnot() (bsc#1239015).
- cpumask: define cleanup function for cpumasks (bsc#1239015).
- crypto: ccp - Fix check for the primary ASP device (git-fixes).
- crypto: ccp - Fix uAPI definitions of PSP errors (git-fixes).
- crypto: hisilicon/sec2 - fix for aead auth key length (git-fixes).
- crypto: hisilicon/sec2 - fix for aead authsize alignment (git-fixes).
- crypto: hisilicon/sec2 - fix for aead icv error (git-fixes).
- crypto: hisilicon/sec2 - fix for aead invalid authsize (git-fixes).
- crypto: hisilicon/sec2 - fix for sec spec check (git-fixes).
- crypto: hisilicon/sec2 - optimize the error return process (stable-fixes).
- crypto: iaa - Add global_stats file and remove individual stat files (jsc#PED-12416).
- crypto: iaa - Change desc->priv to 0 (jsc#PED-12416).
- crypto: iaa - Change iaa statistics to atomic64_t (jsc#PED-12416).
- crypto: iaa - Fix comp/decomp delay statistics (jsc#PED-12416).
- crypto: iaa - Remove comp/decomp delay statistics (jsc#PED-12416).
- crypto: iaa - Remove header table code (jsc#PED-12416).
- crypto: iaa - Remove potential infinite loop in check_completion() (jsc#PED-12416).
- crypto: iaa - Remove unnecessary debugfs_create_dir() error check in iaa_crypto_debugfs_init()
- crypto: iaa - Remove unneeded newline in update_max_adecomp_delay_ns() (jsc#PED-12416).
- crypto: iaa - Test the correct request flag (git-fixes).
- crypto: iaa - Use cpumask_weight() when rebalancing (jsc#PED-12416).
- crypto: iaa - Use kmemdup() instead of kzalloc() and memcpy() (jsc#PED-12416).
- crypto: iaa - fix decomp_bytes_in stats (jsc#PED-12416).
- crypto: iaa - fix the missing CRYPTO_ALG_ASYNC in cra_flags (jsc#PED-12416).
- crypto: iaa - remove unneeded semicolon (jsc#PED-12416).
- crypto: nx - Fix uninitialised hv_nxc on error (git-fixes).
- crypto: qat - Avoid -Wflex-array-member-not-at-end warnings (jsc#PED-12416).
- crypto: qat - Constify struct pm_status_row (jsc#PED-12416).
- crypto: qat - Fix missing destroy_workqueue in adf_init_aer() (jsc#PED-12416).
- crypto: qat - Fix spelling mistake "Invalide" -> "Invalid" (jsc#PED-12416).
- crypto: qat - Fix typo "accelaration" (jsc#PED-12416).
- crypto: qat - Fix typo (jsc#PED-12416).
- crypto: qat - Remove trailing space after \n newline (jsc#PED-12416).
- crypto: qat - Use static_assert() to check struct sizes (jsc#PED-12416).
- crypto: qat - add admin msgs for telemetry (jsc#PED-12416).
- crypto: qat - add auto reset on error (jsc#PED-12416).
- crypto: qat - add bank save and restore flows (jsc#PED-12416).
- crypto: qat - add fatal error notification (jsc#PED-12416).
- crypto: qat - add fatal error notify method (jsc#PED-12416).
- crypto: qat - add heartbeat error simulator (jsc#PED-12416).
- crypto: qat - add interface for live migration (jsc#PED-12416).
- crypto: qat - add support for 420xx devices (jsc#PED-12416).
- crypto: qat - add support for device telemetry (jsc#PED-12416).
- crypto: qat - add support for ring pair level telemetry (jsc#PED-12416).
- crypto: qat - adf_get_etr_base() helper (jsc#PED-12416).
- crypto: qat - allow disabling SR-IOV VFs (jsc#PED-12416).
- crypto: qat - avoid memcpy() overflow warning (jsc#PED-12416).
- crypto: qat - change signature of uof_get_num_objs() (jsc#PED-12416).
- crypto: qat - disable arbitration before reset (jsc#PED-12416).
- crypto: qat - ensure correct order in VF restarting handler (jsc#PED-12416).
- crypto: qat - expand CSR operations for QAT GEN4 devices (jsc#PED-12416).
- crypto: qat - fix "Full Going True" macro definition (jsc#PED-12416).
- crypto: qat - fix arbiter mapping generation algorithm for QAT 402xx (jsc#PED-12416).
- crypto: qat - fix comment structure (jsc#PED-12416).
- crypto: qat - fix linking errors when PCI_IOV is disabled (jsc#PED-12416).
- crypto: qat - fix recovery flow for VFs (jsc#PED-12416).
- crypto: qat - fix ring to service map for dcc in 420xx (jsc#PED-12416).
- crypto: qat - generate dynamically arbiter mappings (jsc#PED-12416).
- crypto: qat - implement dh fallback for primes > 4K (jsc#PED-12416).
- crypto: qat - implement interface for live migration (jsc#PED-12416).
- crypto: qat - improve aer error reset handling (jsc#PED-12416).
- crypto: qat - improve error message in adf_get_arbiter_mapping() (jsc#PED-12416).
- crypto: qat - include pci.h for GET_DEV() (jsc#PED-12416).
- crypto: qat - initialize user_input.lock for rate_limiting (jsc#PED-12416).
- crypto: qat - limit heartbeat notifications (jsc#PED-12416).
- crypto: qat - make adf_ctl_class constant (jsc#PED-12416).
- crypto: qat - make ring to service map common for QAT GEN4 (jsc#PED-12416).
- crypto: qat - move PFVF compat checker to a function (jsc#PED-12416).
- crypto: qat - move fw config related structures (jsc#PED-12416).
- crypto: qat - preserve ADF_GENERAL_SEC (jsc#PED-12416).
- crypto: qat - re-enable sriov after pf reset (jsc#PED-12416).
- crypto: qat - relocate CSR access code (jsc#PED-12416).
- crypto: qat - relocate and rename 4xxx PF2VM definitions (jsc#PED-12416).
- crypto: qat - relocate portions of qat_4xxx code (jsc#PED-12416).
- crypto: qat - remove access to parity register for QAT GEN4 (git-fixes).
- crypto: qat - remove unnecessary description from comment (jsc#PED-12416).
- crypto: qat - remove unused adf_devmgr_get_first (jsc#PED-12416).
- crypto: qat - rename get_sla_arr_of_type() (jsc#PED-12416).
- crypto: qat - set parity error mask for qat_420xx (git-fixes).
- crypto: qat - uninitialized variable in adf_hb_error_inject_write() (jsc#PED-12416).
- crypto: qat - update PFVF protocol for recovery (jsc#PED-12416).
- crypto: qat - use kcalloc_node() instead of kzalloc_node() (jsc#PED-12416).
- crypto: qat - validate slices count returned by FW (jsc#PED-12416).
- crypto: qat/qat_420xx - fix off by one in uof_get_name() (jsc#PED-12416).
- cxgb4: Avoid removal of uninserted tid (git-fixes).
- cxgb4: use port number to set mac addr (git-fixes).
- devlink: avoid potential loop in devlink_rel_nested_in_notify_work() (bsc#1237234).
- dlm: fix srcu_read_lock() return type to int (git-fixes).
- dlm: prevent NPD when writing a positive value to event_done (git-fixes).
- dm array: fix cursor index when skipping across block boundaries (git-fixes).
- dm array: fix unreleased btree blocks on closing a faulty array cursor (git-fixes).
- dm init: Handle minors larger than 255 (git-fixes).
- dm integrity: fix out-of-range warning (git-fixes).
- dm persistent data: fix memory allocation failure (git-fixes).
- dm resume: do not return EINVAL when signalled (git-fixes).
- dm suspend: return -ERESTARTSYS instead of -EINTR (git-fixes).
- dm thin: Add missing destroy_work_on_stack() (git-fixes).
- dm-crypt: do not update io->sector after kcryptd_crypt_write_io_submit() (git-fixes).
- dm-crypt: track tag_offset in convert_context (git-fixes).
- dm-delay: fix hung task introduced by kthread mode (git-fixes).
- dm-delay: fix max_delay calculations (git-fixes).
- dm-delay: fix workqueue delay_timer race (git-fixes).
- dm-ebs: do not set the flag DM_TARGET_PASSES_INTEGRITY (git-fixes).
- dm-flakey: Fix memory corruption in optional corrupt_bio_byte feature (git-fixes).
- dm-integrity: align the outgoing bio in integrity_recheck (git-fixes).
- dm-integrity: fix a race condition when accessing recalc_sector (git-fixes).
- dm-raid: Fix WARN_ON_ONCE check for sync_thread in raid_resume (git-fixes).
- dm-unstriped: cast an operand to sector_t to prevent potential uint32_t overflow (git-fixes).
- dm-verity FEC: Fix RS FEC repair for roots unaligned to block size (take 2) (git-fixes).
- dm: Fix typo in error message (git-fixes).
- dma: kmsan: export kmsan_handle_dma() for modules (git-fixes).
- doc/README.SUSE: Point to the updated version of LKMPG
- doc: update managed_irq documentation (bsc#1236897).
- driver core: Remove needless return in void API device_remove_group() (git-fixes).
- driver core: bus: add irq_get_affinity callback to bus_type (bsc#1236896).
- drivers: core: fix device leak in __fw_devlink_relax_cycles() (git-fixes).
- drivers: virt: acrn: hsm: Use kzalloc to avoid info leak in pmcmd_ioctl (git-fixes).
- drm/amd/display: Assign normalized_pix_clk when color depth = 14 (stable-fixes).
- drm/amd/display: Disable PSR-SU on eDP panels (stable-fixes).
- drm/amd/display: Disable unneeded hpd interrupts during dm_init (stable-fixes).
- drm/amd/display: Fix HPD after gpu reset (stable-fixes).
- drm/amd/display: Fix Mode Cutoff in DSC Passthrough to DP2.1 Monitor (stable-fixes).
- drm/amd/display: Fix null check for pipe_ctx->plane_state in resource_build_scaling_params (git-fixes).
- drm/amd/display: Fix slab-use-after-free on hdcp_work (git-fixes).
- drm/amd/display: Restore correct backlight brightness after a GPU reset (stable-fixes).
- drm/amd/display: Use HW lock mgr for PSR1 when only one eDP (git-fixes).
- drm/amd/display: avoid NPD when ASIC does not support DMUB (git-fixes).
- drm/amd/display: fix type mismatch in CalculateDynamicMetadataParameters() (git-fixes).
- drm/amd/pm/smu11: Prevent division by zero (git-fixes).
- drm/amd/pm: Mark MM activity as unsupported (stable-fixes).
- drm/amd/pm: Prevent division by zero (git-fixes).
- drm/amd: Keep display off while going into S4 (stable-fixes).
- drm/amdgpu/dma_buf: fix page_link check (git-fixes).
- drm/amdgpu/gfx11: fix num_mec (git-fixes).
- drm/amdgpu/umsch: declare umsch firmware (git-fixes).
- drm/amdgpu: Check extended configuration space register when system uses large bar (stable-fixes).
- drm/amdgpu: Fix JPEG video caps max size for navi1x and raven (stable-fixes).
- drm/amdgpu: Fix MPEG2, MPEG4 and VC1 video caps max size (stable-fixes).
- drm/amdgpu: Replace Mutex with Spinlock for RLCG register access to
avoid Priority Inversion in SRIOV (git-fixes).
- drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table() (stable-fixes).
- drm/amdgpu: bail out when failed to load fw in psp_init_cap_microcode() (git-fixes).
- drm/amdgpu: disable BAR resize on Dell G5 SE (git-fixes).
- drm/amdgpu: fix UVD contiguous CS mapping problem (bsc#1236759).
- drm/amdkfd: Fix Circular Locking Dependency in 'svm_range_cpu_invalidate_pagetables' (git-fixes).
- drm/amdkfd: only flush the validate MES contex (stable-fixes).
- drm/atomic: Filter out redundant DPMS calls (stable-fixes).
- drm/bridge: Fix spelling mistake "gettin" -> "getting" (git-fixes).
- drm/bridge: it6505: Change definition MAX_HDCP_DOWN_STREAM_COUNT (stable-fixes).
- drm/bridge: it6505: fix HDCP Bstatus check (stable-fixes).
- drm/bridge: it6505: fix HDCP CTS KSV list wait timer (stable-fixes).
- drm/bridge: it6505: fix HDCP CTS compare V matching (stable-fixes).
- drm/bridge: it6505: fix HDCP V match check is not performed correctly (git-fixes).
- drm/bridge: it6505: fix HDCP encryption when R0 ready (stable-fixes).
- drm/bridge: ti-sn65dsi86: Fix multiple instances (git-fixes).
- drm/dp_mst: Add a helper to queue a topology probe (stable-fixes).
- drm/dp_mst: Factor out function to queue a topology probe work (stable-fixes).
- drm/dp_mst: Fix drm RAD print (git-fixes).
- drm/dp_mst: Fix locking when skipping CSN before topology probing (git-fixes).
- drm/gma500: Add NULL check for pci_gfx_root in mid_get_vbt_data() (git-fixes).
- drm/hyperv: Fix address space leak when Hyper-V DRM device is removed (git-fixes).
- drm/i915/cdclk: Do cdclk post plane programming later (stable-fixes).
- drm/i915/ddi: Fix HDMI port width programming in DDI_BUF_CTL (git-fixes).
- drm/i915/dp: Fix error handling during 128b/132b link training (stable-fixes).
- drm/i915/dp: Iterate DSC BPP from high to low on all platforms (git-fixes).
- drm/i915/dsi: Use TRANS_DDI_FUNC_CTL's own port width macro (git-fixes).
- drm/i915/guc: Debug print LRC state entries only if the context is pinned (git-fixes).
- drm/i915/huc: Fix fence not released on early probe errors (git-fixes).
- drm/i915/pmu: Fix zero delta busyness issue (git-fixes).
- drm/i915/selftests: avoid using uninitialized context (git-fixes).
- drm/i915/xe2lpd: Move D2D enable/disable (stable-fixes).
- drm/i915: Drop 64bpp YUV formats from ICL+ SDR planes (stable-fixes).
- drm/i915: Fix page cleanup on DMA remap failure (git-fixes).
- drm/i915: Make sure all planes in use by the joiner have their crtc included (stable-fixes).
- drm/komeda: Add check for komeda_get_layer_fourcc_list() (git-fixes).
- drm/mediatek: dp: drm_err => dev_err in HPD path to avoid NULL ptr (git-fixes).
- drm/mediatek: dsi: fix error codes in mtk_dsi_host_transfer() (git-fixes).
- drm/mediatek: mtk_hdmi: Fix typo for aud_sampe_size member (git-fixes).
- drm/mediatek: mtk_hdmi: Unregister audio platform device on failure (git-fixes).
- drm/mgag200: Added support for the new device G200eH5 (jsc#PED-12094)
- drm/modeset: Handle tiled displays in pan_display_atomic (stable-fixes).
- drm/msm/a6xx: Fix a6xx indexed-regs in devcoreduump (git-fixes).
- drm/msm/a6xx: Fix stale rpmh votes from GPU (git-fixes).
- drm/msm/dpu: Disable dither in phys encoder cleanup (git-fixes).
- drm/msm/dpu: Do not leak bits_per_component into random DSC_ENC fields (git-fixes).
- drm/msm/dpu: do not use active in atomic_check() (git-fixes).
- drm/msm/dsi: Set PHY usescase (and mode) before registering DSI host (git-fixes).
- drm/msm/dsi: Use existing per-interface slice count in DSC timing (git-fixes).
- drm/msm/gem: Demote userspace errors to DRM_UT_DRIVER (stable-fixes).
- drm/msm/gem: prevent integer overflow in msm_ioctl_gem_submit() (git-fixes).
- drm/msm: Avoid rounding up to one jiffy (git-fixes).
- drm/nouveau/pmu: Fix gp10b firmware guard (git-fixes).
- drm/nouveau: Do not override forced connector status (stable-fixes).
- drm/nouveau: prime: fix ttm_bo_delayed_delete oops (git-fixes).
- drm/panel: ilitek-ili9882t: fix GPIO name in error message (git-fixes).
- drm/radeon/ci_dpm: Remove needless NULL checks of dpm tables (git-fixes).
- drm/radeon: Fix rs400_gpu_init for ATI mobility radeon Xpress 200M (stable-fixes).
- drm/radeon: fix uninitialized size issue in radeon_vce_cs_parse() (git-fixes).
- drm/repaper: fix integer overflows in repeat functions (git-fixes).
- drm/rockchip: move output interface related definition to rockchip_drm_drv.h (stable-fixes).
- drm/rockchip: vop2: Fix the windows switch between different layers (git-fixes).
- drm/rockchip: vop2: Set YUV/RGB overlay mode (stable-fixes).
- drm/rockchip: vop2: include rockchip_drm_drv.h (git-fixes).
- drm/rockchip: vop2: set bg dly and prescan dly at vop2_post_config (stable-fixes).
- drm/sched: Fix fence reference count leak (git-fixes).
- drm/sched: Fix preprocessor guard (git-fixes).
- drm/ssd130x: Set SPI .id_table to prevent an SPI core warning (git-fixes).
- drm/ssd130x: ensure ssd132x pitch is correct (git-fixes).
- drm/ssd130x: fix ssd132x encoding (git-fixes).
- drm/sti: remove duplicate object names (git-fixes).
- drm/v3d: Do not run jobs that have errors flagged in its fence (git-fixes).
- drm/virtio: New fence for every plane update (stable-fixes).
- drm/vkms: Fix use after free and double free on init error (git-fixes).
- drm/vkms: Round fixp2int conversion in lerp_u16 (stable-fixes).
- drm: xlnx: zynqmp: Fix max dma segment size (git-fixes).
- dummycon: fix default rows/cols (git-fixes).
- eeprom: digsy_mtc: Make GPIO lookup table match the device (git-fixes).
- efi/libstub: Bump up EFI_MMAP_NR_SLACK_SLOTS to 32 (bsc#1239349).
- efi: Avoid cold plugged memory for placing the kernel (stable-fixes).
- efi: libstub: Use '-std=gnu11' to fix build with GCC 15 (stable-fixes).
- eth: gve: use appropriate helper to set xdp_features (git-fixes).
- exfat: convert to ctime accessor functions (git-fixes).
- exfat: do not zero the extended part (bsc#1237356).
- exfat: fix appending discontinuous clusters to empty file (bsc#1237356).
- exfat: fix file being changed by unaligned direct write (git-fixes).
- exfat: fix the infinite loop in exfat_find_last_cluster() (git-fixes).
- exfat: fix timing of synchronizing bitmap and inode (bsc#1237356).
- exfat: fix zero the unwritten part for dio read (git-fixes).
- fbdev: au1100fb: Move a variable assignment behind a null pointer check (git-fixes).
- fbdev: omap: use threaded IRQ for LCD DMA (stable-fixes).
- fbdev: pxafb: Fix possible use after free in pxafb_task() (stable-fixes).
- fbdev: sm501fb: Add some geometry checks (git-fixes).
- firmware: arm_ffa: Explicitly cast return value from FFA_VERSION before comparison (git-fixes).
- firmware: arm_scmi: use ioread64() instead of ioread64_hi_lo() (git-fixes).
- firmware: cs_dsp: Ensure cs_dsp_load[_coeff]() returns 0 on success (git-fixes).
- firmware: cs_dsp: Remove async regmap writes (git-fixes).
- firmware: imx-scu: fix OF node leak in .probe() (git-fixes).
- firmware: iscsi_ibft: fix ISCSI_IBFT Kconfig entry (git-fixes).
- flow_dissector: use RCU protection to fetch dev_net() (bsc#1239994).
- futex: Do not include process MM in futex key on no-MMU (git-fixes).
- gpio: aggregator: protect driver attr handlers against module unload (git-fixes).
- gpio: bcm-kona: Add missing newline to dev_err format string (git-fixes).
- gpio: bcm-kona: Fix GPIO lock/unlock for banks above bank 0 (git-fixes).
- gpio: bcm-kona: Make sure GPIO bits are unlocked when requesting IRQ (git-fixes).
- gpio: pca953x: Improve interrupt support (git-fixes).
- gpio: rcar: Fix missing of_node_put() call (git-fixes).
- gpio: rcar: Use raw_spinlock to protect register access (stable-fixes).
- gpio: stmpe: Check return value of stmpe_reg_read in stmpe_gpio_irq_sync_unlock (git-fixes).
- gpio: tegra186: fix resource handling in ACPI probe path (git-fixes).
- gpiolib: acpi: Add a quirk for Acer Nitro ANV14 (stable-fixes).
- gpu: drm_dp_cec: fix broken CEC adapter properties check (git-fixes).
- gpu: host1x: Do not assume that a NULL domain means no DMA IOMMU (git-fixes).
- gtp: Use for_each_netdev_rcu() in gtp_genl_dump_pdp() (git-fixes).
- gup: make the stack expansion warning a bit more targeted (bsc#1238214).
- hfs: Sanity check the root record (git-fixes).
- hwmon: (ad7314) Validate leading zero bits and return error (git-fixes).
- hwmon: (nct6775-core) Fix out of bounds access for NCT679{8,9} (stable-fixes).
- hwmon: (ntc_thermistor) Fix the ncpXXxh103 sensor table (git-fixes).
- hwmon: (pmbus) Initialise page count in pmbus_identify() (git-fixes).
- hwmon: fix a NULL vs IS_ERR_OR_NULL() check in xgene_hwmon_probe() (git-fixes).
- i2c: Force ELAN06FA touchpad I2C bus freq to 100KHz (stable-fixes).
- i2c: ali1535: Fix an error handling path in ali1535_probe() (git-fixes).
- i2c: ali15x3: Fix an error handling path in ali15x3_probe() (git-fixes).
- i2c: amd-mp2: drop free_irq() of devm_request_irq() allocated irq (git-fixes).
- i2c: ls2x: Fix frequency division register access (git-fixes).
- i2c: npcm: disable interrupt enable bit before devm_request_irq (git-fixes).
- i2c: omap: fix IRQ storms (git-fixes).
- i2c: sis630: Fix an error handling path in sis630_probe() (git-fixes).
- i3c: Add NULL pointer check in i3c_master_queue_ibi() (git-fixes).
- i3c: master: svc: Fix missing the IBI rules (git-fixes).
- i3c: master: svc: Use readsb helper for reading MDB (git-fixes).
- iavf: allow changing VLAN state without calling PF (git-fixes).
- ice: Remove and readd netdev during devlink reload (bsc#1230497 bsc#1239518).
- ice: Skip PTP HW writes during PTP reset procedure (git-fixes).
- ice: add ice_adapter for shared data across PFs on the same NIC (bsc#1237415).
- ice: avoid the PTP hardware semaphore in gettimex64 path (bsc#1237415).
- ice: check ICE_VSI_DOWN under rtnl_lock when preparing for reset (git-fixes).
- ice: fix incorrect PHY settings for 100 GB/s (git-fixes).
- ice: fix max values for dpll pin phase adjust (git-fixes).
- ice: fold ice_ptp_read_time into ice_ptp_gettimex64 (bsc#1237415).
- ice: gather page_count()'s of each frag right before XDP prog call (git-fixes).
- ice: pass VSI pointer into ice_vc_isvalid_q_id (bsc#1237848 bsc#1230497).
- ice: put Rx buffers after being done with current frame (git-fixes).
- ice: stop storing XDP verdict within ice_rx_buf (git-fixes).
- ice: use internal pf id instead of function number (git-fixes).
- idpf: add read memory barrier when checking descriptor done bit (git-fixes).
- idpf: call set_real_num_queues in idpf_open (bsc#1236661).
- idpf: convert workqueues to unbound (git-fixes).
- idpf: fix VF dynamic interrupt ctl register initialization (git-fixes).
- idpf: fix handling rsc packet with a single segment (git-fixes).
- igc: Fix HW RX timestamp when passed by ZC XDP (git-fixes).
- igc: Set buffer type for empty frames in igc_init_empty_frame (git-fixes).
- igc: return early when failing to read EECD register (git-fixes).
- iio: accel: mma8452: Ensure error return on failure to matching oversampling ratio (git-fixes).
- iio: accel: msa311: Fix failure to release runtime pm if direct mode claim fails (git-fixes).
- iio: adc: ad4130: Fix comparison of channel setups (git-fixes).
- iio: adc: ad7124: Fix comparison of channel configs (git-fixes).
- iio: adc: at91-sama5d2_adc: fix sama7g5 realbits value (git-fixes).
- iio: dac: ad3552r: clear reset status flag (git-fixes).
- iio: filter: admv8818: Force initialization of SDO (git-fixes).
- include/linux/mmzone.h: clean up watermark accessors (bsc#1239600).
- include: net: add static inline dst_dev_overhead() to dst.h (git-fixes).
- init: add initramfs_internal.h (bsc#1232848).
- initcall_blacklist: Does not allow kernel_lockdown be blacklisted (bsc#1237521).
- initramfs: allocate heap buffers together (bsc#1232848).
- initramfs: fix hardlink hash leak without TRAILER (bsc#1232848).
- intel_idle: Add ibrs_off module parameter to force-disable IBRS (git-fixes).
- intel_idle: Use __update_spec_ctrl() in intel_idle_ibrs() (git-fixes).
- intel_th: pci: Add Arrow Lake support (stable-fixes).
- intel_th: pci: Add Panther Lake-H support (stable-fixes).
- intel_th: pci: Add Panther Lake-P/U support (stable-fixes).
- ioam6: improve checks on user data (git-fixes).
- iommu/arm-smmu-v3: Clean up more on probe failure (stable-fixes).
- iommu/vt-d: Fix suspicious RCU usage (git-fixes).
- ipv4: add RCU protection to ip4_dst_hoplimit() (bsc#1239994).
- ipv4: use RCU protection in inet_select_addr() (bsc#1239994).
- ipv4: use RCU protection in ip_dst_mtu_maybe_forward() (bsc#1239994).
- ipv4: use RCU protection in ipv4_default_advmss() (bsc#1239994).
- ipv4: use RCU protection in rt_is_expired() (bsc#1239994).
- ipv6: Ensure natural alignment of const ipv6 loopback and router addresses (git-fixes).
- ipv6: Fix memleak of nhc_pcpu_rth_output in fib_check_nh_v6_gw() (git-fixes).
- ipv6: Set errno after ip_fib_metrics_init() in ip6_route_info_create() (git-fixes).
- ipv6: Use RCU in ip6_input() (bsc#1239994).
- ipv6: annotate data-races around cnf.disable_ipv6 (git-fixes).
- ipv6: avoid atomic fragment on GSO packets (git-fixes).
- ipv6: fib6_rules: flush route cache when rule is changed (git-fixes).
- ipv6: fib: hide unused 'pn' variable (git-fixes).
- ipv6: fix ndisc_is_useropt() handling for PIO (git-fixes).
- ipv6: fix potential NULL deref in fib6_add() (git-fixes).
- ipv6: icmp: convert to dev_net_rcu() (bsc#1239994).
- ipv6: introduce dst_rt6_info() helper (git-fixes).
- ipv6: ioam: block BH from ioam6_output() (git-fixes).
- ipv6: properly combine dev_base_seq and ipv6.dev_addr_genid (git-fixes).
- ipv6: remove hard coded limitation on ipv6_pinfo (git-fixes).
- ipv6: sr: add missing seg6_local_exit (git-fixes).
- ipv6: sr: block BH in seg6_output_core() and seg6_input_core() (git-fixes).
- ipv6: take care of scope when choosing the src addr (git-fixes).
- jfs: add check read-only before truncation in jfs_truncate_nolock() (git-fixes).
- jfs: add check read-only before txBeginAnon() call (git-fixes).
- jfs: add index corruption check to DT_GETPAGE() (git-fixes).
- jfs: fix slab-out-of-bounds read in ea_get() (git-fixes).
- jfs: reject on-disk inodes of an unsupported type (git-fixes).
- kABI fix for RDMA/core: Do not expose hw_counters outside (git-fixes)
- kABI fix for ipv6: remove hard coded limitation on ipv6_pinfo (git-fixes).
- kABI fix for net: ipv6: support reporting otherwise unknown prefix flags in RTM_NEWPREFIX (git-fixes).
- kABI fix for netlink: terminate outstanding dump on socket close (git-fixes).
- kABI fix for tcp: fix cookie_init_timestamp() overflows (git-fixes).
- kABI fix for tcp: replace tcp_time_stamp_raw() (git-fixes).
- kABI workaround for intel-ish-hid (git-fixes).
- kABI workaround for soc_mixer_control changes (git-fixes).
- kabi: fix bus type (bsc#1236896).
- kabi: fix group_cpus_evenly (bsc#1236897).
- kabi: hide adding RCU head into struct netdev_name_node (bsc#1233749).
- kasan: do not call find_vm_area() in a PREEMPT_RT kernel (git-fixes).
- kbuild: hdrcheck: fix cross build with clang (git-fixes).
- kbuild: userprogs: fix bitsize and target detection on clang (git-fixes).
- kernel-binary: Support livepatch_rt with merged RT branch
- kernel-source: Also replace bin/env
- kunit: qemu_configs: sparc: use Zilog console (git-fixes).
- l2tp: fix ICMP error handling for UDP-encap sockets (git-fixes).
- l2tp: fix incorrect parameter validation in the pppol2tp_getsockopt() function (git-fixes).
- l2tp: fix lockdep splat (git-fixes).
- leds: rgb: leds-qcom-lpg: Fix calculation of best period Hi-Res PWMs (git-fixes).
- leds: rgb: leds-qcom-lpg: Fix pwm resolution max for Hi-Res PWMs (git-fixes).
- lib/group_cpus: honor housekeeping config when grouping CPUs (bsc#1236897).
- lib/group_cpus: let group_cpu_evenly return number initialized masks (bsc#1236897).
- lib/iov_iter: fix import_iovec_ubuf iovec management (git-fixes).
- lib: 842: Improve error handling in sw842_compress() (git-fixes).
- lib: scatterlist: fix sg_split_phys to preserve original scatterlist offsets (git-fixes).
- lib: stackinit: hide never-taken branch from compiler (stable-fixes).
- libperf cpumap: Be tolerant of newline at the end of a cpumask (bsc#1234698 jsc#PED-12309).
- libperf cpumap: Ensure empty cpumap is NULL from alloc (bsc#1234698 jsc#PED-12309).
- libperf cpumap: Grow array of read CPUs in smaller increments (bsc#1234698 jsc#PED-12309).
- libperf cpumap: Hide/reduce scope of MAX_NR_CPUS (bsc#1234698 jsc#PED-12309).
- libperf cpumap: Remove use of perf_cpu_map__read() (bsc#1234698 jsc#PED-12309).
- libperf cpumap: Rename perf_cpu_map__default_new() to
perf_cpu_map__new_online_cpus() and prefer sysfs (bsc#1234698
jsc#PED-12309).
- libperf cpumap: Rename perf_cpu_map__dummy_new() to perf_cpu_map__new_any_cpu() (bsc#1234698 jsc#PED-12309).
- libperf cpumap: Rename perf_cpu_map__empty() to perf_cpu_map__has_any_cpu_or_is_empty() (bsc#1234698 jsc#PED-12309).
- lockdep: Do not disable interrupts on RT in disable_irq_nosync_lockdep.*() (git-fixes).
- lockdep: Fix upper limit for LOCKDEP_*_BITS configs (stable-fixes).
- lockdep: fix deadlock issue between lockdep and rcu (git-fixes).
- locking/lockdep: Avoid creating new name string literals in lockdep_set_subclass() (git-fixes).
- locking/rwsem: Add __always_inline annotation to __down_write_common() and inlined callers (git-fixes).
- loop: do not set QUEUE_FLAG_NOMERGES (git-fixes).
- md/md-bitmap: Add missing destroy_work_on_stack() (git-fixes).
- md/md-bitmap: add 'sync_size' into struct md_bitmap_stats (git-fixes).
- md/md-bitmap: replace md_bitmap_status() with a new helper md_bitmap_get_stats() (git-fixes).
- md/md-cluster: fix spares warnings for __le64 (git-fixes).
- md/raid0: do not free conf on raid0_run failure (git-fixes).
- md/raid1: do not free conf on raid0_run failure (git-fixes).
- md/raid5: Wait sync io to finish before changing group cnt (git-fixes).
- md: Do not flush sync_work in md_write_start() (git-fixes).
- md: convert comma to semicolon (git-fixes).
- mdacon: rework dependency list (git-fixes).
- media: cxd2841er: fix 64-bit division on gcc-9 (stable-fixes).
- media: dvb: mb86a16: check the return value of mb86a16_read() (git-fixes).
- media: firewire: firedtv-avc.c: replace BUG with proper, error return (git-fixes).
- media: i2c: adv748x: Fix test pattern selection mask (git-fixes).
- media: i2c: ccs: Set the device's runtime PM status correctly in remove (git-fixes).
- media: i2c: ov7251: Introduce 1 ms delay between regulators and en GPIO (git-fixes).
- media: i2c: ov7251: Set enable GPIO low in probe (git-fixes).
- media: ov08x40: Fix hblank out of range issue (git-fixes).
- media: platform: allgro-dvt: unregister v4l2_device on the error path (git-fixes).
- media: platform: stm32: Add check for clk_enable() (git-fixes).
- media: siano: Fix error handling in smsdvb_module_init() (git-fixes).
- media: streamzap: fix race between device disconnection and urb callback (git-fixes).
- media: streamzap: prevent processing IR data on URB failure (git-fixes).
- media: uvcvideo: Add Kurokesu C1 PRO camera (stable-fixes).
- media: uvcvideo: Add new quirk definition for the Sonix Technology Co. 292a camera (stable-fixes).
- media: uvcvideo: Implement dual stream quirk to fix loss of usb packets (stable-fixes).
- media: v4l2-dv-timings: prevent possible overflow in v4l2_detect_gtf() (git-fixes).
- media: venus: hfi: add a check to handle OOB in sfr region (git-fixes).
- media: venus: hfi: add check to handle incorrect queue size (git-fixes).
- media: venus: hfi_parser: add check to avoid out of bound access (git-fixes).
- media: venus: hfi_parser: refactor hfi packet parsing logic (git-fixes).
- media: verisilicon: HEVC: Initialize start_bit field (git-fixes).
- media: vidtv: Fix a null-ptr-deref in vidtv_mux_stop_thread (stable-fixes).
- media: vim2m: print device name after registering device (git-fixes).
- media: visl: Fix ERANGE error when setting enum controls (git-fixes).
- mei: me: add panther lake P DID (stable-fixes).
- memblock tests: fix warning: "__ALIGN_KERNEL" redefined (git-fixes).
- memory: mtk-smi: Add ostd setting for mt8192 (git-fixes).
- memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove (git-fixes).
- mfd: ene-kb3930: Fix a potential NULL pointer dereference (git-fixes).
- mfd: lpc_ich: Add another Gemini Lake ISA bridge PCI device-id (stable-fixes).
- mfd: sm501: Switch to BIT() to mitigate integer overflows (git-fixes).
- mfd: syscon: Add of_syscon_register_regmap() API (stable-fixes).
- mfd: syscon: Fix race in device_node_get_regmap() (git-fixes).
- mfd: syscon: Remove extern from function prototypes (stable-fixes).
- mfd: syscon: Use scoped variables with memory allocators to simplify error paths (stable-fixes).
- mm/compaction: fix UBSAN shift-out-of-bounds warning (git fixes (mm/compaction)).
- mm/page_alloc: fix memory accept before watermarks gets initialized (bsc#1239600).
- mm: accept to promo watermark (bsc#1239600).
- mm: create promo_wmark_pages and clean up open-coded sites (bsc#1239600).
- mm: fix endless reclaim on machines with unaccepted memory (bsc#1239600).
- mm: hugetlb: Add huge page size param to huge_ptep_get_and_clear() (git-fixes)
- mm: zswap: move allocations during CPU init outside the lock (git-fixes).
- mmc: atmel-mci: Add missing clk_disable_unprepare() (git-fixes).
- mmc: core: Respect quirk_max_rate for non-UHS SDIO card (stable-fixes).
- mmc: mtk-sd: Fix register settings for hs400(es) mode (git-fixes).
- mmc: omap: Fix memory leak in mmc_omap_new_slot (git-fixes).
- mmc: sdhci-brcmstb: add cqhci suspend/resume to PM ops (git-fixes).
- mmc: sdhci-msm: Correctly set the load for the regulator (stable-fixes).
- mmc: sdhci-omap: Disable MMC_CAP_AGGRESSIVE_PM for eMMC/SD (git-fixes).
- mmc: sdhci-pxav3: set NEED_RSP_BUSY capability (stable-fixes).
- mptcp: export local_address (git-fixes)
- mptcp: fix NL PM announced address accounting (git-fixes)
- mptcp: fix data races on local_id (git-fixes)
- mptcp: fix inconsistent state on fastopen race (bsc#1222672).
- mptcp: fix recvbuffer adjust on sleeping rcvmsg (git-fixes)
- mptcp: fully established after ADD_ADDR echo on MPJ (git-fixes)
- mptcp: pass addr to mptcp_pm_alloc_anno_list (git-fixes)
- mptcp: pm: check add_addr_accept_max before accepting new ADD_ADDR (git-fixes)
- mptcp: pm: deny endp with signal + subflow + port (git-fixes)
- mptcp: pm: do not ignore 'subflow' if 'signal' flag is also set (git-fixes)
- mptcp: pm: do not try to create sf if alloc failed (git-fixes)
- mptcp: pm: fullmesh: select the right ID later (git-fixes)
- mptcp: pm: inc RmAddr MIB counter once per RM_ADDR ID (git-fixes)
- mptcp: pm: only in-kernel cannot have entries with ID 0 (git-fixes)
- mptcp: pm: re-using ID of unused flushed subflows (git-fixes)
- mptcp: pm: re-using ID of unused removed ADD_ADDR (git-fixes)
- mptcp: pm: re-using ID of unused removed subflows (git-fixes)
- mptcp: pm: reduce indentation blocks (git-fixes)
- mptcp: pm: remove mptcp_pm_remove_subflow (git-fixes)
- mptcp: unify pm get_flags_and_ifindex_by_id (git-fixes)
- mptcp: unify pm get_local_id interfaces (git-fixes)
- mptcp: unify pm set_flags interfaces (git-fixes)
- mtd: Add check for devm_kcalloc() (git-fixes).
- mtd: Replace kcalloc() with devm_kcalloc() (git-fixes).
- mtd: inftlcore: Add error check for inftl_read_oob() (git-fixes).
- mtd: nand: Fix a kdoc comment (git-fixes).
- mtd: rawnand: Add status chack in r852_ready() (git-fixes).
- mtd: rawnand: brcmnand: fix PM resume warning (git-fixes).
- mtd: rawnand: cadence: fix error code in cadence_nand_init() (git-fixes).
- mtd: rawnand: cadence: fix incorrect device in dma_unmap_single (git-fixes).
- mtd: rawnand: cadence: fix unchecked dereference (git-fixes).
- mtd: rawnand: cadence: use dma_map_resource for sdma address (git-fixes).
- nbd: Fix signal handling (git-fixes).
- nbd: Improve the documentation of the locking assumptions (git-fixes).
- nbd: do not allow reconnect after disconnect (git-fixes).
- ndisc: ndisc_send_redirect() must use dev_get_by_index_rcu() (bsc#1239994).
- ndisc: use RCU protection in ndisc_alloc_skb() (bsc#1239994).
- net l2tp: drop flow hash on forward (git-fixes).
- net/mlx5: Correct TASR typo into TSAR (git-fixes).
- net/mlx5: Fix RDMA TX steering prio (git-fixes).
- net/mlx5: Fix msix vectors to respect platform limit (bsc#1225981).
- net/mlx5: SF, Fix add port error handling (git-fixes).
- net/mlx5: Verify support for scheduling element and TSAR type (git-fixes).
- net/mlx5e: Always start IPsec sequence number from 1 (git-fixes).
- net/mlx5e: Rely on reqid in IPsec tunnel mode (git-fixes).
- net/mlx5e: macsec: Maintain TX SA from encoding_sa (git-fixes).
- net/sched: act_api: deny mismatched skip_sw/skip_hw flags for actions created by classifiers (git-fixes).
- net/sched: act_api: rely on rcu in tcf_idr_check_alloc (git-fixes).
- net/sched: adjust device watchdog timer to detect stopped queue at right time (git-fixes).
- net/sched: cbs: Fix integer overflow in cbs_set_port_rate() (git-fixes).
- net/sched: cls_u32: replace int refcounts with proper refcounts (git-fixes).
- net/sched: flower: Add lock protection when remove filter handle (git-fixes).
- net/sched: taprio: make q->picos_per_byte available to fill_sched_entry() (git-fixes).
- net/sched: tbf: correct backlog statistic for GSO packets (git-fixes).
- net/smc: support ipv4 mapped ipv6 addr client for smc-r v2 (bsc#1236994).
- net: Fix undefined behavior in netdev name allocation (bsc#1233749).
- net: add dev_net_rcu() helper (bsc#1239994).
- net: avoid UAF on deleted altname (bsc#1233749).
- net: check for altname conflicts when changing netdev's netns (bsc#1233749).
- net: constify sk_dst_get() and __sk_dst_get() argument (git-fixes).
- net: core: Use the bitmap API to allocate bitmaps (bsc#1233749).
- net: do not send a MOVE event when netdev changes netns (bsc#1233749).
- net: do not use input buffer of __dev_alloc_name() as a scratch space (bsc#1233749).
- net: fix ifname in netlink ntf during netns move (bsc#1233749).
- net: fix removing a namespace with conflicting altnames (bsc#1233749).
- net: free altname using an RCU callback (bsc#1233749).
- net: ipv6: fix dst ref loop in ila lwtunnel (git-fixes).
- net: ipv6: fix dst ref loop on input in rpl lwt (git-fixes).
- net: ipv6: fix dst ref loop on input in seg6 lwt (git-fixes).
- net: ipv6: fix dst refleaks in rpl, seg6 and ioam6 lwtunnels (git-fixes).
- net: ipv6: fix missing dst ref drop in ila lwtunnel (git-fixes).
- net: ipv6: fix wrong start position when receive hop-by-hop fragment (git-fixes).
- net: ipv6: ioam6: code alignment (git-fixes).
- net: ipv6: ioam6: new feature tunsrc (git-fixes).
- net: ipv6: ioam6_iptunnel: mitigate 2-realloc issue (git-fixes).
- net: ipv6: rpl_iptunnel: Fix memory leak in rpl_input (git-fixes).
- net: ipv6: rpl_iptunnel: block BH in rpl_output() and rpl_input() (git-fixes).
- net: ipv6: rpl_iptunnel: mitigate 2-realloc issue (git-fixes).
- net: ipv6: seg6_iptunnel: mitigate 2-realloc issue (git-fixes).
- net: ipv6: select DST_CACHE from IPV6_RPL_LWTUNNEL (git-fixes).
- net: ipv6: support reporting otherwise unknown prefix flags in RTM_NEWPREFIX (git-fixes).
- net: make dev_alloc_name() call dev_prep_valid_name() (bsc#1233749).
- net: mana: Add flex array to struct mana_cfg_rx_steer_req_v2 (bsc#1239016).
- net: mana: Add get_link and get_link_ksettings in ethtool (bsc#1236761).
- net: mana: Allow variable size indirection table (bsc#1239016).
- net: mana: Assigning IRQ affinity on HT cores (bsc#1239015).
- net: mana: Avoid open coded arithmetic (bsc#1239016).
- net: mana: Cleanup "mana" debugfs dir after cleanup of all children (bsc#1236760).
- net: mana: Enable debugfs files for MANA device (bsc#1236758).
- net: mana: Fix irq_contexts memory leak in mana_gd_setup_irqs (bsc#1239015).
- net: mana: Fix memory leak in mana_gd_setup_irqs (bsc#1239015).
- net: mana: Support holes in device list reply msg (git-fixes).
- net: mana: add a function to spread IRQs per CPUs (bsc#1239015).
- net: mana: cleanup mana struct after debugfs_remove() (git-fixes).
- net: move altnames together with the netdevice (bsc#1233749).
- net: netvsc: Update default VMBus channels (bsc#1236757).
- net: reduce indentation of __dev_alloc_name() (bsc#1233749).
- net: remove dev_valid_name() check from __dev_alloc_name() (bsc#1233749).
- net: remove else after return in dev_prep_valid_name() (bsc#1233749).
- net: rose: lock the socket in rose_bind() (git-fixes).
- net: sfc: Correct key_len for efx_tc_ct_zone_ht_params (git-fixes).
- net: smc: fix spurious error message from __sock_release() (bsc#1237126).
- net: trust the bitmap in __dev_alloc_name() (bsc#1233749).
- net: usb: qmi_wwan: add Telit Cinterion FE990B composition (stable-fixes).
- net: usb: qmi_wwan: add Telit Cinterion FN990B composition (stable-fixes).
- net: usb: usbnet: restore usb%d name exception for local mac addresses (bsc#1234480).
- net: use unrcu_pointer() helper (git-fixes).
- net: wwan: iosm: Fix hibernation by re-binding the driver around it (stable-fixes).
- net: wwan: mhi_wwan_mbim: Silence sequence number glitch errors (stable-fixes).
- net_sched: Prevent creation of classes with TC_H_ROOT (git-fixes).
- net_sched: sch_sfq: annotate data-races around q->perturb_period (git-fixes).
- net_sched: sch_sfq: handle bigger packets (git-fixes).
- nfs: clear SB_RDONLY before getting superblock (bsc#1238565).
- nfs: ignore SB_RDONLY when remounting nfs (bsc#1238565).
- nfsd: clear acl_access/acl_default after releasing them (git-fixes).
- nfsd: put dl_stid if fail to queue dl_recall (git-fixes).
- nouveau/svm: fix missing folio unlock + put after make_device_exclusive_range() (git-fixes).
- ntb: Force physically contiguous allocation of rx ring buffers (git-fixes).
- ntb: intel: Fix using link status DB's (git-fixes).
- ntb: use 64-bit arithmetic for the MSI doorbell mask (git-fixes).
- ntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans (git-fixes).
- ntb_perf: Delete duplicate dmaengine_unmap_put() call in perf_copy_chunk() (git-fixes).
- ntb_perf: Fix printk format (git-fixes).
- null_blk: Do not allow runt zone with zone capacity smaller then zone size (git-fixes).
- null_blk: Fix missing mutex_destroy() at module removal (git-fixes).
- null_blk: Fix the WARNING: modpost: missing MODULE_DESCRIPTION() (git-fixes).
- null_blk: Print correct max open zones limit in null_init_zoned_dev() (git-fixes).
- null_blk: Remove usage of the deprecated ida_simple_xx() API (git-fixes).
- null_blk: do not cap max_hw_sectors to BLK_DEF_MAX_SECTORS (git-fixes).
- null_blk: fix validation of block size (git-fixes).
- nvme-fc: do not ignore connectivity loss during connecting (git-fixes bsc#1222649).
- nvme-fc: go straight to connecting state when initializing (git-fixes bsc#1222649).
- nvme-fc: rely on state transitions to handle connectivity loss (git-fixes bsc#1222649).
- nvme-fc: use ctrl state getter (git-fixes).
- nvme-ioctl: fix leaked requests on mapping error (git-fixes).
- nvme-pci: Add TUXEDO IBP Gen9 to Samsung sleep quirk (git-fixes).
- nvme-pci: Add TUXEDO InfinityFlex to Samsung sleep quirk (git-fixes).
- nvme-pci: quirk Acer FA100 for non-uniqueue identifiers (git-fixes).
- nvme-pci: remove stale comment (git-fixes).
- nvme-pci: use block layer helpers to calculate num of queues (bsc#1236897).
- nvme-tcp: Fix a C2HTermReq error message (git-fixes).
- nvme-tcp: add basic support for the C2HTermReq PDU (git-fixes).
- nvme-tcp: fix connect failure on receiving partial ICResp PDU (git-fixes).
- nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu() (git-fixes).
- nvme-tcp: fix signedness bug in nvme_tcp_init_connection() (git-fixes).
- nvme/ioctl: add missing space in err message (git-fixes).
- nvme: handle connectivity loss in nvme_set_queue_count (git-fixes).
- nvme: introduce nvme_disk_is_ns_head helper (git-fixes).
- nvme: make nvme_tls_attrs_group static (git-fixes).
- nvme: move error logging from nvme_end_req() to __nvme_end_req() (git-fixes).
- nvme: move passthrough logging attribute to head (git-fixes).
- nvme: only allow entering LIVE from CONNECTING state (git-fixes bsc#1222649).
- nvme: replace blk_mq_pci_map_queues with blk_mq_map_hw_queues (bsc#1236896).
- nvme: tcp: Fix compilation warning with W=1 (git-fixes).
- nvmet-fc: Remove unused functions (git-fixes).
- nvmet-rdma: recheck queue state is LIVE in state lock in recv done (git-fixes).
- nvmet-tcp: Fix a possible sporadic response drops in weakly ordered arch (git-fixes).
- nvmet: Fix crash when a namespace is disabled (git-fixes).
- nvmet: remove old function prototype (git-fixes).
- objtool, media: dib8000: Prevent divide-by-zero in dib8000_set_dds() (git-fixes).
- objtool, spi: amd: Fix out-of-bounds stack access in amd_set_spi_freq() (git-fixes).
- objtool: Fix segfault in ignore_unreachable_insn() (git-fixes).
- ocfs2: check dir i_size in ocfs2_find_entry (git-fixes).
- ocfs2: fix deadlock in ocfs2_get_system_file_inode (git-fixes).
- ocfs2: fix incorrect CPU endianness conversion causing mount failure (bsc#1236138).
- ocfs2: handle a symlink read error correctly (git-fixes).
- ocfs2: mark dquot as inactive if failed to start trans while releasing dquot (git-fixes).
- ocfs2: update seq_file index in ocfs2_dlm_seq_next (git-fixes).
- orangefs: fix a oob in orangefs_debug_write (git-fixes).
- padata: Clean up in padata_do_multithreaded() (bsc#1237563).
- padata: Honor the caller's alignment in case of chunk_size 0 (bsc#1237563).
- padata: fix sysfs store callback check (git-fixes).
- partitions: ldm: remove the initial kernel-doc notation (git-fixes).
- partitions: mac: fix handling of bogus partition table (git-fixes).
- perf cpumap: Reduce transitive dependencies on libperf MAX_NR_CPUS (bsc#1234698 jsc#PED-12309).
- perf pmu: Remove use of perf_cpu_map__read() (bsc#1234698 jsc#PED-12309).
- perf tools: annotate asm_pure_loop.S (bsc#1239906).
- perf: Increase MAX_NR_CPUS to 4096 (bsc#1234698 jsc#PED-12309).
- phy: exynos5-usbdrd: fix MPLL_MULTIPLIER and SSC_REFCLKSEL masks in refclk (git-fixes).
- phy: rockchip: naneng-combphy: compatible reset with old DT (git-fixes).
- phy: tegra: xusb: reset VBUS & ID OVERRIDE (git-fixes).
- pinctrl: bcm281xx: Fix incorrect regmap max_registers value (git-fixes).
- pinctrl: cy8c95x0: Respect IRQ trigger settings from firmware (git-fixes).
- pinctrl: intel: Fix wrong bypass assignment in intel_pinctrl_probe_pwm() (git-fixes).
- pinctrl: qcom: Clear latched interrupt status when changing IRQ type (git-fixes).
- pinctrl: renesas: rza2: Fix missing of_node_put() call (git-fixes).
- pinctrl: renesas: rzv2m: Fix missing of_node_put() call (git-fixes).
- pinctrl: tegra: Set SFIO mode to Mux Register (git-fixes).
- platform/x86/intel-uncore-freq: Ignore minor version change (bsc#1237452).
- platform/x86/intel-uncore-freq: Increase minor number support (bsc#1237452).
- platform/x86/intel/tpmi: Add defines to get version information (bsc#1237452).
- platform/x86/intel/vsec: Add Diamond Rapids support (stable-fixes).
- platform/x86/intel: pmc: fix ltr decode in pmc_core_ltr_show() (stable-fixes).
- platform/x86: ISST: Correct command storage data length (git-fixes).
- platform/x86: ISST: Ignore minor version change (bsc#1237452).
- platform/x86: acer-wmi: Ignore AC events (stable-fixes).
- platform/x86: dell-ddv: Fix temperature calculation (git-fixes).
- platform/x86: int3472: Check for adev == NULL (stable-fixes).
- platform/x86: intel-hid: fix volume buttons on Microsoft Surface Go 4 tablet (stable-fixes).
- platform/x86: thinkpad_acpi: Add battery quirk for ThinkPad X131e (stable-fixes).
- platform/x86: thinkpad_acpi: Fix invalid fan speed on ThinkPad X120e (stable-fixes).
- platform/x86: thinkpad_acpi: Support for V9 DYTC platform profiles (stable-fixes).
- pnfs/flexfiles: retry getting layout segment for reads (git-fixes).
- power: supply: da9150-fg: fix potential overflow (git-fixes).
- power: supply: max77693: Fix wrong conversion of charge input threshold value (git-fixes).
- powercap: dtpm_devfreq: Fix error check against dev_pm_qos_add_request() (git-fixes).
- powercap: intel_rapl_tpmi: Fix System Domain probing (git-fixes).
- powercap: intel_rapl_tpmi: Fix bogus register reading (git-fixes).
- powercap: intel_rapl_tpmi: Ignore minor version change (git-fixes).
- powerpc/64s/mm: Move __real_pte stubs into hash-4k.h (bsc#1215199).
- powerpc/64s: Rewrite __real_pte() and __rpte_to_hidx() as static inline (bsc#1215199).
- powerpc/code-patching: Disable KASAN report during patching via temporary mm (bsc#1215199).
- powerpc/code-patching: Fix KASAN hit by not flagging text patching area as VM_ALLOC (bsc#1215199).
- powerpc/pseries/eeh: Fix pseries_eeh_err_inject (bsc#1239573).
- powerpc/pseries/eeh: move pseries_eeh_err_inject() outside CONFIG_DEBUG_FS block (bsc#1239573).
- powerpc/pseries/iommu: Split Dynamic DMA Window to be used in Hybrid
mode (ltc#210895 bsc#1235933 ltc#210896 bsc#1235932).
- powerpc/pseries/iommu: memory notifier incorrectly adds TCEs for pmemory (bsc#1239167 ltc#211055).
- powerpc/trace: Add support for HAVE_FUNCTION_ARG_ACCESS_API (bsc#1236967 ltc#210988).
- powerpc: Stop using no_llseek (bsc#1239573).
- printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX (bsc#1237950).
- r8169: enable SG/TSO on selected chip versions per default (bsc#1235874).
- rapidio: add check for rio_add_net() in rio_scan_alloc_net() (git-fixes).
- rapidio: fix an API misues when rio_add_net() fails (git-fixes).
- rbd: do not assume RBD_LOCK_STATE_LOCKED for exclusive mappings (git-fixes).
- rbd: do not assume rbd_is_lock_owner() for exclusive mappings (git-fixes).
- rbd: do not move requests to the running list on errors (git-fixes).
- rbd: rename RBD_LOCK_STATE_RELEASING and releasing_wait (git-fixes).
- regmap-irq: Add missing kfree() (git-fixes).
- regulator: check that dummy regulator has been probed before using it (stable-fixes).
- regulator: core: Fix deadlock in create_regulator() (git-fixes).
- regulator: dummy: force synchronous probing (git-fixes).
- rndis_host: Flag RNDIS modems as WWAN devices (git-fixes).
- rpm/kernel-docs.spec.in: Workaround for reproducible builds (bsc#1238303)
- rpm/release-projects: Update the ALP projects again (bsc#1231293).
- rpm/split-modules: Fix optional splitting with usrmerge (bsc#1238570)
- rtnetlink: Allocate vfinfo size for VF GUIDs when supported (bsc#1224013).
- s390/cio: Fix CHPID "configure" attribute caching (git-fixes bsc#1240979).
- s390/cio: rename bitmap_size() -> idset_bitmap_size() (git-fixes bsc#1236205).
- s390/futex: Fix FUTEX_OP_ANDN implementation (git-fixes bsc#1237158).
- s390/iucv: fix receive buffer virtual vs physical address confusion (git-fixes bsc#1236200).
- s390/pci: Fix SR-IOV for PFs initially in standby (git-fixes bsc#1236752).
- s390/pci: Fix handling of isolated VFs (git-fixes bsc#1238368).
- s390/pci: Fix leak of struct zpci_dev when zpci_add_device() fails (bsc#1236752).
- s390/pci: Fix zpci_bus_is_isolated_vf() for non-VFs (git-fixes bsc#1240978).
- s390/pci: Ignore RID for isolated VFs (bsc#1236752).
- s390/pci: Pull search for parent PF out of zpci_iov_setup_virtfn() (git-fixes bsc#1238368).
- s390/pci: Sort PCI functions prior to creating virtual busses (bsc#1236752).
- s390/pci: Use topology ID for multi-function devices (bsc#1236752).
- s390/smp,mcck: fix early IPI handling (git-fixes bsc#1236199).
- s390/stackleak: Use exrl instead of ex in __stackleak_poison() (git-fixes bsc#1239594).
- s390/topology: Improve topology detection (bsc#1236591).
- s390/traps: Fix test_monitor_call() inline assembly (git-fixes bsc#1239595).
- s390/vfio-ap: Remove gmap_convert_to_secure() from vfio_ap_ops (git-fixes bsc#1236203).
- sched/membarrier: Fix redundant load of membarrier_state (bsc#1232743).
- sched/topology: Add a new arch_scale_freq_ref() method (bsc#1238052)
- scripts/gdb: fix aarch64 userspace detection in get_current_task (stable-fixes).
- scsi: core: Clear driver private data when retrying request (git-fixes).
- scsi: core: Do not retry I/Os during depopulation (git-fixes).
- scsi: core: Handle depopulation and restoration in progress (git-fixes).
- scsi: hisi_sas: Allocate DFX memory during dump trigger (git-fixes).
- scsi: hisi_sas: Directly call register snapshot instead of using workqueue (git-fixes).
- scsi: hisi_sas: Enable all PHYs that are not disabled by user during controller reset (git-fixes).
- scsi: hisi_sas: Fix a deadlock issue related to automatic dump (git-fixes).
- scsi: hisi_sas: Remove redundant checks for automatic debugfs dump (git-fixes).
- scsi: iscsi: Fix redundant response for ISCSI_UEVENT_GET_HOST_STATS request (git-fixes).
- scsi: lpfc: Copyright updates for 14.4.0.8 patches (bsc#1238347).
- scsi: lpfc: Free phba irq in lpfc_sli4_enable_msi() when pci_irq_vector() fails (bsc#1238347).
- scsi: lpfc: Handle duplicate D_IDs in ndlp search-by D_ID routine (bsc#1238347).
- scsi: lpfc: Ignore ndlp rport mismatch in dev_loss_tmo callbk (bsc#1238347).
- scsi: lpfc: Reduce log message generation during ELS ring clean up (bsc#1238347).
- scsi: lpfc: Update lpfc version to 14.4.0.8 (bsc#1238347).
- scsi: megaraid_sas: Fix for a potential deadlock (git-fixes).
- scsi: mpi3mr: Fix possible crash when setting up bsg fails (git-fixes).
- scsi: mpi3mr: Start controller indexing from 0 (git-fixes).
- scsi: mpi3mr: Use ida to manage mrioc ID (git-fixes).
- scsi: mpt3sas: Diag-Reset when Doorbell-In-Use bit is set during driver load time (jsc#PED-11253).
- scsi: myrb: Remove dead code (git-fixes).
- scsi: qedi: Fix potential deadlock on &qedi_percpu->p_work_lock (git-fixes).
- scsi: qla1280: Fix hw revision numbering for ISP1020/1040 (git-fixes).
- scsi: replace blk_mq_pci_map_queues with blk_mq_map_hw_queues (bsc#1236896).
- scsi: scsi_debug: Fix hrtimer support for ndelay (git-fixes).
- scsi: sg: Enable runtime power management (git-fixes).
- scsi: st: Add MTIOCGET and MTLOAD to ioctls allowed after device reset (git-fixes).
- scsi: st: Do not modify unknown block number in MTIOCGET (git-fixes).
- scsi: storvsc: Set correct data length for sending SCSI command without payload (git-fixes).
- scsi: use block layer helpers to calculate num of queues (bsc#1236897).
- security, lsm: Introduce security_mptcp_add_subflow() (bsc#1240375).
- selftest: hugetlb_dio: fix test naming (git-fixes).
- selftest: mm: Test if hugepage does not get leaked during __bio_release_pages() (git-fixes).
- selftests/bpf: Add test for narrow ctx load for pointer args (git-fixes).
- selftests/bpf: Fix flaky selftest lwt_redirect/lwt_reroute (git-fixes).
- selftests/bpf: Fix flaky test btf_map_in_map/lookup_update (git-fixes).
- selftests/bpf: Prevent client connect before server bind in test_tc_tunnel.sh (git-fixes).
- selftests/bpf: add fp-leaking precise subprog result tests (git-fixes).
- selftests/futex: pass _GNU_SOURCE without a value to the compiler (git-fixes).
- selftests/mm/cow: fix the incorrect error handling (git-fixes).
- selftests/net/ipsec: Fix Null pointer dereference in rtattr_pack() (stable-fixes).
- selftests/x86/syscall: Fix coccinelle WARNING recommending the use of ARRAY_SIZE() (git-fixes).
- selftests: gpio: gpio-sim: Fix missing chip disablements (stable-fixes).
- selftests: hugetlb_dio: check for initial conditions to skip in the start (git-fixes).
- selftests: hugetlb_dio: fixup check for initial conditions to skip in the start (git-fixes).
- selftests: mptcp: close fd_in before returning in main_loop (git-fixes).
- selftests: mptcp: connect: -f: no reconnect (git-fixes).
- selftests: mptcp: fix incorrect fd checks in main_loop (git-fixes).
- selftests: rtnetlink: update netdevsim ipsec output format (stable-fixes).
- selinux: Implement mptcp_add_subflow hook (bsc#1240375).
- seq_file: add helper macro to define attribute for rw file (jsc#PED-12416).
- serial: 8250: Fix fifo underflow on flush (git-fixes).
- serial: 8250_dma: terminate correct DMA in tx_dma_flush() (git-fixes).
- serial: sc16is7xx: use device_property APIs when configuring irda mode (stable-fixes).
- slimbus: messaging: Free transaction ID in delayed interrupt scenario (git-fixes).
- smb3: fix creating FIFOs when mounting with "sfu" mount option (git-fixes).
- smb3: request handle caching when caching directories (bsc#1231432).
- smb3: retrying on failed server close (bsc#1231432).
- smb: cached directories can be more than root file handle (bsc#1231432).
- smb: cilent: set reparse mount points as automounts (git-fixes).
- smb: client: Fix a NULL vs IS_ERR() check in wsl_set_xattrs() (git-fixes).
- smb: client: Fix minor whitespace errors and warnings (git-fixes).
- smb: client: Fix netns refcount imbalance causing leaks and use-after-free (git-fixes).
- smb: client: add support for WSL reparse points (git-fixes).
- smb: client: allow creating special files via reparse points (git-fixes).
- smb: client: allow creating symlinks via reparse points (git-fixes).
- smb: client: cleanup smb2_query_reparse_point() (git-fixes).
- smb: client: destroy cfid_put_wq on module exit (git-fixes).
- smb: client: do not query reparse points twice on symlinks (git-fixes).
- smb: client: extend smb2_compound_op() to accept more commands (bsc#1231432).
- smb: client: fix OOB in SMB2_query_info_init() (bsc#1231432).
- smb: client: fix OOB in smb2_query_reparse_point() (git-fixes).
- smb: client: fix corruption in cifs_extend_writeback (bsc#1235609).
- smb: client: fix double put of @cfile in smb2_rename_path() (git-fixes).
- smb: client: fix double put of @cfile in smb2_set_path_size() (git-fixes).
- smb: client: fix hardlinking of reparse points (git-fixes).
- smb: client: fix missing mode bits for SMB symlinks (git-fixes).
- smb: client: fix open_cached_dir retries with 'hard' mount option (bsc#1240616).
- smb: client: fix possible double free in smb2_set_ea() (git-fixes).
- smb: client: fix potential broken compound request (git-fixes).
- smb: client: fix renaming of reparse points (git-fixes).
- smb: client: get rid of smb311_posix_query_path_info() (git-fixes).
- smb: client: handle STATUS_IO_REPARSE_TAG_NOT_HANDLED (git-fixes).
- smb: client: handle lack of FSCTL_GET_REPARSE_POINT support (git-fixes).
- smb: client: handle path separator of created SMB symlinks (git-fixes).
- smb: client: handle special files and symlinks in SMB3 POSIX (git-fixes).
- smb: client: ignore unhandled reparse tags (git-fixes).
- smb: client: implement ->query_reparse_point() for SMB1 (git-fixes).
- smb: client: instantiate when creating SFU files (git-fixes).
- smb: client: introduce ->parse_reparse_point() (git-fixes).
- smb: client: introduce SMB2_OP_QUERY_WSL_EA (git-fixes).
- smb: client: introduce cifs_sfu_make_node() (git-fixes).
- smb: client: introduce reparse mount option (git-fixes).
- smb: client: make smb2_compound_op() return resp buffer on success (bsc#1231432).
- smb: client: move most of reparse point handling code to common file (git-fixes).
- smb: client: move some params to cifs_open_info_data (bsc#1231432).
- smb: client: optimise reparse point querying (git-fixes).
- smb: client: parse owner/group when creating reparse points (git-fixes).
- smb: client: parse reparse point flag in create response (bsc#1231432).
- smb: client: parse uid, gid, mode and dev from WSL reparse points (git-fixes).
- smb: client: properly close cfids on umount (bsc#1231432, bsc#1232299, bsc#1235599, bsc#1234896).
- smb: client: reduce number of parameters in smb2_compound_op() (git-fixes).
- smb: client: reduce stack usage in smb2_query_info_compound() (bsc#1231432).
- smb: client: reduce stack usage in smb2_query_reparse_point() (git-fixes).
- smb: client: reduce stack usage in smb2_set_ea() (bsc#1231432).
- smb: client: retry compound request without reusing lease (git-fixes).
- smb: client: return reparse type in /proc/mounts (git-fixes).
- smb: client: reuse file lease key in compound operations (git-fixes).
- smb: client: set correct d_type for reparse DFS/DFSR and mount point (git-fixes).
- smb: client: set correct file type from NFS reparse points (git-fixes).
- smb: client: stop revalidating reparse points unnecessarily (git-fixes).
- smb: use kernel_connect() and kernel_bind() (git-fixes).
- soc/mediatek: mtk-devapc: Convert to platform remove callback returning void (stable-fixes).
- soc/tegra: fuse: Update Tegra234 nvmem keepout list (stable-fixes).
- soc: imx8m: Remove global soc_uid (stable-fixes).
- soc: imx8m: Unregister cpufreq and soc dev in cleanup path (git-fixes).
- soc: imx8m: Use devm_* to simplify probe failure handling (stable-fixes).
- soc: loongson: loongson2_guts: Add check for devm_kstrdup() (git-fixes).
- soc: mediatek: mt8167-mmsys: Fix missing regval in all entries (git-fixes).
- soc: mediatek: mt8365-mmsys: Fix routing table masks and values (git-fixes).
- soc: mediatek: mtk-devapc: Fix leaking IO map on driver remove (git-fixes).
- soc: qcom: pdr: Fix the potential deadlock (git-fixes).
- soc: qcom: smem: introduce qcom_smem_get_soc_id() (git-fixes).
- soc: qcom: socinfo: move SMEM item struct and defines to a header (git-fixes).
- soc: samsung: exynos-chipid: Add NULL pointer check in exynos_chipid_probe() (git-fixes).
- soundwire: slave: fix an OF node reference leak in soundwire slave device (git-fixes).
- spi: atmel-qspi: Memory barriers after memory-mapped I/O (git-fixes).
- spi: atmel-quadspi: Create `atmel_qspi_ops` to support newer SoC families (stable-fixes).
- spi: cadence-qspi: Fix probe on AM62A LP SK (git-fixes).
- spi: microchip-core: Clean up redundant dev_err_probe() (git-fixes).
- spi: microchip-core: Use helper function devm_clk_get_enabled() (git-fixes).
- spi: sn-f-ospi: Fix division by zero (git-fixes).
- splice: do not checksum AF_UNIX sockets (bsc#1240333).
- staging: rtl8723bs: select CONFIG_CRYPTO_LIB_AES (git-fixes).
- sunrpc: suppress warnings for unused procfs functions (git-fixes).
- supported.conf: add now-included qat_420xx (external, intel)
- tcp: Add memory barrier to tcp_push() (git-fixes).
- tcp: Adjust clamping window for applications specifying SO_RCVBUF (git-fixes).
- tcp: Annotate data-race around sk->sk_mark in tcp_v4_send_reset (git-fixes).
- tcp: Defer ts_recent changes until req is owned (git-fixes).
- tcp: Do not drop SYN+ACK for simultaneous connect() (git-fixes).
- tcp: Fix NEW_SYN_RECV handling in inet_twsk_purge() (git-fixes).
- tcp: Fix bind() regression for v6-only wildcard and v4(-mapped-v6) non-wildcard addresses (git-fixes).
- tcp: Update window clamping condition (git-fixes).
- tcp: add tcp_done_with_error() helper (git-fixes).
- tcp: adjust rcvq_space after updating scaling ratio (git-fixes).
- tcp: annotate data-races around tp->window_clamp (git-fixes).
- tcp: avoid premature drops in tcp_add_backlog() (git-fixes).
- tcp: avoid reusing FIN_WAIT2 when trying to find port in connect() process (git-fixes).
- tcp: check mptcp-level constraints for backlog coalescing (git-fixes).
- tcp: check space before adding MPTCP SYN options (git-fixes).
- tcp: clear tp->retrans_stamp in tcp_rcv_fastopen_synack() (git-fixes).
- tcp: count CLOSE-WAIT sockets for TCP_MIB_CURRESTAB (git-fixes).
- tcp: define initial scaling factor value as a macro (git-fixes).
- tcp: derive delack_max from rto_min (git-fixes).
- tcp: fix TFO SYN_RECV to not zero retrans_stamp with retransmits out (git-fixes).
- tcp: fix cookie_init_timestamp() overflows (git-fixes).
- tcp: fix forever orphan socket caused by tcp_abort (git-fixes).
- tcp: fix incorrect parameter validation in the do_tcp_getsockopt() function (git-fixes).
- tcp: fix incorrect undo caused by DSACK of TLP retransmit (git-fixes).
- tcp: fix mid stream window clamp (git-fixes).
- tcp: fix race in tcp_v6_syn_recv_sock() (git-fixes).
- tcp: fix race in tcp_write_err() (git-fixes).
- tcp: fix races in tcp_abort() (git-fixes).
- tcp: fix races in tcp_v_err() (git-fixes).
- tcp: fix tcp_enter_recovery() to zero retrans_stamp when it's safe (git-fixes).
- tcp: fix tcp_rcv_fastopen_synack() to enter TCP_CA_Loss for failed TFO (git-fixes).
- tcp: fix to allow timestamp undo if no retransmits were sent (git-fixes).
- tcp: increase the default TCP scaling ratio (git-fixes).
- tcp: introduce tcp_clock_ms() (git-fixes).
- tcp: process the 3rd ACK with sk_socket for TFO/MPTCP (git-fixes).
- tcp: reduce accepted window in NEW_SYN_RECV state (git-fixes).
- tcp: remove 64 KByte limit for initial tp->rcv_wnd value (git-fixes).
- tcp: replace tcp_time_stamp_raw() (git-fixes).
- tg3: Disable tg3 PCIe AER on system reboot (bsc#1219367).
- thermal/drivers/rockchip: Add missing rk3328 mapping entry (git-fixes).
- thermal: int340x: Add NULL check for adev (git-fixes).
- tomoyo: do not emit warning in tomoyo_write_control() (stable-fixes).
- tools/testing/selftests/bpf/test_tc_tunnel.sh: Fix wait for server bind (git-fixes).
- tools: fix annoying "mkdir -p ..." logs when building tools in parallel (git-fixes).
- tools: move alignment-related macros to new <linux/align.h> (git-fixes).
- topology: Set capacity_freq_ref in all cases (bsc#1238052)
- tpm, tpm_tis: Fix timeout handling when waiting for TPM status (git-fixes).
- tpm, tpm_tis: Workaround failed command reception on Infineon devices (bsc#1235870).
- tpm: do not start chip while suspended (git-fixes).
- tpm: send_data: Wait longer for the TPM to become ready (bsc#1235870).
- tpm: tis: Double the timeout B to 4s (bsc#1235870).
- tpm_tis: Move CRC check to generic send routine (bsc#1235870).
- tpm_tis: Use responseRetry to recover from data transfer errors (bsc#1235870).
- tty: serial: 8250: Add Brainboxes XC devices (stable-fixes).
- tty: serial: 8250: Add some more device IDs (stable-fixes).
- tty: serial: fsl_lpuart: disable transmitter before changing RS485 related registers (git-fixes).
- tty: serial: lpuart: only disable CTS instead of overwriting the whole UARTMODIR register (git-fixes).
- tty: xilinx_uartps: split sysrq handling (git-fixes).
- ubi: Add a check for ubi_num (git-fixes).
- ubi: block: Fix use-after-free in ubiblock_cleanup (git-fixes).
- ubi: block: fix null-pointer-dereference in ubiblock_create() (git-fixes).
- ubi: correct the calculation of fastmap size (stable-fixes).
- ubi: eba: properly rollback inside self_check_eba (git-fixes).
- ubi: fastmap: Fix missed ec updating after erasing old fastmap data block (git-fixes).
- ubi: fastmap: may_reserve_for_fm: Do not reserve PEB if fm_anchor exists (git-fixes).
- ubi: fastmap: wl: Schedule fm_work if wear-leveling pool is empty (git-fixes).
- ubi: wl: Put source PEB into correct list if trying locking LEB failed (git-fixes).
- ublk: fix error code for unsupported command (git-fixes).
- ublk: fix ublk_ch_mmap() for 64K page size (git-fixes).
- ublk: move ublk_cancel_dev() out of ub->mutex (git-fixes).
- ublk: move zone report data out of request pdu (git-fixes).
- ucsi_ccg: Do not show failed to get FW build information error (git-fixes).
- usb: atm: cxacru: fix a flaw in existing endpoint checks (git-fixes).
- usb: cdc-acm: Check control transfer buffer size before access (git-fixes).
- usb: cdc-acm: Fix handling of oversized fragments (git-fixes).
- usb: chipidea: ci_hdrc_imx: decrement device's refcount in .remove() and in the error path of .probe() (git-fixes).
- usb: core: fix pipe creation for get_bMaxPacketSize0 (git-fixes).
- usb: dwc2: gadget: remove of_node reference upon udc_stop (git-fixes).
- usb: dwc3: Fix timeout issue during controller enter/exit from halt state (git-fixes).
- usb: dwc3: Set SUSPENDENABLE soon after phy init (git-fixes).
- usb: dwc3: core: Defer the probe until USB power supply ready (git-fixes).
- usb: dwc3: gadget: Prevent irq storm when TH re-executes (git-fixes).
- usb: gadget: Check bmAttributes only if configuration is valid (git-fixes).
- usb: gadget: Fix setting self-powered state on suspend (git-fixes).
- usb: gadget: Set self-powered based on MaxPower and bmAttributes (git-fixes).
- usb: gadget: core: flush gadget workqueue after device removal (git-fixes).
- usb: gadget: f_midi: Fixing wMaxPacketSize exceeded issue during MIDI bind retries (git-fixes).
- usb: gadget: f_midi: fix MIDI Streaming descriptor lengths (git-fixes).
- usb: gadget: u_ether: Set is_suspend flag if remote wakeup fails (git-fixes).
- usb: gadget: udc: renesas_usb3: Fix compiler warning (git-fixes).
- usb: hub: lack of clearing xHC resources (git-fixes).
- usb: phy: generic: Use proper helper for property detection (stable-fixes).
- usb: quirks: Add DELAY_INIT and NO_LPM for Prolific Mass Storage Card Reader (stable-fixes).
- usb: quirks: Add NO_LPM quirk for TOSHIBA TransMemory-Mx device (git-fixes).
- usb: renesas_usbhs: Call clk_put() (git-fixes).
- usb: renesas_usbhs: Flush the notify_hotplug_work (git-fixes).
- usb: renesas_usbhs: Use devm_usb_get_phy() (git-fixes).
- usb: roles: set switch registered flag early on (git-fixes).
- usb: typec: tcpci_rt1711h: Unmask alert interrupts to fix functionality (git-fixes).
- usb: typec: ucsi: Fix NULL pointer access (git-fixes).
- usb: typec: ucsi: increase timeout for PPM reset operations (git-fixes).
- usb: xHCI: add XHCI_RESET_ON_RESUME quirk for Phytium xHCI host (git-fixes).
- usb: xhci: Enable the TRB overfetch quirk on VIA VL805 (git-fixes).
- usb: xhci: Fix NULL pointer dereference on certain command aborts (git-fixes).
- usb: xhci: correct debug message page size calculation (git-fixes).
- usb: xhci: remove 'retval' from xhci_pci_resume() (git-fixes).
- usbnet: gl620a: fix endpoint checking in genelink_bind() (git-fixes).
- usbnet: ipheth: document scope of NCM implementation (stable-fixes).
- usbnet:fix NPE during rx_complete (git-fixes).
- util_macros.h: fix/rework find_closest() macros (git-fixes).
- vboxsf: fix building with GCC 15 (stable-fixes).
- vfio/pci: Lock external INTx masking ops (bsc#1222803).
- vhost/net: Set num_buffers for virtio 1.0 (git-fixes).
- virtio-mem: check if the config changed before fake offlining memory (git-fixes).
- virtio-mem: convert most offline_and_remove_memory() errors to -EBUSY (git-fixes).
- virtio-mem: keep retrying on offline_and_remove_memory() errors in Sub Block Mode (SBM) (git-fixes).
- virtio-mem: remove unsafe unplug in Big Block Mode (BBM) (git-fixes).
- virtio: blk/scsi: replace blk_mq_virtio_map_queues with blk_mq_map_hw_queues (bsc#1236896).
- virtio: blk/scsi: use block layer helpers to calculate num of queues (bsc#1236897).
- virtio: hookup irq_get_affinity callback (bsc#1236896).
- virtio_blk: reverse request order in virtio_queue_rqs (git-fixes).
- vsock/virtio: cancel close work in the destructor (git-fixes)
- vsock: Keep the binding until socket destruction (git-fixes)
- vsock: reset socket state when de-assigning the transport (git-fixes)
- wifi: ath11k: Clear affinity hint before calling ath11k_pcic_free_irq() in error path (git-fixes).
- wifi: ath11k: add srng->lock for ath11k_hal_srng_* in monitor mode (git-fixes).
- wifi: ath11k: choose default PM policy for hibernation (bsc#1207948).
- wifi: ath11k: determine PM policy based on machine model (bsc#1207948).
- wifi: ath11k: fix RCU stall while reaping monitor destination ring (git-fixes).
- wifi: ath11k: fix memory leak in ath11k_xxx_remove() (git-fixes).
- wifi: ath11k: fix wrong overriding for VHT Beamformee STS Capability (git-fixes).
- wifi: ath11k: introduce ath11k_core_continue_suspend_resume() (bsc#1207948).
- wifi: ath11k: refactor ath11k_core_suspend/_resume() (bsc#1207948).
- wifi: ath11k: support non-WoWLAN mode suspend as well (bsc#1207948).
- wifi: ath12k: Clear affinity hint before calling ath12k_pci_free_irq() in error path (git-fixes).
- wifi: ath12k: encode max Tx power in scan channel list command (git-fixes).
- wifi: ath12k: fix handling of 6 GHz rules (git-fixes).
- wifi: ath9k: do not submit zero bytes to the entropy pool (git-fixes).
- wifi: brcmfmac: Check the return value of of_property_read_string_index() (stable-fixes).
- wifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize() (stable-fixes).
- wifi: brcmfmac: keep power during suspend if board requires it (stable-fixes).
- wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() (stable-fixes).
- wifi: cfg80211: cancel wiphy_work before freeing wiphy (git-fixes).
- wifi: cfg80211: init wiphy_work before allocating rfkill fails (git-fixes).
- wifi: cfg80211: regulatory: improve invalid hints checking (git-fixes).
- wifi: iwlwifi: avoid memory leak (stable-fixes).
- wifi: iwlwifi: fw: allocate chained SG tables for dump (stable-fixes).
- wifi: iwlwifi: limit printed string from FW file (git-fixes).
- wifi: iwlwifi: mvm: do not try to talk to a dead firmware (git-fixes).
- wifi: iwlwifi: mvm: fix PNVM timeout for non-MSI-X platforms (git-fixes).
- wifi: iwlwifi: mvm: use the right version of the rate API (stable-fixes).
- wifi: mac80211: fix integer overflow in hwmp_route_info_get() (git-fixes).
- wifi: mac80211: flush the station before moving it to UN-AUTHORIZED state (stable-fixes).
- wifi: mt76: Add check for devm_kstrdup() (git-fixes).
- wifi: mt76: connac: move mt7615_mcu_del_wtbl_all to connac (stable-fixes).
- wifi: mt76: mt7915: fix omac index assignment after hardware reset (git-fixes).
- wifi: mt76: mt7915: fix possible integer overflows in mt7915_muru_stats_show() (git-fixes).
- wifi: mt76: mt7915: improve hardware restart reliability (stable-fixes).
- wifi: mt76: mt7921u: Add VID/PID for TP-Link TXE50UH (stable-fixes).
- wifi: mt76: mt7925: ensure wow pattern command align fw format (git-fixes).
- wifi: mt76: mt7925: fix country count limitation for CLC (git-fixes).
- wifi: mt76: mt7925: remove unused acpi function for clc (git-fixes).
- wifi: mwifiex: Fix premature release of RF calibration data (git-fixes).
- wifi: nl80211: reject cooked mode if it is set along with other flags (git-fixes).
- wifi: rtl8xxxu: Perform update_beacon_work when beaconing is enabled (git-fixes).
- wifi: rtw88: sdio: Fix disconnection after beacon loss (stable-fixes).
- wifi: rtw89: add crystal_cap check to avoid setting as overflow value (stable-fixes).
- wifi: rtw89: fw: correct debug message format in rtw89_build_txpwr_trk_tbl_from_elm() (git-fixes).
- wifi: rtw89: pci: correct ISR RDU bit for 8922AE (git-fixes).
- x86/amd_nb: Fix compile-testing without CONFIG_AMD_NB (git-fixes).
- x86/apic: Provide apic_force_nmi_on_cpu() (git-fixes).
- x86/asm: Make serialize() always_inline (git-fixes).
- x86/boot/32: De-uglify the 2/3 level paging difference in mk_early_pgtbl_32() (git-fixes).
- x86/boot/32: Disable stackprotector and tracing for mk_early_pgtbl_32() (git-fixes).
- x86/boot/32: Restructure mk_early_pgtbl_32() (git-fixes).
- x86/boot/32: Temporarily map initrd for microcode loading (git-fixes).
- x86/boot: Use __pa_nodebug() in mk_early_pgtbl_32() (git-fixes).
- x86/bugs: Add SRSO_USER_KERNEL_NO support (git-fixes).
- x86/coco: Replace 'static const cc_mask' with the newly introduced cc_get_mask() function (git-fixes).
- x86/cpu/intel: Detect TME keyid bits before setting MTRR mask registers (git-fixes).
- x86/cpu/kvm: SRSO: Fix possible missing IBPB on VM-Exit (git-fixes).
- x86/cpu: Add Lunar Lake to list of CPUs with a broken MONITOR implementation (git-fixes).
- x86/cpu: Allow reducing x86_phys_bits during early_identify_cpu() (git-fixes).
- x86/entry: Add __init to ia32_emulation_override_cmdline() (git-fixes).
- x86/fpu: Fix guest FPU state buffer allocation size (git-fixes).
- x86/hyperv/vtl: Stop kernel from probing VTL0 low memory (git-fixes).
- x86/hyperv: Fix output argument to hypercall that changes page visibility (git-fixes).
- x86/idle: Disable IBRS when CPU is offline to improve single-threaded performance (git-fixes).
- x86/microcode/32: Move early loading after paging enable (git-fixes).
- x86/microcode/amd: Cache builtin microcode too (git-fixes).
- x86/microcode/amd: Cache builtin/initrd microcode early (git-fixes).
- x86/microcode/amd: Use cached microcode for AP load (git-fixes).
- x86/microcode/amd: Use correct per CPU ucode_cpu_info (git-fixes).
- x86/microcode/intel: Add a minimum required revision for late loading (git-fixes).
- x86/microcode/intel: Cleanup code further (git-fixes).
- x86/microcode/intel: Move microcode functions out of cpu/intel.c (git-fixes).
- x86/microcode/intel: Remove debug code (git-fixes).
- x86/microcode/intel: Remove pointless mutex (git-fixes).
- x86/microcode/intel: Rename get_datasize() since its used externally (git-fixes).
- x86/microcode/intel: Reuse intel_cpu_collect_info() git-fixes).
- x86/microcode/intel: Rework intel_cpu_collect_info() (git-fixes).
- x86/microcode/intel: Rework intel_find_matching_signature() (git-fixes).
- x86/microcode/intel: Rip out mixed stepping support for Intel CPUs (git-fixes).
- x86/microcode/intel: Save the microcode only after a successful late-load (git-fixes).
- x86/microcode/intel: Simplify and rename generic_load_microcode() (git-fixes).
- x86/microcode/intel: Simplify early loading (git-fixes).
- x86/microcode/intel: Simplify scan_microcode() (git-fixes).
- x86/microcode/intel: Switch to kvmalloc() (git-fixes).
- x86/microcode/intel: Unify microcode apply() functions (git-fixes).
- x86/microcode: Add per CPU control field (git-fixes).
- x86/microcode: Add per CPU result state (git-fixes).
- x86/microcode: Clarify the late load logic (git-fixes).
- x86/microcode: Clean up mc_cpu_down_prep() (git-fixes).
- x86/microcode: Get rid of the schedule work indirection (git-fixes).
- x86/microcode: Handle "nosmt" correctly (git-fixes).
- x86/microcode: Handle "offline" CPUs correctly (git-fixes).
- x86/microcode: Hide the config knob (git-fixes).
- x86/microcode: Include vendor headers into microcode.h (git-fixes).
- x86/microcode: Make reload_early_microcode() static (git-fixes).
- x86/microcode: Mop up early loading leftovers (git-fixes).
- x86/microcode: Move core specific defines to local header (git-fixes).
- x86/microcode: Prepare for minimal revision check (git-fixes).
- x86/microcode: Protect against instrumentation (git-fixes).
- x86/microcode: Provide CONFIG_MICROCODE_INITRD32 (git-fixes).
- x86/microcode: Provide new control functions (git-fixes).
- x86/microcode: Remove microcode_mutex (git-fixes).
- x86/microcode: Remove pointless apply() invocation (git-fixes).
- x86/microcode: Rendezvous and load in NMI (git-fixes).
- x86/microcode: Replace the all-in-one rendevous handler (git-fixes).
- x86/microcode: Sanitize __wait_for_cpus() (git-fixes).
- x86/mm: Carve out INVLPG inline asm for use by others (git-fixes).
- x86/mm: Remove unused microcode.h include (git-fixes).
- x86/platform/olpc: Remove unused variable 'len' in olpc_dt_compatible_match() (git-fixes).
- x86/speculation: Add __update_spec_ctrl() helper (git-fixes).
- x86/usercopy: Fix kernel-doc func param name in clean_cache_range()'s description (git-fixes).
- x86/xen: add FRAME_END to xen_hypercall_hvm() (git-fixes).
- x86/xen: allow larger contiguous memory regions in PV guests (git-fixes).
- x86/xen: fix xen_hypercall_hvm() to not clobber %rbx (git-fixes).
- xen/swiotlb: relax alignment requirements (git-fixes).
- xhci: Apply XHCI_RESET_TO_DEFAULT quirk to TGL (git-fixes).
- xhci: Cleanup Candence controller PCI device and vendor ID usage (git-fixes).
- xhci: Combine two if statements for Etron xHCI host (jsc#PED-10701).
- xhci: Do not issue Reset Device command to Etron xHCI host (jsc#PED-10701).
- xhci: Do not perform Soft Retry for Etron xHCI host (git-fixes).
- xhci: Fix null pointer dereference during S4 resume when resetting ep0 (bsc#1235550).
- xhci: Reconfigure endpoint 0 max packet size only during endpoint reset (bsc#1235550).
- xhci: dbc: Check for errors first in xhci_dbc_stop() (git-fixes).
- xhci: dbc: Convert to use sysfs_streq() (git-fixes).
- xhci: dbc: Drop duplicate checks for dma_free_coherent() (git-fixes).
- xhci: dbc: Fix STALL transfer event handling (git-fixes).
- xhci: dbc: Replace custom return value with proper Linux error code (git-fixes).
- xhci: dbc: Use ATTRIBUTE_GROUPS() (git-fixes).
- xhci: dbc: Use sysfs_emit() to instead of scnprintf() (git-fixes).
- xhci: dbgtty: remove kfifo_out() wrapper (git-fixes).
- xhci: fix possible null pointer deref during xhci urb enqueue (bsc#1235550).
- xhci: pci: Fix indentation in the PCI device ID definitions (stable-fixes).
- xhci: pci: Group out Thunderbolt xHCI IDs (git-fixes).
- xhci: pci: Use PCI_VENDOR_ID_RENESAS (git-fixes).
- xhci: pci: Use full names in PCI IDs for Intel platforms (git-fixes).
- xhci: pci: Use standard pattern for device IDs (git-fixes).
- zram: clear IDLE flag after recompression (git-fixes).
- zram: clear IDLE flag in mark_idle() (git-fixes).
- zram: do not mark idle slots that cannot be idle (git-fixes).
- zram: fix potential UAF of zram table (git-fixes).
- zram: fix uninitialized ZRAM not releasing backing device (git-fixes).
- zram: refuse to use zero sized block device as backing device (git-fixes).
- zram: split memory-tracking and ac-time tracking (git-fixes).
Patchnames
SUSE-SLE-Micro-6.0-kernel-14
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\n\nThe SUSE Linux Enterprise Micro 6.0 and 6.1 kernel was updated to receive various security bugfixes.\n\nThe following security bugs were fixed:\n\n- CVE-2023-52927: netfilter: allow exp not to be removed in nf_ct_find_expectation (bsc#1239644).\n- CVE-2024-26708: mptcp: fix inconsistent state on fastopen race (bsc#1222672).\n- CVE-2024-27415: netfilter: br_netfilter: skip conntrack input hook for promisc packets (bsc#1224757).\n- CVE-2024-35910: kABI fix for tcp: properly terminate timers for kernel sockets (bsc#1224489).\n- CVE-2024-40980: drop_monitor: replace spin_lock by raw_spin_lock (bsc#1227937).\n- CVE-2024-41005: netpoll: Fix race condition in netpoll_owner_active (bsc#1227858).\n- CVE-2024-44974: mptcp: pm: avoid possible UaF when selecting endp (bsc#1230235).\n- CVE-2024-45009: mptcp: pm: only decrement add_addr_accepted for MPJ req (bsc#1230438).\n- CVE-2024-45010: mptcp: pm: only mark \u0027subflow\u0027 endp as available (bsc#1230439).\n- CVE-2024-46782: ila: call nf_unregister_net_hooks() sooner (bsc#1230769).\n- CVE-2024-46858: mptcp: pm: Fix uaf in __timer_delete_sync (bsc#1231088).\n- CVE-2024-47408: net/smc: check smcd_v2_ext_offset when receiving proposal msg (bsc#1235711).\n- CVE-2024-47794: kABI: bpf: Prevent tailcall infinite loop caused by freplace kABI workaround (bsc#1235712).\n- CVE-2024-49571: net/smc: check iparea_offset and ipv6_prefixes_cnt when receiving proposal msg (bsc#1235733).\n- CVE-2024-49940: l2tp: prevent possible tunnel refcount underflow (bsc#1232812).\n- CVE-2024-50029: Bluetooth: hci_conn: Fix UAF in hci_enhanced_setup_sync (bsc#1231949).\n- CVE-2024-50036: net: do not delay dst_entries_add() in dst_release() (bsc#1231912).\n- CVE-2024-50038: netfilter: xtables: fix typo causing some targets not to load on IPv6 (bsc#1231910).\n- CVE-2024-50056: usb: gadget: uvc: Fix ERR_PTR dereference in uvc_v4l2.c (bsc#1232389).\n- CVE-2024-50085: mptcp: pm: fix UaF read in mptcp_pm_nl_rm_addr_or_subflow (bsc#1232508).\n- CVE-2024-50140: net: sched: use RCU read-side critical section in taprio_dump() (bsc#1233060).\n- CVE-2024-50142: xfrm: validate new SA\u0027s prefixlen using SA family when sel.family is unset (bsc#1233028).\n- CVE-2024-50185: kABI fix for mptcp: handle consistently DSS corruption (bsc#1233109).\n- CVE-2024-50251: netfilter: nft_payload: sanitize offset and length before calling skb_checksum() (bsc#1233248).\n- CVE-2024-50258: net: fix crash when config small gso_max_size/gso_ipv4_max_size (bsc#1233221).\n- CVE-2024-50294: rxrpc: Fix missing locking causing hanging calls (bsc#1233483).\n- CVE-2024-50304: ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_find() (bsc#1233522).\n- CVE-2024-53057: net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT (bsc#1233551).\n- CVE-2024-53123: mptcp: error out earlier on disconnect (bsc#1234070).\n- CVE-2024-53124: net: fix data-races around sk-\u003esk_forward_alloc (bsc#1234074).\n- CVE-2024-53139: sctp: fix possible UAF in sctp_v6_available() (bsc#1234157).\n- CVE-2024-53140: netlink: terminate outstanding dump on socket close (bsc#1234222).\n- CVE-2024-53147: exfat: fix out-of-bounds access of directory entries (bsc#1234857).\n- CVE-2024-53176: smb: During unmount, ensure all cached dir instances drop their dentry (bsc#1234894).\n- CVE-2024-53177: smb: prevent use-after-free due to open_cached_dir error paths (bsc#1234896).\n- CVE-2024-53178: smb: Do not leak cfid when reconnect races with open_cached_dir (bsc#1234895).\n- CVE-2024-53680: ipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init() (bsc#1235715).\n- CVE-2024-54683: netfilter: IDLETIMER: Fix for possible ABBA deadlock (bsc#1235729).\n- CVE-2024-56592: bpf: Call free_htab_elem() after htab_unlock_bucket() (bsc#1235244).\n- CVE-2024-56633: selftests/bpf: Add apply_bytes test to test_txmsg_redir_wait_sndmem in test_sockmap (bsc#1235485).\n- CVE-2024-56638: kABI fix for \"netfilter: nft_inner: incorrect percpu area handling under softirq\" (bsc#1235524).\n- CVE-2024-56640: net/smc: fix LGR and link use-after-free issue (bsc#1235436).\n- CVE-2024-56647: net: Fix icmp host relookup triggering ip_rt_bug (bsc#1235435).\n- CVE-2024-56658: net: defer final \u0027struct net\u0027 free in netns dismantle (bsc#1235441).\n- CVE-2024-56702: bpf: Add tracepoints with null-able arguments (bsc#1235501).\n- CVE-2024-56703: ipv6: Fix soft lockups in fib6_select_path under high next hop churn (bsc#1235455).\n- CVE-2024-56718: net/smc: protect link down work from execute after lgr freed (bsc#1235589).\n- CVE-2024-56719: net: stmmac: fix TSO DMA API usage causing oops (bsc#1235591).\n- CVE-2024-56720: bpf, sockmap: Several fixes to bpf_msg_pop_data (bsc#1235592).\n- CVE-2024-56751: ipv6: release nexthop on device removal (bsc#1234936).\n- CVE-2024-56758: btrfs: check folio mapping after unlock in relocate_one_folio() (bsc#1235621).\n- CVE-2024-56770: net/sched: netem: account for backlog updates from child qdisc (bsc#1235637).\n- CVE-2024-57882: mptcp: fix TCP options overflow. (bsc#1235914).\n- CVE-2024-57900: ila: serialize calls to nf_register_net_hooks() (bsc#1235973).\n- CVE-2024-57947: netfilter: nf_set_pipapo: fix initial map fill (bsc#1236333).\n- CVE-2024-57974: udp: Deal with race between UDP socket address change and rehash (bsc#1238532).\n- CVE-2024-57979: kABI workaround for pps changes (bsc#1238521).\n- CVE-2024-57994: ptr_ring: do not block hard interrupts in ptr_ring_resize_multiple() (bsc#1237901).\n- CVE-2024-57996: net_sched: sch_sfq: do not allow 1 packet limit (bsc#1239076).\n- CVE-2024-58012: ASoC: SOF: Intel: hda-dai: Ensure DAI widget is valid during params (bsc#1239104).\n- CVE-2024-58018: nvkm: correctly calculate the available space of the GSP cmdq buffer (bsc#1238990).\n- CVE-2024-58019: nvkm/gsp: correctly advance the read pointer of GSP message queue (bsc#1238997).\n- CVE-2024-58071: team: prevent adding a device which is already a team device lower (bsc#1238970).\n- CVE-2024-58083: KVM: Explicitly verify target vCPU is online in kvm_get_vcpu() (bsc#1239036).\n- CVE-2025-21635: rds: sysctl: rds_tcp_{rcv,snd}buf: avoid using current-\u003ensproxy (bsc#1236111).\n- CVE-2025-21636: sctp: sysctl: plpmtud_probe_interval: avoid using current-\u003ensproxy (bsc#1236113).\n- CVE-2025-21637: sctp: sysctl: udp_port: avoid using current-\u003ensproxy (bsc#1236114).\n- CVE-2025-21638: sctp: sysctl: auth_enable: avoid using current-\u003ensproxy (bsc#1236115).\n- CVE-2025-21639: sctp: sysctl: rto_min/max: avoid using current-\u003ensproxy (bsc#1236122).\n- CVE-2025-21640: sctp: sysctl: cookie_hmac_alg: avoid using current-\u003ensproxy (bsc#1236123).\n- CVE-2025-21647: sched: sch_cake: add bounds checks to host bulk flow fairness counts (bsc#1236133).\n- CVE-2025-21659: netdev: prevent accessing NAPI instances from another namespace (bsc#1236206).\n- CVE-2025-21665: filemap: avoid truncating 64-bit offset to 32 bits (bsc#1236684).\n- CVE-2025-21666: vsock: prevent null-ptr-deref in vsock_*[has_data|has_space] (bsc#1236680).\n- CVE-2025-21667: iomap: avoid avoid truncating 64-bit offset to 32 bits (bsc#1236681).\n- CVE-2025-21668: pmdomain: imx8mp-blk-ctrl: add missing loop break condition (bsc#1236682).\n- CVE-2025-21669: vsock/virtio: discard packets if the transport changes (bsc#1236683).\n- CVE-2025-21670: vsock/bpf: return early if transport is not assigned (bsc#1236685).\n- CVE-2025-21673: smb: client: fix double free of TCP_Server_Info::hostname (bsc#1236689).\n- CVE-2025-21675: net/mlx5: Clear port select structure when fail to create (bsc#1236694).\n- CVE-2025-21678: gtp: Destroy device along with udp socket\u0027s netns dismantle (bsc#1236698).\n- CVE-2025-21680: pktgen: Avoid out-of-bounds access in get_imix_entries (bsc#1236700).\n- CVE-2025-21681: openvswitch: fix lockup on tx to unregistering netdev with carrier (bsc#1236702).\n- CVE-2025-21687: vfio/platform: check the bounds of read/write syscalls (bsc#1237045).\n- CVE-2025-21692: net: sched: fix ets qdisc OOB Indexing (bsc#1237028).\n- CVE-2025-21693: mm: zswap: properly synchronize freeing resources during CPU hotunplug (bsc#1237029).\n- CVE-2025-21700: net: sched: Disallow replacing of child qdisc from one parent to another (bsc#1237159).\n- CVE-2025-21701: net: avoid race between device unregistration and ethnl ops (bsc#1237164).\n- CVE-2025-21703: netem: Update sch-\u003eq.qlen before qdisc_tree_reduce_backlog() (bsc#1237313).\n- CVE-2025-21705: mptcp: handle fastopen disconnect correctly (bsc#1238525).\n- CVE-2025-21706: mptcp: pm: only set fullmesh for subflow endp (bsc#1238528).\n- CVE-2025-21715: net: davicom: fix UAF in dm9000_drv_remove (bsc#1237889).\n- CVE-2025-21716: vxlan: Fix uninit-value in vxlan_vnifilter_dump() (bsc#1237891).\n- CVE-2025-21719: ipmr: do not call mr_mfc_uses_dev() for unres entries (bsc#1238860).\n- CVE-2025-21724: iommufd/iova_bitmap: Fix shift-out-of-bounds in iova_bitmap_offset_to_index() (bsc#1238863).\n- CVE-2025-21725: smb: client: fix oops due to unset link speed (bsc#1238877).\n- CVE-2025-21728: bpf: Send signals asynchronously if !preemptible (bsc#1237879).\n- CVE-2025-21729: wifi: rtw89: fix race between cancel_hw_scan and hw_scan completion (bsc#1237874).\n- CVE-2025-21733: tracing/osnoise: Fix resetting of tracepoints (bsc#1238494).\n- CVE-2025-21739: kABI: ufshcd: add ufshcd_dealloc_host back (bsc#1238506).\n- CVE-2025-21753: btrfs: fix use-after-free when attempting to join an aborted transaction (bsc#1237875).\n- CVE-2025-21754: btrfs: fix assertion failure when splitting ordered extent after transaction abort (bsc#1238496).\n- CVE-2025-21755: vsock: Orphan socket after transport release (bsc#1237882).\n- CVE-2025-21759: ipv6: mcast: extend RCU protection in igmp6_send() (bsc#1238738).\n- CVE-2025-21760: ndisc: extend RCU protection in ndisc_send_skb() (bsc#1238763).\n- CVE-2025-21761: openvswitch: use RCU protection in ovs_vport_cmd_fill_info() (bsc#1238775).\n- CVE-2025-21762: arp: use RCU protection in arp_xmit() (bsc#1238780).\n- CVE-2025-21763: neighbour: use RCU protection in __neigh_notify() (bsc#1237897).\n- CVE-2025-21765: ipv6: use RCU protection in ip6_default_advmss() (bsc#1237906).\n- CVE-2025-21766: ipv4: use RCU protection in __ip_rt_update_pmtu() (bsc#1238754).\n- CVE-2025-21767: clocksource: Use migrate_disable() to avoid calling get_random_u32() in atomic context (bsc#1238509).\n- CVE-2025-21790: vxlan: check vxlan_vnigroup_init() return value (bsc#1238753).\n- CVE-2025-21791: vrf: use RCU protection in l3mdev_l3_out() (bsc#1238512).\n- CVE-2025-21795: NFSD: fix hang in nfsd4_shutdown_callback (bsc#1238759).\n- CVE-2025-21799: net: ethernet: ti: am65-cpsw: fix freeing IRQ in am65_cpsw_nuss_remove_tx_chns() (bsc#1238739).\n- CVE-2025-21802: net: hns3: fix oops when unload drivers paralleling (bsc#1238751).\n- CVE-2025-21806: net: let net.core.dev_weight always be non-zero (bsc#1238746).\n- CVE-2025-21825: selftests/bpf: Add test case for the freeing of bpf_timer (bsc#1238971).\n- CVE-2025-21836: io_uring/kbuf: reallocate buf lists on upgrade (bsc#1239066).\n- CVE-2025-21844: smb: client: Add check for next_buffer in receive_encrypted_standard() (bsc#1239512).\n- CVE-2025-21848: nfp: bpf: Add check for nfp_app_ctrl_msg_alloc() (bsc#1239479).\n- CVE-2025-21856: s390/ism: add release function for struct device (bsc#1239486).\n- CVE-2025-21857: net/sched: cls_api: fix error handling causing NULL dereference (bsc#1239478).\n- CVE-2025-21861: mm/migrate_device: do not add folio to be freed to LRU in migrate_device_finalize() (bsc#1239483).\n- CVE-2025-21862: drop_monitor: fix incorrect initialization order (bsc#1239474).\n- CVE-2025-21863: io_uring: prevent opcode speculation (bsc#1239475).\n- CVE-2025-21864: kABI fix for tcp: drop secpath at the same time as we currently drop (bsc#1239482).\n- CVE-2025-21865: gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl() (bsc#1239481).\n- CVE-2025-21870: ASoC: SOF: ipc4-topology: Harden loops for looking up ALH copiers (bsc#1240191).\n- CVE-2025-21871: tee: optee: Fix supplicant wait loop (bsc#1240183).\n- CVE-2025-21873: scsi: ufs: core: bsg: Fix crash when arpmb command fails (bsc#1240184).\n- CVE-2025-21875: mptcp: always handle address removal under msk socket lock (bsc#1240168).\n- CVE-2025-21881: uprobes: Reject the shared zeropage in uprobe_write_opcode() (bsc#1240185).\n- CVE-2025-21883: ice: Fix deinitializing VF in error path (bsc#1240189).\n- CVE-2025-21884: net: better track kernel sockets lifetime (bsc#1240171).\n- CVE-2025-21887: ovl: fix UAF in ovl_dentry_update_reval by moving dput() in ovl_link_up (bsc#1240176).\n- CVE-2025-21889: perf/core: Add RCU read lock protection to perf_iterate_ctx() (bsc#1240167).\n- CVE-2025-21890: idpf: fix checksums set in idpf_rx_rsc() (bsc#1240173).\n- CVE-2025-21891: ipvlan: ensure network headers are in skb linear part (bsc#1240186).\n- CVE-2025-21894: net: enetc: VFs do not support HWTSTAMP_TX_ONESTEP_SYNC (bsc#1240581).\n- CVE-2025-21895: perf/core: Order the PMU list to fix warning about unordered pmu_ctx_list (bsc#1240585).\n- CVE-2025-21906: wifi: iwlwifi: mvm: clean up ROC on failure (bsc#1240587).\n- CVE-2025-21908: NFS: fix nfs_release_folio() to not deadlock via kcompactd writeback (bsc#1240600).\n- CVE-2025-21913: x86/amd_nb: Use rdmsr_safe() in amd_get_mmconfig_range() (bsc#1240591).\n- CVE-2025-21922: ppp: Fix KMSAN uninit-value warning with bpf (bsc#1240639).\n- CVE-2025-21924: net: hns3: make sure ptp clock is unregister and freed\n if hclge_ptp_get_cycle returns an error (bsc#1240720).\n- CVE-2025-21957: scsi: qla1280: Fix kernel oops when debug level \u003e 2 (bsc#1240742).\n- CVE-2025-21960: eth: bnxt: do not update checksum in bnxt_xdp_build_skb() (bsc#1240815).\n- CVE-2025-21961: eth: bnxt: fix truesize for mb-xdp-pass case (bsc#1240816).\n- CVE-2025-21969: Bluetooth: L2CAP: Fix build errors in some archs (bsc#1240784).\n- CVE-2025-21970: net/mlx5: Bridge, fix the crash caused by LAG state check (bsc#1240819).\n- CVE-2025-21972: net: mctp: unshare packets when reassembling (bsc#1240813).\n- CVE-2025-21975: net/mlx5: handle errors in mlx5_chains_create_table() (bsc#1240812).\n- CVE-2025-21981: ice: fix memory leak in aRFS after reset (bsc#1240612).\n- CVE-2025-21991: x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes (bsc#1240795).\n- CVE-2025-21993: iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic() (bsc#1240797).\n- CVE-2025-2312: CIFS: New mount option for cifs.upcall namespace resolution (bsc#1239684).\n\nThe following non-security bugs were fixed:\n\n- ACPI: PRM: Remove unnecessary strict handler address checks (git-fixes).\n- ACPI: processor: idle: Return an error if both P_LVL{2,3} idle states are invalid (bsc#1237530).\n- ACPI: property: Fix return value for nval == 0 in acpi_data_prop_read() (git-fixes).\n- ACPI: resource: IRQ override for Eluktronics MECH-17 (stable-fixes).\n- ACPI: resource: Skip IRQ override on ASUS Vivobook 14 X1404VAP (stable-fixes).\n- ACPI: x86: Add skip i2c clients quirk for Vexia EDU ATLA 10 tablet 5V (stable-fixes).\n- ACPI: x86: Extend Lenovo Yoga Tab 3 quirk with skip GPIO event-handlers (git-fixes).\n- ALSA: hda/cirrus: Correct the full scale volume set logic (git-fixes).\n- ALSA: hda/conexant: Add quirk for HP ProBook 450 G4 mute LED (stable-fixes).\n- ALSA: hda/realtek - add supported Mic Mute LED for Lenovo platform (stable-fixes).\n- ALSA: hda/realtek: Add mute LED quirk for HP Pavilion x360 14-dy1xxx (stable-fixes).\n- ALSA: hda/realtek: Add support for ASUS B3405 and B3605 Laptops using CS35L41 HDA (stable-fixes).\n- ALSA: hda/realtek: Add support for ASUS B5405 and B5605 Laptops using CS35L41 HDA (stable-fixes).\n- ALSA: hda/realtek: Add support for ASUS ROG Strix G614 Laptops using CS35L41 HDA (stable-fixes).\n- ALSA: hda/realtek: Add support for ASUS ROG Strix G814 Laptop using CS35L41 HDA (stable-fixes).\n- ALSA: hda/realtek: Add support for ASUS ROG Strix GA603 Laptops using CS35L41 HDA (stable-fixes).\n- ALSA: hda/realtek: Add support for ASUS Zenbook UM3406KA Laptops using CS35L41 HDA (stable-fixes).\n- ALSA: hda/realtek: Add support for various ASUS Laptops using CS35L41 HDA (stable-fixes).\n- ALSA: hda/realtek: Add support for various HP Laptops using CS35L41 HDA (stable-fixes).\n- ALSA: hda/realtek: Always honor no_shutup_pins (git-fixes).\n- ALSA: hda/realtek: Fix Asus Z13 2025 audio (stable-fixes).\n- ALSA: hda/realtek: Fix built-in mic assignment on ASUS VivoBook X515UA (git-fixes).\n- ALSA: hda/realtek: Fix built-in mic breakage on ASUS VivoBook X515JA (git-fixes).\n- ALSA: hda/realtek: Fix built-in mic on another ASUS VivoBook model (git-fixes).\n- ALSA: hda/realtek: Fix microphone regression on ASUS N705UD (git-fixes).\n- ALSA: hda/realtek: Fix wrong mic setup for ASUS VivoBook 15 (git-fixes).\n- ALSA: hda/realtek: Fixup ALC225 depop procedure (git-fixes).\n- ALSA: hda/realtek: Limit mic boost on Positivo ARN50 (stable-fixes).\n- ALSA: hda/realtek: Remove (revert) duplicate Ally X config (git-fixes).\n- ALSA: hda/realtek: Support mute LED on HP Laptop 15s-du3xxx (stable-fixes).\n- ALSA: hda/realtek: update ALC222 depop optimize (stable-fixes).\n- ALSA: hda: Add error check for snd_ctl_rename_id() in snd_hda_create_dig_out_ctls() (git-fixes).\n- ALSA: hda: Fix speakers on ASUS EXPERTBOOK P5405CSA 1.0 (stable-fixes).\n- ALSA: hda: intel: Add Dell ALC3271 to power_save denylist (stable-fixes).\n- ALSA: hda: realtek: fix incorrect IS_REACHABLE() usage (git-fixes).\n- ALSA: pcm: Drop superfluous NULL check in snd_pcm_format_set_silence() (git-fixes).\n- ALSA: seq: Avoid module auto-load handling at event delivery (stable-fixes).\n- ALSA: seq: Drop UMP events when no UMP-conversion is set (git-fixes).\n- ALSA: seq: Make dependency on UMP clearer (git-fixes).\n- ALSA: seq: remove redundant \u0027tristate\u0027 for SND_SEQ_UMP_CLIENT (stable-fixes).\n- ALSA: usb-audio: Add quirk for Plantronics headsets to fix control names (stable-fixes).\n- ALSA: usb-audio: Avoid dropping MIDI events at closing multiple ports (git-fixes).\n- ALSA: usb-audio: Re-add sample rate quirk for Pioneer DJM-900NXS2 (stable-fixes).\n- ALSA: usb-audio: separate DJM-A9 cap lvl options (git-fixes).\n- ALSA: usx2y: validate nrpacks module parameter on probe (git-fixes).\n- APEI: GHES: Have GHES honor the panic= setting (stable-fixes).\n- ASoC: Intel: avs: Abstract IPC handling (stable-fixes).\n- ASoC: Intel: avs: Do not readq() u32 registers (git-fixes).\n- ASoC: Intel: avs: Prefix SKL/APL-specific members (stable-fixes).\n- ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet 5V (stable-fixes).\n- ASoC: SOF: Intel: hda: add softdep pre to snd-hda-codec-hdmi module (stable-fixes).\n- ASoC: SOF: amd: Handle IPC replies before FW_BOOT_COMPLETE (stable-fixes).\n- ASoC: SOF: pcm: Clear the susbstream pointer to NULL on close (git-fixes).\n- ASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data() (git-fixes).\n- ASoC: amd: Add ACPI dependency to fix build error (stable-fixes).\n- ASoC: amd: yc: Support mic on another Lenovo ThinkPad E16 Gen 2 model (stable-fixes).\n- ASoC: arizona/madera: use fsleep() in up/down DAPM event delays (stable-fixes).\n- ASoC: codecs: wm0010: Fix error handling path in wm0010_spi_probe() (git-fixes).\n- ASoC: cs35l41: check the return value from spi_setup() (git-fixes).\n- ASoC: es8328: fix route from DAC to output (git-fixes).\n- ASoC: fsl_micfil: Enable default case in micfil_set_quality() (git-fixes).\n- ASoC: imx-card: Add NULL check in imx_card_probe() (git-fixes).\n- ASoC: ops: Consistently treat platform_max as control value (git-fixes).\n- ASoC: qdsp6: q6apm-dai: fix capture pipeline overruns (git-fixes).\n- ASoC: qdsp6: q6apm-dai: set 10 ms period and buffer alignment (git-fixes).\n- ASoC: qdsp6: q6asm-dai: fix q6asm_dai_compr_set_params error path (git-fixes).\n- ASoC: rockchip: i2s-tdm: fix shift config for SND_SOC_DAIFMT_DSP_[AB] (git-fixes).\n- ASoC: rt722-sdca: add missing readable registers (git-fixes).\n- ASoC: tas2764: Fix power control mask (stable-fixes).\n- ASoC: tas2764: Set the SDOUT polarity correctly (stable-fixes).\n- ASoC: tas2770: Fix volume scale (stable-fixes).\n- ASoC: ti: j721e-evm: Fix clock configuration for ti,j7200-cpb-audio compatible (git-fixes).\n- Bluetooth: Add check for mgmt_alloc_skb() in mgmt_device_connected() (git-fixes).\n- Bluetooth: Add check for mgmt_alloc_skb() in mgmt_remote_name() (git-fixes).\n- Bluetooth: Fix error code in chan_alloc_skb_cb() (git-fixes).\n- Bluetooth: HCI: Add definition of hci_rp_remote_name_req_cancel (git-fixes).\n- Bluetooth: Improve setsockopt() handling of malformed user input (git-fixes).\n- Bluetooth: L2CAP: Fix L2CAP_ECRED_CONN_RSP response (git-fixes).\n- Bluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync (stable-fixes).\n- Bluetooth: hci_event: Fix connection regression between LE and non-LE adapters (git-fixes).\n- Bluetooth: hci_event: Fix enabling passive scanning (git-fixes).\n- Documentation: qat: fix auto_reset attribute details (git-fixes).\n- Documentation: qat: fix auto_reset section (git-fixes).\n- Drivers: hv: vmbus: Do not release fb_mmio resource in vmbus_free_mmio() (git-fixes).\n- Fix memory-hotplug regression (bsc#1237504)\n- Grab mm lock before grabbing pt lock (git-fixes).\n- HID: Enable playstation driver independently of sony driver (git-fixes).\n- HID: Wacom: Add PCI Wacom device support (stable-fixes).\n- HID: apple: disable Fn key handling on the Omoton KB066 (git-fixes).\n- HID: apple: fix up the F6 key on the Omoton KB066 keyboard (stable-fixes).\n- HID: appleir: Fix potential NULL dereference at raw event handle (git-fixes).\n- HID: google: fix unused variable warning under !CONFIG_ACPI (git-fixes).\n- HID: hid-apple: Apple Magic Keyboard a3203 USB-C support (stable-fixes).\n- HID: hid-plantronics: Add mic mute mapping and generalize quirks (stable-fixes).\n- HID: hid-steam: Add Deck IMU support (stable-fixes).\n- HID: hid-steam: Add gamepad-only mode switched to by holding options (stable-fixes).\n- HID: hid-steam: Avoid overwriting smoothing parameter (stable-fixes).\n- HID: hid-steam: Clean up locking (stable-fixes).\n- HID: hid-steam: Disable watchdog instead of using a heartbeat (stable-fixes).\n- HID: hid-steam: Do not use cancel_delayed_work_sync in IRQ context (git-fixes).\n- HID: hid-steam: Fix cleanup in probe() (git-fixes).\n- HID: hid-steam: Fix use-after-free when detaching device (git-fixes).\n- HID: hid-steam: Make sure rumble work is canceled on removal (stable-fixes).\n- HID: hid-steam: Move hidraw input (un)registering to work (git-fixes).\n- HID: hid-steam: Update list of identifiers from SDL (stable-fixes).\n- HID: hid-steam: remove pointless error message (stable-fixes).\n- HID: hid-thrustmaster: fix stack-out-of-bounds read in usb_check_int_endpoints() (git-fixes).\n- HID: i2c-hid: Skip SET_POWER SLEEP for Cirque touchpad on system suspend (stable-fixes).\n- HID: i2c-hid: improve i2c_hid_get_report error message (stable-fixes).\n- HID: ignore non-functional sensor in HP 5MP Camera (stable-fixes).\n- HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() (git-fixes).\n- HID: intel-ish-hid: Send clock sync message immediately after reset (stable-fixes).\n- HID: intel-ish-hid: fix the length of MNG_SYNC_FW_CLOCK in doorbell (stable-fixes).\n- HID: multitouch: Add NULL check in mt_input_configured (git-fixes).\n- HID: remove superfluous (and wrong) Makefile entry for CONFIG_INTEL_ISH_FIRMWARE_DOWNLOADER (git-fixes).\n- HID: topre: Fix n-key rollover on Realforce R3S TKL boards (stable-fixes).\n- IB/mad: Check available slots before posting receive WRs (git-fixes)\n- IB/mlx5: Set and get correct qp_num for a DCT QP (git-fixes)\n- Input: ads7846 - fix gpiod allocation (git-fixes).\n- Input: allocate keycode for phone linking (stable-fixes).\n- Input: i8042 - add required quirks for missing old boardnames (stable-fixes).\n- Input: i8042 - swap old quirk combination with new quirk for NHxxRZQ (stable-fixes).\n- Input: i8042 - swap old quirk combination with new quirk for more devices (stable-fixes).\n- Input: i8042 - swap old quirk combination with new quirk for several devices (stable-fixes).\n- Input: iqs7222 - add support for Azoteq IQS7222D (git-fixes).\n- Input: iqs7222 - add support for IQS7222D v1.1 and v1.2 (git-fixes).\n- Input: iqs7222 - preserve system status register (git-fixes).\n- Input: pm8941-pwrkey - fix dev_dbg() output in pm8941_pwrkey_irq() (git-fixes).\n- Input: synaptics - hide unused smbus_pnp_ids[] array (git-fixes).\n- Input: xpad - add 8BitDo SN30 Pro, Hyperkin X91 and Gamesir G7 SE controllers (stable-fixes).\n- Input: xpad - add multiple supported devices (stable-fixes).\n- Input: xpad - add support for TECNO Pocket Go (stable-fixes).\n- Input: xpad - add support for ZOTAC Gaming Zone (stable-fixes).\n- Input: xpad - rename QH controller to Legion Go S (stable-fixes).\n- KVM: VMX: Allow toggling bits in MSR_IA32_RTIT_CTL when enable bit is cleared (git-fixes).\n- KVM: VMX: Fix comment of handle_vmx_instruction() (git-fixes).\n- KVM: VMX: reset the segment cache after segment init in vmx_vcpu_reset() (jsc#PED-348 git-fixes).\n- KVM: arm64: Do not eagerly teardown the vgic on init error (git-fixes).\n- KVM: arm64: Ensure vgic_ready() is ordered against MMIO registration (git-fixes).\n- KVM: arm64: Fix alignment of kvm_hyp_memcache allocations (git-fixes).\n- KVM: arm64: Flush hyp bss section after initialization of variables in bss (git-fixes).\n- KVM: arm64: Unconditionally save+flush host FPSIMD/SVE/SME state (git-fixes)\n- KVM: arm64: vgic-v3: Sanitise guest writes to GICR_INVLPIR (git-fixes).\n- KVM: nSVM: Enter guest mode before initializing nested NPT MMU (git-fixes).\n- KVM: nVMX: Treat vpid01 as current if L2 is active, but with VPID disabled (jsc#PED-348 git-fixes).\n- KVM: s390: vsie: fix some corner-cases when grabbing vsie pages (git-fixes bsc#1237155).\n- KVM: x86/mmu: Skip the \"try unsync\" path iff the old SPTE was a leaf SPTE (git-fixes).\n- KVM: x86: AMD\u0027s IBPB is not equivalent to Intel\u0027s IBPB (git-fixes).\n- KVM: x86: Account for KVM-reserved CR4 bits when passing through CR4 on VMX (git-fixes).\n- KVM: x86: Advertise SRSO_USER_KERNEL_NO to userspace (git-fixes).\n- KVM: x86: Avoid double RDPKRU when loading host/guest PKRU (git-fixes).\n- KVM: x86: Cache CPUID.0xD XSTATE offsets+sizes during module init (git-fixes).\n- KVM: x86: Fix a comment inside __kvm_set_or_clear_apicv_inhibit() (git-fixes).\n- KVM: x86: Reject Hyper-V\u0027s SEND_IPI hypercalls if local APIC isn\u0027t in-kernel (git-fixes).\n- KVM: x86: Unconditionally set irr_pending when updating APICv state (jsc#PED-348).\n- KVM: x86: Zero out PV features cache when the CPUID leaf is not present (git-fixes).\n- Move upstreamed ACPI patch into sorted section\n- Move upstreamed PCI and initramfs patches into sorted section\n- Move upstreamed nfsd and sunrpc patches into sorted section\n- Move upstreamed powerpc and SCSI patches into sorted section\n- PCI/ACS: Fix \u0027pci=config_acs=\u0027 parameter (git-fixes).\n- PCI/ASPM: Fix link state exit during switch upstream function removal (git-fixes).\n- PCI/DOE: Poll DOE Busy bit for up to 1 second in pci_doe_send_req() (bsc#1237853)\n- PCI/DOE: Support discovery version 2 (bsc#1237853)\n- PCI/DPC: Quirk PIO log size for Intel Raptor Lake-P (stable-fixes).\n- PCI/portdrv: Only disable pciehp interrupts early when needed (git-fixes).\n- PCI: Avoid reset when disabled via sysfs (git-fixes).\n- PCI: Fix BAR resizing when VF BARs are assigned (git-fixes).\n- PCI: Fix reference leak in pci_alloc_child_bus() (git-fixes).\n- PCI: Fix reference leak in pci_register_host_bridge() (git-fixes).\n- PCI: Remove stray put_device() in pci_register_host_bridge() (git-fixes).\n- PCI: Use downstream bridges for distributing resources (bsc#1237325).\n- PCI: brcmstb: Fix error path after a call to regulator_bulk_get() (git-fixes).\n- PCI: brcmstb: Fix missing of_node_put() in brcm_pcie_probe() (git-fixes).\n- PCI: brcmstb: Fix potential premature regulator disabling (git-fixes).\n- PCI: brcmstb: Set generation limit before PCIe link up (git-fixes).\n- PCI: brcmstb: Use internal register to change link capability (git-fixes).\n- PCI: cadence-ep: Fix the driver to send MSG TLP for INTx without data payload (git-fixes).\n- PCI: dwc: ep: Return -ENOMEM for allocation failures (git-fixes).\n- PCI: histb: Fix an error handling path in histb_pcie_probe() (git-fixes).\n- PCI: hookup irq_get_affinity callback (bsc#1236896).\n- PCI: imx6: Simplify clock handling by using clk_bulk*() function (git-fixes).\n- PCI: pciehp: Do not enable HPIE when resuming in poll mode (git-fixes).\n- PCI: switchtec: Add Microchip PCI100X device IDs (stable-fixes).\n- PCI: xilinx-cpm: Fix IRQ domain leak in error path of probe (git-fixes).\n- PM: sleep: Adjust check before setting power.must_resume (git-fixes).\n- PM: sleep: Fix handling devices with direct_complete set on errors (git-fixes).\n- RAS: Avoid build errors when CONFIG_DEBUG_FS=n (jsc#PED-7619).\n- RDMA/bnxt_re: Add missing paranthesis in map_qp_id_to_tbl_indx (git-fixes)\n- RDMA/bnxt_re: Avoid clearing VLAN_ID mask in modify qp path (git-fixes)\n- RDMA/bnxt_re: Fix the page details for the srq created by kernel consumers (git-fixes)\n- RDMA/bnxt_re: Fix the statistics for Gen P7 VF (git-fixes)\n- RDMA/core: Do not expose hw_counters outside of init net namespace (git-fixes)\n- RDMA/efa: Reset device on probe failure (git-fixes)\n- RDMA/erdma: Prevent use-after-free in erdma_accept_newconn() (git-fixes)\n- RDMA/hns: Fix a missing rollback in error path of hns_roce_create_qp_common() (git-fixes)\n- RDMA/hns: Fix mbox timing out by adding retry mechanism (git-fixes)\n- RDMA/hns: Fix missing xa_destroy() (git-fixes)\n- RDMA/hns: Fix soft lockup during bt pages loop (git-fixes)\n- RDMA/hns: Fix unmatched condition in error path of alloc_user_qp_db() (git-fixes)\n- RDMA/hns: Fix wrong value of max_sge_rd (git-fixes)\n- RDMA/mana_ib: Allocate PAGE aligned doorbell index (git-fixes).\n- RDMA/mana_ib: Prefer struct_size over open coded arithmetic (bsc#1239016).\n- RDMA/mlx5: Fix AH static rate parsing (git-fixes)\n- RDMA/mlx5: Fix MR cache initialization error flow (git-fixes)\n- RDMA/mlx5: Fix a WARN during dereg_mr for DM type (git-fixes)\n- RDMA/mlx5: Fix a race for DMABUF MR which can lead to CQE with error (git-fixes)\n- RDMA/mlx5: Fix bind QP error cleanup flow (git-fixes)\n- RDMA/mlx5: Fix cache entry update on dereg error (git-fixes)\n- RDMA/mlx5: Fix calculation of total invalidated pages (git-fixes)\n- RDMA/mlx5: Fix implicit ODP hang on parent deregistration (git-fixes)\n- RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow (git-fixes)\n- RDMA/mlx5: Fix the recovery flow of the UMR QP (git-fixes)\n- RDMA/mlx5: Handle errors returned from mlx5r_ib_rate() (git-fixes)\n- RDMA/rxe: Fix the failure of ibv_query_device() and ibv_query_device_ex() tests (git-fixes)\n- RDMA/rxe: Improve newline in printing messages (git-fixes)\n- Reapply \"wifi: ath11k: restore country code during resume\" (bsc#1207948).\n- Revert \"blk-throttle: Fix IO hang for a corner case\" (git-fixes).\n- Revert \"dm: requeue IO if mapping table not yet available\" (git-fixes).\n- Revert \"drivers/card_reader/rtsx_usb: Restore interrupt based detection\" (git-fixes).\n- Revert \"drm/amd/display: Use HW lock mgr for PSR1\" (stable-fixes).\n- Revert \"leds-pca955x: Remove the unused function pca95xx_num_led_regs()\" (stable-fixes).\n- Revert \"wifi: ath11k: restore country code during resume\" (bsc#1207948).\n- Revert \"wifi: ath11k: support hibernation\" (bsc#1207948).\n- SUNRPC: Handle -ETIMEDOUT return from tlshd (git-fixes).\n- SUNRPC: Prevent looping due to rpc_signal_task() races (git-fixes).\n- SUNRPC: convert RPC_TASK_* constants to enum (git-fixes).\n- UPSTREAM: tcp: fix DSACK undo in fast recovery to call tcp_try_to_open() (git-fixes).\n- USB: Add USB_QUIRK_NO_LPM quirk for sony xperia xz1 smartphone (stable-fixes).\n- USB: Fix the issue of task recovery failure caused by USB status when S4 wakes up (git-fixes).\n- USB: cdc-acm: Fill in Renesas R-Car D3 USB Download mode quirk (git-fixes).\n- USB: gadget: f_midi: f_midi_complete to call queue_work (git-fixes).\n- USB: hub: Ignore non-compliant devices with too many configs or interfaces (stable-fixes).\n- USB: pci-quirks: Fix HCCPARAMS register error for LS7A EHCI (stable-fixes).\n- USB: quirks: add USB_QUIRK_NO_LPM quirk for Teclast dist (stable-fixes).\n- USB: serial: ftdi_sio: add support for Altera USB Blaster 3 (stable-fixes).\n- USB: serial: option: add MeiG Smart SLM828 (stable-fixes).\n- USB: serial: option: add Telit Cinterion FE990B compositions (stable-fixes).\n- USB: serial: option: add Telit Cinterion FN990B compositions (stable-fixes).\n- USB: serial: option: drop MeiG Smart defines (stable-fixes).\n- USB: serial: option: fix Telit Cinterion FE990A name (stable-fixes).\n- USB: serial: option: fix Telit Cinterion FN990A name (stable-fixes).\n- USB: serial: option: match on interface class for Telit FN990B (stable-fixes).\n- Update \"drm/mgag200: Added support for the new device G200eH5\" (jsc#PED-12094)\n- Use gcc-13 for build on SLE16 (jsc#PED-10028).\n- accel/qaic: Fix integer overflow in qaic_validate_req() (git-fixes).\n- accel/qaic: Fix possible data corruption in BOs \u003e 2G (git-fixes).\n- acct: block access to kernel internal filesystems (git-fixes).\n- acct: perform last write from workqueue (git-fixes).\n- acpi: nfit: fix narrowing conversion in acpi_nfit_ctl (git-fixes).\n- af_packet: do not call packet_read_pending() from tpacket_destruct_skb() (bsc#1237849).\n- af_unix: Annotate data-race of sk-\u003esk_state in unix_stream_read_skb() (bsc#1239435).\n- af_unix: Disable MSG_OOB handling for sockets in sockmap/sockhash (bsc#1239435).\n- af_unix: Remove put_pid()/put_cred() in copy_peercred() (bsc#1240334).\n- affs: do not write overlarge OFS data block size fields (git-fixes).\n- affs: generate OFS sequence numbers starting at 1 (git-fixes).\n- amdgpu/pm/legacy: fix suspend/resume issues (git-fixes).\n- arch_topology: Make register_cpu_capacity_sysctl() tolerant to late (bsc#1238052)\n- arch_topology: init capacity_freq_ref to 0 (bsc#1238052)\n- arm64/amu: Use capacity_ref_freq() to set AMU ratio (bsc#1238052)\n- arm64/mm: Ensure adequate HUGE_MAX_HSTATE (git-fixes)\n- arm64: Do not call NULL in do_compat_alignment_fixup() (git-fixes)\n- arm64: Handle .ARM.attributes section in linker scripts (git-fixes)\n- arm64: Provide an AMU-based version of arch_freq_get_on_cpu (bsc#1238052)\n- arm64: Update AMU-based freq scale factor on entering idle (bsc#1238052)\n- arm64: Utilize for_each_cpu_wrap for reference lookup (bsc#1238052)\n- arm64: amu: Delay allocating cpumask for AMU FIE support (bsc#1238052)\n- arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array (git-fixes)\n- arm64: cputype: Add MIDR_CORTEX_A76AE (git-fixes)\n- arm64: dts: freescale: imx8mm-verdin-dahlia: add Microphone Jack to (git-fixes)\n- arm64: dts: freescale: tqma8mpql: Fix vqmmc-supply (git-fixes)\n- arm64: dts: rockchip: Add avdd HDMI supplies to RockPro64 board dtsi (git-fixes)\n- arm64: dts: rockchip: Add missing PCIe supplies to RockPro64 board (git-fixes)\n- arm64: dts: rockchip: Fix PWM pinctrl names (git-fixes)\n- arm64: dts: rockchip: Remove bluetooth node from rock-3a (git-fixes)\n- arm64: dts: rockchip: Remove undocumented sdmmc property from (git-fixes)\n- arm64: dts: rockchip: add rs485 support on uart5 of (git-fixes)\n- arm64: dts: rockchip: fix pinmux of UART0 for PX30 Ringneck on Haikou (git-fixes)\n- arm64: dts: rockchip: fix pinmux of UART5 for PX30 Ringneck on Haikou (git-fixes)\n- arm64: errata: Add KRYO 2XX/3XX/4XX silver cores to Spectre BHB safe (git-fixes)\n- arm64: errata: Add QCOM_KRYO_4XX_GOLD to the spectre_bhb_k24_list (git-fixes)\n- arm64: errata: Add newer ARM cores to the spectre_bhb_loop_affected() (git-fixes)\n- arm64: errata: Assume that unknown CPUs _are_ vulnerable to Spectre (git-fixes)\n- arm64: hugetlb: Fix flush_hugetlb_tlb_range() invalidation level (git-fixes)\n- arm64: hugetlb: Fix huge_ptep_get_and_clear() for non-present ptes (git-fixes)\n- arm64: hugetlb: enable __HAVE_ARCH_FLUSH_HUGETLB_TLB_RANGE (git-fixes)\n- arm64: mm: Correct the update of max_pfn (git-fixes)\n- arm64: mm: Populate vmemmap at the page level if not section aligned (git-fixes)\n- arm64: tegra: Remove the Orin NX/Nano suspend key (git-fixes)\n- ata: ahci: Add mask_port_map module parameter (git-fixes).\n- ata: libata-scsi: Check ATA_QCFLAG_RTF_FILLED before using result_tf (git-fixes).\n- ata: libata-scsi: Remove redundant sense_buffer memsets (git-fixes).\n- ata: libata-sff: Ensure that we cannot write outside the allocated buffer (stable-fixes).\n- ata: libata: Fix NCQ Non-Data log not supported print (git-fixes).\n- ata: pata_parport: add custom version of wait_after_reset (git-fixes).\n- ata: pata_parport: fit3: implement IDE command set registers (git-fixes).\n- ata: pata_serverworks: Do not use the term blacklist (git-fixes).\n- ata: sata_highbank: fix OF node reference leak in highbank_initialize_phys() (git-fixes).\n- ata: sata_sil: Rename sil_blacklist to sil_quirks (git-fixes).\n- auxdisplay: panel: Fix an API misuse in panel.c (git-fixes).\n- backlight: led_bl: Hold led_access lock when calling led_sysfs_disable() (git-fixes).\n- batman-adv: Drop unmanaged ELP metric worker (git-fixes).\n- batman-adv: Ignore neighbor throughput metrics in error case (stable-fixes).\n- batman-adv: Ignore own maximum aggregation size during RX (git-fixes).\n- batman-adv: fix panic during interface removal (git-fixes).\n- bio-integrity: do not restrict the size of integrity metadata (git-fixes).\n- bitmap: introduce generic optimized bitmap_size() (git-fixes).\n- blk-cgroup: Fix class @block_class\u0027s subsystem refcount leakage (bsc#1237558).\n- blk-cgroup: Properly propagate the iostat update up the hierarchy (bsc#1225606).\n- blk-iocost: Avoid using clamp() on inuse in __propagate_weights() (git-fixes).\n- blk-mq: Make blk_mq_quiesce_tagset() hold the tag list mutex less long (git-fixes).\n- blk-mq: add number of queue calc helper (bsc#1236897).\n- blk-mq: create correct map for fallback case (bsc#1236896).\n- blk-mq: do not count completed flush data request as inflight in case of quiesce (git-fixes).\n- blk-mq: introduce blk_mq_map_hw_queues (bsc#1236896).\n- blk-mq: issue warning when offlining hctx with online isolcpus (bsc#1236897).\n- blk-mq: move cpuhp callback registering out of q-\u003esysfs_lock (git-fixes).\n- blk-mq: register cpuhp callback after hctx is added to xarray table (git-fixes).\n- blk-mq: use hk cpus only when isolcpus=managed_irq is enabled (bsc#1236897).\n- blk_iocost: remove some duplicate irq disable/enables (git-fixes).\n- block, bfq: fix waker_bfqq UAF after bfq_split_bfqq() (git-fixes).\n- block: Clear zone limits for a non-zoned stacked queue (git-fixes).\n- block: Fix elevator_get_default() checking for NULL q-\u003etag_set (git-fixes).\n- block: Fix lockdep warning in blk_mq_mark_tag_wait (git-fixes).\n- block: Fix page refcounts for unaligned buffers in __bio_release_pages() (git-fixes).\n- block: Provide bdev_open_* functions (git-fixes).\n- block: Remove special-casing of compound pages (git-fixes).\n- block: Set memalloc_noio to false on device_add_disk() error path (git-fixes).\n- block: add a disk_has_partscan helper (git-fixes).\n- block: add a partscan sysfs attribute for disks (git-fixes).\n- block: add check of \u0027minors\u0027 and \u0027first_minor\u0027 in device_add_disk() (git-fixes).\n- block: avoid to reuse `hctx` not removed from cpuhp callback list (git-fixes).\n- block: change rq_integrity_vec to respect the iterator (git-fixes).\n- block: cleanup and fix batch completion adding conditions (git-fixes).\n- block: copy back bounce buffer to user-space correctly in case of split (git-fixes).\n- block: do not revert iter for -EIOCBQUEUED (git-fixes).\n- block: ensure we hold a queue reference when using queue limits (git-fixes).\n- block: fix and simplify blkdevparts= cmdline parsing (git-fixes).\n- block: fix bio_split_rw_at to take zone_write_granularity into account (git-fixes).\n- block: fix integer overflow in BLKSECDISCARD (git-fixes).\n- block: fix missing dispatching request when queue is started or unquiesced (git-fixes).\n- block: fix ordering between checking BLK_MQ_S_STOPPED request adding (git-fixes).\n- block: fix ordering between checking QUEUE_FLAG_QUIESCED request adding (git-fixes).\n- block: fix sanity checks in blk_rq_map_user_bvec (git-fixes).\n- block: propagate partition scanning errors to the BLKRRPART ioctl (git-fixes).\n- block: remove the blk_flush_integrity call in blk_integrity_unregister (git-fixes).\n- block: retry call probe after request_module in blk_request_module (git-fixes).\n- block: return unsigned int from bdev_io_min (git-fixes).\n- block: sed-opal: avoid possible wrong address reference in read_sed_opal_key() (git-fixes).\n- block: support to account io_ticks precisely (git-fixes).\n- block: use the right type for stub rq_integrity_vec() (git-fixes).\n- bluetooth: btusb: Initialize .owner field of force_poll_sync_fops (git-fixes).\n- bnxt_en: Fix possible memory leak when hwrm_req_replace fails (git-fixes).\n- bnxt_en: Refactor bnxt_ptp_init() (git-fixes).\n- bnxt_en: Unregister PTP during PCI shutdown and suspend (git-fixes).\n- bpf: Avoid kfree_rcu() under lock in bpf_lpm_trie (git-fixes).\n- bpf: Check size for BTF-based ctx access of pointer members (git-fixes).\n- bpf: Fix a verifier verbose message (git-fixes).\n- bpf: Fix theoretical prog_array UAF in __uprobe_perf_func() (git-fixes).\n- bpf: Replace bpf_lpm_trie_key 0-length array with flexible array (git-fixes).\n- bpf: Use -Wno-error in certain tests when building with GCC (git-fixes).\n- bpf: avoid holding freeze_mutex during mmap operation (git-fixes).\n- bpf: fix potential error return (git-fixes).\n- bpf: prevent r10 register from being marked as precise (git-fixes).\n- bpf: unify VM_WRITE vs VM_MAYWRITE use in BPF map mmaping logic (git-fixes).\n- broadcom: fix supported flag check in periodic output function (git-fixes).\n- btrfs: check delayed refs when we\u0027re checking if a ref exists (bsc#1239605).\n- btrfs: do not use btrfs_bio_ctrl for extent buffer writing (bsc#1239045).\n- btrfs: drop the backref cache during relocation if we commit (bsc#1239605).\n- btrfs: fix defrag not merging contiguous extents due to merged extent maps (bsc#1237232).\n- btrfs: fix extent map merging not happening for adjacent extents (bsc#1237232).\n- btrfs: remove the mirror_num argument to btrfs_submit_compressed_read (bsc#1239045).\n- btrfs: subpage: fix error handling in end_bio_subpage_eb_writepage (bsc#1239045).\n- btrfs: use a separate end_io handler for extent_buffer writing (bsc#1239045).\n- bus: mhi: host: Fix race between unprepare and queue_buf (git-fixes).\n- bus: mhi: host: pci_generic: Use pci_try_reset_function() to avoid deadlock (git-fixes).\n- bus: qcom-ssc-block-bus: Fix the error handling path of qcom_ssc_block_bus_probe() (git-fixes).\n- bus: qcom-ssc-block-bus: Remove some duplicated iounmap() calls (git-fixes).\n- bus: simple-pm-bus: fix forced runtime PM use (git-fixes).\n- can: c_can: fix unbalanced runtime PM disable in error path (git-fixes).\n- can: ctucanfd: handle skb allocation failure (git-fixes).\n- can: etas_es58x: fix potential NULL pointer dereference on udev-\u003eserial (git-fixes).\n- can: flexcan: disable transceiver during system PM (git-fixes).\n- can: flexcan: only change CAN state when link up in system PM (git-fixes).\n- can: j1939: j1939_sk_send_loop(): fix unable to send messages with data length zero (git-fixes).\n- can: rcar_canfd: Fix page entries in the AFL list (git-fixes).\n- can: ucan: fix out of bound read in strscpy() source (git-fixes).\n- cdx: Fix possible UAF error in driver_override_show() (git-fixes).\n- char: misc: deallocate static minor in error path (git-fixes).\n- chelsio/chtls: prevent potential integer overflow on 32bit (git-fixes).\n- cifs: Fix parsing reparse point with native symlink in SMB1 non-UNICODE session (git-fixes).\n- cifs: Remove intermediate object of failed create reparse call (git-fixes).\n- cifs: commands that are retried should have replay flag set (bsc#1231432).\n- cifs: fix potential null pointer use in destroy_workqueue in init_cifs error path (bsc#1231432).\n- cifs: helper function to check replayable error codes (bsc#1231432).\n- cifs: new mount option called retrans (bsc#1231432).\n- cifs: open_cached_dir should not rely on primary channel (bsc#1231432).\n- cifs: open_cached_dir(): add FILE_READ_EA to desired access (git-fixes).\n- cifs: update desired access while requesting for directory lease (git-fixes).\n- cifs: update the same create_guid on replay (git-fixes).\n- clk: mediatek: mt2701-aud: fix conversion to mtk_clk_simple_probe (git-fixes).\n- clk: mediatek: mt2701-bdp: add missing dummy clk (git-fixes).\n- clk: mediatek: mt2701-img: add missing dummy clk (git-fixes).\n- clk: mediatek: mt2701-mm: add missing dummy clk (git-fixes).\n- clk: mediatek: mt2701-vdec: fix conversion to mtk_clk_simple_probe (git-fixes).\n- clk: qcom: clk-alpha-pll: fix alpha mode configuration (git-fixes).\n- clk: qcom: clk-rpmh: prevent integer overflow in recalc_rate (git-fixes).\n- clk: qcom: dispcc-sm6350: Add missing parent_map for a clock (git-fixes).\n- clk: qcom: gcc-mdm9607: Fix cmd_rcgr offset for blsp1_uart6 rcg (git-fixes).\n- clk: qcom: gcc-sm6350: Add missing parent_map for two clocks (git-fixes).\n- clk: qcom: gcc-sm8550: Do not turn off PCIe GDSCs during gdsc_disable() (git-fixes).\n- clk: sunxi-ng: a100: enable MMC clock reparenting (git-fixes).\n- clockevents/drivers/i8253: Fix stop sequence for timer 0 (git-fixes).\n- config: Set gcc version (jsc#PED-12251).\n- coredump: Fixes core_pipe_limit sysctl proc_handler (git-fixes).\n- counter: fix privdata alignment (git-fixes).\n- counter: microchip-tcb-capture: Fix undefined counter channel state on probe (git-fixes).\n- counter: stm32-lptimer-cnt: fix error handling when enabling (git-fixes).\n- cppc_cpufreq: Use desired perf if feedback ctrs are 0 or unchanged (bsc#1237856)\n- cpu/hotplug: Do not offline the last non-isolated CPU (bsc#1237562).\n- cpu/hotplug: Prevent self deadlock on CPU hot-unplug (bsc#1237562).\n- cpufreq/amd-pstate: Fix max_perf updation with schedutil (bsc#1239707).\n- cpufreq/cppc: Do not compare desired_perf in target() (bsc#1237856)\n- cpufreq/cppc: Move and rename (bsc#1237856)\n- cpufreq/cppc: Set the frequency used for computing the capacity (bsc#1238052)\n- cpufreq: Allow arch_freq_get_on_cpu to return an error (bsc#1238052)\n- cpufreq: Introduce an optional cpuinfo_avg_freq sysfs entry (bsc#1238052)\n Keep the feature disabled by default on x86_64\n- cpufreq: cppc: Set fie_disabled to FIE_DISABLED if fails to create (bsc#1237856)\n- cpufreq: cppc: cppc_cpufreq_get_rate() returns zero in all error (bsc#1237856)\n- cpufreq: imx6q: Do not disable 792 Mhz OPP unnecessarily (git-fixes).\n- cpufreq: imx6q: do not warn for disabling a non-existing frequency (git-fixes).\n- cpufreq: mediatek-hw: Do not error out if supply is not found (git-fixes).\n- cpufreq: mediatek-hw: Wait for CPU supplies before probing (git-fixes).\n- cpufreq: qcom-nvmem: Enable virtual power domain devices (git-fixes).\n- cpufreq: qcom-nvmem: Simplify driver data allocation (stable-fixes).\n- cpufreq: qcom-nvmem: add support for IPQ8064 (git-fixes).\n- cpufreq: qcom-nvmem: drop pvs_ver for format a fuses (git-fixes).\n- cpufreq: qcom-nvmem: fix memory leaks in probe error paths (git-fixes).\n- cpufreq: qcom-nvmem: use SoC ID-s from bindings (git-fixes).\n- cpufreq: qcom-nvmem: use helper to get SMEM SoC ID (git-fixes).\n- cpufreq: qcom: Fix qcom_cpufreq_hw_recalc_rate() to query LUT if LMh IRQ is not available (git-fixes).\n- cpufreq: qcom: Implement clk_ops::determine_rate() for qcom_cpufreq* clocks (git-fixes).\n- cpufreq: s3c64xx: Fix compilation warning (stable-fixes).\n- cpumask: add cpumask_weight_andnot() (bsc#1239015).\n- cpumask: define cleanup function for cpumasks (bsc#1239015).\n- crypto: ccp - Fix check for the primary ASP device (git-fixes).\n- crypto: ccp - Fix uAPI definitions of PSP errors (git-fixes).\n- crypto: hisilicon/sec2 - fix for aead auth key length (git-fixes).\n- crypto: hisilicon/sec2 - fix for aead authsize alignment (git-fixes).\n- crypto: hisilicon/sec2 - fix for aead icv error (git-fixes).\n- crypto: hisilicon/sec2 - fix for aead invalid authsize (git-fixes).\n- crypto: hisilicon/sec2 - fix for sec spec check (git-fixes).\n- crypto: hisilicon/sec2 - optimize the error return process (stable-fixes).\n- crypto: iaa - Add global_stats file and remove individual stat files (jsc#PED-12416).\n- crypto: iaa - Change desc-\u003epriv to 0 (jsc#PED-12416).\n- crypto: iaa - Change iaa statistics to atomic64_t (jsc#PED-12416).\n- crypto: iaa - Fix comp/decomp delay statistics (jsc#PED-12416).\n- crypto: iaa - Remove comp/decomp delay statistics (jsc#PED-12416).\n- crypto: iaa - Remove header table code (jsc#PED-12416).\n- crypto: iaa - Remove potential infinite loop in check_completion() (jsc#PED-12416).\n- crypto: iaa - Remove unnecessary debugfs_create_dir() error check in iaa_crypto_debugfs_init()\n- crypto: iaa - Remove unneeded newline in update_max_adecomp_delay_ns() (jsc#PED-12416).\n- crypto: iaa - Test the correct request flag (git-fixes).\n- crypto: iaa - Use cpumask_weight() when rebalancing (jsc#PED-12416).\n- crypto: iaa - Use kmemdup() instead of kzalloc() and memcpy() (jsc#PED-12416).\n- crypto: iaa - fix decomp_bytes_in stats (jsc#PED-12416).\n- crypto: iaa - fix the missing CRYPTO_ALG_ASYNC in cra_flags (jsc#PED-12416).\n- crypto: iaa - remove unneeded semicolon (jsc#PED-12416).\n- crypto: nx - Fix uninitialised hv_nxc on error (git-fixes).\n- crypto: qat - Avoid -Wflex-array-member-not-at-end warnings (jsc#PED-12416).\n- crypto: qat - Constify struct pm_status_row (jsc#PED-12416).\n- crypto: qat - Fix missing destroy_workqueue in adf_init_aer() (jsc#PED-12416).\n- crypto: qat - Fix spelling mistake \"Invalide\" -\u003e \"Invalid\" (jsc#PED-12416).\n- crypto: qat - Fix typo \"accelaration\" (jsc#PED-12416).\n- crypto: qat - Fix typo (jsc#PED-12416).\n- crypto: qat - Remove trailing space after \\n newline (jsc#PED-12416).\n- crypto: qat - Use static_assert() to check struct sizes (jsc#PED-12416).\n- crypto: qat - add admin msgs for telemetry (jsc#PED-12416).\n- crypto: qat - add auto reset on error (jsc#PED-12416).\n- crypto: qat - add bank save and restore flows (jsc#PED-12416).\n- crypto: qat - add fatal error notification (jsc#PED-12416).\n- crypto: qat - add fatal error notify method (jsc#PED-12416).\n- crypto: qat - add heartbeat error simulator (jsc#PED-12416).\n- crypto: qat - add interface for live migration (jsc#PED-12416).\n- crypto: qat - add support for 420xx devices (jsc#PED-12416).\n- crypto: qat - add support for device telemetry (jsc#PED-12416).\n- crypto: qat - add support for ring pair level telemetry (jsc#PED-12416).\n- crypto: qat - adf_get_etr_base() helper (jsc#PED-12416).\n- crypto: qat - allow disabling SR-IOV VFs (jsc#PED-12416).\n- crypto: qat - avoid memcpy() overflow warning (jsc#PED-12416).\n- crypto: qat - change signature of uof_get_num_objs() (jsc#PED-12416).\n- crypto: qat - disable arbitration before reset (jsc#PED-12416).\n- crypto: qat - ensure correct order in VF restarting handler (jsc#PED-12416).\n- crypto: qat - expand CSR operations for QAT GEN4 devices (jsc#PED-12416).\n- crypto: qat - fix \"Full Going True\" macro definition (jsc#PED-12416).\n- crypto: qat - fix arbiter mapping generation algorithm for QAT 402xx (jsc#PED-12416).\n- crypto: qat - fix comment structure (jsc#PED-12416).\n- crypto: qat - fix linking errors when PCI_IOV is disabled (jsc#PED-12416).\n- crypto: qat - fix recovery flow for VFs (jsc#PED-12416).\n- crypto: qat - fix ring to service map for dcc in 420xx (jsc#PED-12416).\n- crypto: qat - generate dynamically arbiter mappings (jsc#PED-12416).\n- crypto: qat - implement dh fallback for primes \u003e 4K (jsc#PED-12416).\n- crypto: qat - implement interface for live migration (jsc#PED-12416).\n- crypto: qat - improve aer error reset handling (jsc#PED-12416).\n- crypto: qat - improve error message in adf_get_arbiter_mapping() (jsc#PED-12416).\n- crypto: qat - include pci.h for GET_DEV() (jsc#PED-12416).\n- crypto: qat - initialize user_input.lock for rate_limiting (jsc#PED-12416).\n- crypto: qat - limit heartbeat notifications (jsc#PED-12416).\n- crypto: qat - make adf_ctl_class constant (jsc#PED-12416).\n- crypto: qat - make ring to service map common for QAT GEN4 (jsc#PED-12416).\n- crypto: qat - move PFVF compat checker to a function (jsc#PED-12416).\n- crypto: qat - move fw config related structures (jsc#PED-12416).\n- crypto: qat - preserve ADF_GENERAL_SEC (jsc#PED-12416).\n- crypto: qat - re-enable sriov after pf reset (jsc#PED-12416).\n- crypto: qat - relocate CSR access code (jsc#PED-12416).\n- crypto: qat - relocate and rename 4xxx PF2VM definitions (jsc#PED-12416).\n- crypto: qat - relocate portions of qat_4xxx code (jsc#PED-12416).\n- crypto: qat - remove access to parity register for QAT GEN4 (git-fixes).\n- crypto: qat - remove unnecessary description from comment (jsc#PED-12416).\n- crypto: qat - remove unused adf_devmgr_get_first (jsc#PED-12416).\n- crypto: qat - rename get_sla_arr_of_type() (jsc#PED-12416).\n- crypto: qat - set parity error mask for qat_420xx (git-fixes).\n- crypto: qat - uninitialized variable in adf_hb_error_inject_write() (jsc#PED-12416).\n- crypto: qat - update PFVF protocol for recovery (jsc#PED-12416).\n- crypto: qat - use kcalloc_node() instead of kzalloc_node() (jsc#PED-12416).\n- crypto: qat - validate slices count returned by FW (jsc#PED-12416).\n- crypto: qat/qat_420xx - fix off by one in uof_get_name() (jsc#PED-12416).\n- cxgb4: Avoid removal of uninserted tid (git-fixes).\n- cxgb4: use port number to set mac addr (git-fixes).\n- devlink: avoid potential loop in devlink_rel_nested_in_notify_work() (bsc#1237234).\n- dlm: fix srcu_read_lock() return type to int (git-fixes).\n- dlm: prevent NPD when writing a positive value to event_done (git-fixes).\n- dm array: fix cursor index when skipping across block boundaries (git-fixes).\n- dm array: fix unreleased btree blocks on closing a faulty array cursor (git-fixes).\n- dm init: Handle minors larger than 255 (git-fixes).\n- dm integrity: fix out-of-range warning (git-fixes).\n- dm persistent data: fix memory allocation failure (git-fixes).\n- dm resume: do not return EINVAL when signalled (git-fixes).\n- dm suspend: return -ERESTARTSYS instead of -EINTR (git-fixes).\n- dm thin: Add missing destroy_work_on_stack() (git-fixes).\n- dm-crypt: do not update io-\u003esector after kcryptd_crypt_write_io_submit() (git-fixes).\n- dm-crypt: track tag_offset in convert_context (git-fixes).\n- dm-delay: fix hung task introduced by kthread mode (git-fixes).\n- dm-delay: fix max_delay calculations (git-fixes).\n- dm-delay: fix workqueue delay_timer race (git-fixes).\n- dm-ebs: do not set the flag DM_TARGET_PASSES_INTEGRITY (git-fixes).\n- dm-flakey: Fix memory corruption in optional corrupt_bio_byte feature (git-fixes).\n- dm-integrity: align the outgoing bio in integrity_recheck (git-fixes).\n- dm-integrity: fix a race condition when accessing recalc_sector (git-fixes).\n- dm-raid: Fix WARN_ON_ONCE check for sync_thread in raid_resume (git-fixes).\n- dm-unstriped: cast an operand to sector_t to prevent potential uint32_t overflow (git-fixes).\n- dm-verity FEC: Fix RS FEC repair for roots unaligned to block size (take 2) (git-fixes).\n- dm: Fix typo in error message (git-fixes).\n- dma: kmsan: export kmsan_handle_dma() for modules (git-fixes).\n- doc/README.SUSE: Point to the updated version of LKMPG\n- doc: update managed_irq documentation (bsc#1236897).\n- driver core: Remove needless return in void API device_remove_group() (git-fixes).\n- driver core: bus: add irq_get_affinity callback to bus_type (bsc#1236896).\n- drivers: core: fix device leak in __fw_devlink_relax_cycles() (git-fixes).\n- drivers: virt: acrn: hsm: Use kzalloc to avoid info leak in pmcmd_ioctl (git-fixes).\n- drm/amd/display: Assign normalized_pix_clk when color depth = 14 (stable-fixes).\n- drm/amd/display: Disable PSR-SU on eDP panels (stable-fixes).\n- drm/amd/display: Disable unneeded hpd interrupts during dm_init (stable-fixes).\n- drm/amd/display: Fix HPD after gpu reset (stable-fixes).\n- drm/amd/display: Fix Mode Cutoff in DSC Passthrough to DP2.1 Monitor (stable-fixes).\n- drm/amd/display: Fix null check for pipe_ctx-\u003eplane_state in resource_build_scaling_params (git-fixes).\n- drm/amd/display: Fix slab-use-after-free on hdcp_work (git-fixes).\n- drm/amd/display: Restore correct backlight brightness after a GPU reset (stable-fixes).\n- drm/amd/display: Use HW lock mgr for PSR1 when only one eDP (git-fixes).\n- drm/amd/display: avoid NPD when ASIC does not support DMUB (git-fixes).\n- drm/amd/display: fix type mismatch in CalculateDynamicMetadataParameters() (git-fixes).\n- drm/amd/pm/smu11: Prevent division by zero (git-fixes).\n- drm/amd/pm: Mark MM activity as unsupported (stable-fixes).\n- drm/amd/pm: Prevent division by zero (git-fixes).\n- drm/amd: Keep display off while going into S4 (stable-fixes).\n- drm/amdgpu/dma_buf: fix page_link check (git-fixes).\n- drm/amdgpu/gfx11: fix num_mec (git-fixes).\n- drm/amdgpu/umsch: declare umsch firmware (git-fixes).\n- drm/amdgpu: Check extended configuration space register when system uses large bar (stable-fixes).\n- drm/amdgpu: Fix JPEG video caps max size for navi1x and raven (stable-fixes).\n- drm/amdgpu: Fix MPEG2, MPEG4 and VC1 video caps max size (stable-fixes).\n- drm/amdgpu: Replace Mutex with Spinlock for RLCG register access to\n avoid Priority Inversion in SRIOV (git-fixes).\n- drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table() (stable-fixes).\n- drm/amdgpu: bail out when failed to load fw in psp_init_cap_microcode() (git-fixes).\n- drm/amdgpu: disable BAR resize on Dell G5 SE (git-fixes).\n- drm/amdgpu: fix UVD contiguous CS mapping problem (bsc#1236759).\n- drm/amdkfd: Fix Circular Locking Dependency in \u0027svm_range_cpu_invalidate_pagetables\u0027 (git-fixes).\n- drm/amdkfd: only flush the validate MES contex (stable-fixes).\n- drm/atomic: Filter out redundant DPMS calls (stable-fixes).\n- drm/bridge: Fix spelling mistake \"gettin\" -\u003e \"getting\" (git-fixes).\n- drm/bridge: it6505: Change definition MAX_HDCP_DOWN_STREAM_COUNT (stable-fixes).\n- drm/bridge: it6505: fix HDCP Bstatus check (stable-fixes).\n- drm/bridge: it6505: fix HDCP CTS KSV list wait timer (stable-fixes).\n- drm/bridge: it6505: fix HDCP CTS compare V matching (stable-fixes).\n- drm/bridge: it6505: fix HDCP V match check is not performed correctly (git-fixes).\n- drm/bridge: it6505: fix HDCP encryption when R0 ready (stable-fixes).\n- drm/bridge: ti-sn65dsi86: Fix multiple instances (git-fixes).\n- drm/dp_mst: Add a helper to queue a topology probe (stable-fixes).\n- drm/dp_mst: Factor out function to queue a topology probe work (stable-fixes).\n- drm/dp_mst: Fix drm RAD print (git-fixes).\n- drm/dp_mst: Fix locking when skipping CSN before topology probing (git-fixes).\n- drm/gma500: Add NULL check for pci_gfx_root in mid_get_vbt_data() (git-fixes).\n- drm/hyperv: Fix address space leak when Hyper-V DRM device is removed (git-fixes).\n- drm/i915/cdclk: Do cdclk post plane programming later (stable-fixes).\n- drm/i915/ddi: Fix HDMI port width programming in DDI_BUF_CTL (git-fixes).\n- drm/i915/dp: Fix error handling during 128b/132b link training (stable-fixes).\n- drm/i915/dp: Iterate DSC BPP from high to low on all platforms (git-fixes).\n- drm/i915/dsi: Use TRANS_DDI_FUNC_CTL\u0027s own port width macro (git-fixes).\n- drm/i915/guc: Debug print LRC state entries only if the context is pinned (git-fixes).\n- drm/i915/huc: Fix fence not released on early probe errors (git-fixes).\n- drm/i915/pmu: Fix zero delta busyness issue (git-fixes).\n- drm/i915/selftests: avoid using uninitialized context (git-fixes).\n- drm/i915/xe2lpd: Move D2D enable/disable (stable-fixes).\n- drm/i915: Drop 64bpp YUV formats from ICL+ SDR planes (stable-fixes).\n- drm/i915: Fix page cleanup on DMA remap failure (git-fixes).\n- drm/i915: Make sure all planes in use by the joiner have their crtc included (stable-fixes).\n- drm/komeda: Add check for komeda_get_layer_fourcc_list() (git-fixes).\n- drm/mediatek: dp: drm_err =\u003e dev_err in HPD path to avoid NULL ptr (git-fixes).\n- drm/mediatek: dsi: fix error codes in mtk_dsi_host_transfer() (git-fixes).\n- drm/mediatek: mtk_hdmi: Fix typo for aud_sampe_size member (git-fixes).\n- drm/mediatek: mtk_hdmi: Unregister audio platform device on failure (git-fixes).\n- drm/mgag200: Added support for the new device G200eH5 (jsc#PED-12094)\n- drm/modeset: Handle tiled displays in pan_display_atomic (stable-fixes).\n- drm/msm/a6xx: Fix a6xx indexed-regs in devcoreduump (git-fixes).\n- drm/msm/a6xx: Fix stale rpmh votes from GPU (git-fixes).\n- drm/msm/dpu: Disable dither in phys encoder cleanup (git-fixes).\n- drm/msm/dpu: Do not leak bits_per_component into random DSC_ENC fields (git-fixes).\n- drm/msm/dpu: do not use active in atomic_check() (git-fixes).\n- drm/msm/dsi: Set PHY usescase (and mode) before registering DSI host (git-fixes).\n- drm/msm/dsi: Use existing per-interface slice count in DSC timing (git-fixes).\n- drm/msm/gem: Demote userspace errors to DRM_UT_DRIVER (stable-fixes).\n- drm/msm/gem: prevent integer overflow in msm_ioctl_gem_submit() (git-fixes).\n- drm/msm: Avoid rounding up to one jiffy (git-fixes).\n- drm/nouveau/pmu: Fix gp10b firmware guard (git-fixes).\n- drm/nouveau: Do not override forced connector status (stable-fixes).\n- drm/nouveau: prime: fix ttm_bo_delayed_delete oops (git-fixes).\n- drm/panel: ilitek-ili9882t: fix GPIO name in error message (git-fixes).\n- drm/radeon/ci_dpm: Remove needless NULL checks of dpm tables (git-fixes).\n- drm/radeon: Fix rs400_gpu_init for ATI mobility radeon Xpress 200M (stable-fixes).\n- drm/radeon: fix uninitialized size issue in radeon_vce_cs_parse() (git-fixes).\n- drm/repaper: fix integer overflows in repeat functions (git-fixes).\n- drm/rockchip: move output interface related definition to rockchip_drm_drv.h (stable-fixes).\n- drm/rockchip: vop2: Fix the windows switch between different layers (git-fixes).\n- drm/rockchip: vop2: Set YUV/RGB overlay mode (stable-fixes).\n- drm/rockchip: vop2: include rockchip_drm_drv.h (git-fixes).\n- drm/rockchip: vop2: set bg dly and prescan dly at vop2_post_config (stable-fixes).\n- drm/sched: Fix fence reference count leak (git-fixes).\n- drm/sched: Fix preprocessor guard (git-fixes).\n- drm/ssd130x: Set SPI .id_table to prevent an SPI core warning (git-fixes).\n- drm/ssd130x: ensure ssd132x pitch is correct (git-fixes).\n- drm/ssd130x: fix ssd132x encoding (git-fixes).\n- drm/sti: remove duplicate object names (git-fixes).\n- drm/v3d: Do not run jobs that have errors flagged in its fence (git-fixes).\n- drm/virtio: New fence for every plane update (stable-fixes).\n- drm/vkms: Fix use after free and double free on init error (git-fixes).\n- drm/vkms: Round fixp2int conversion in lerp_u16 (stable-fixes).\n- drm: xlnx: zynqmp: Fix max dma segment size (git-fixes).\n- dummycon: fix default rows/cols (git-fixes).\n- eeprom: digsy_mtc: Make GPIO lookup table match the device (git-fixes).\n- efi/libstub: Bump up EFI_MMAP_NR_SLACK_SLOTS to 32 (bsc#1239349).\n- efi: Avoid cold plugged memory for placing the kernel (stable-fixes).\n- efi: libstub: Use \u0027-std=gnu11\u0027 to fix build with GCC 15 (stable-fixes).\n- eth: gve: use appropriate helper to set xdp_features (git-fixes).\n- exfat: convert to ctime accessor functions (git-fixes).\n- exfat: do not zero the extended part (bsc#1237356).\n- exfat: fix appending discontinuous clusters to empty file (bsc#1237356).\n- exfat: fix file being changed by unaligned direct write (git-fixes).\n- exfat: fix the infinite loop in exfat_find_last_cluster() (git-fixes).\n- exfat: fix timing of synchronizing bitmap and inode (bsc#1237356).\n- exfat: fix zero the unwritten part for dio read (git-fixes).\n- fbdev: au1100fb: Move a variable assignment behind a null pointer check (git-fixes).\n- fbdev: omap: use threaded IRQ for LCD DMA (stable-fixes).\n- fbdev: pxafb: Fix possible use after free in pxafb_task() (stable-fixes).\n- fbdev: sm501fb: Add some geometry checks (git-fixes).\n- firmware: arm_ffa: Explicitly cast return value from FFA_VERSION before comparison (git-fixes).\n- firmware: arm_scmi: use ioread64() instead of ioread64_hi_lo() (git-fixes).\n- firmware: cs_dsp: Ensure cs_dsp_load[_coeff]() returns 0 on success (git-fixes).\n- firmware: cs_dsp: Remove async regmap writes (git-fixes).\n- firmware: imx-scu: fix OF node leak in .probe() (git-fixes).\n- firmware: iscsi_ibft: fix ISCSI_IBFT Kconfig entry (git-fixes).\n- flow_dissector: use RCU protection to fetch dev_net() (bsc#1239994).\n- futex: Do not include process MM in futex key on no-MMU (git-fixes).\n- gpio: aggregator: protect driver attr handlers against module unload (git-fixes).\n- gpio: bcm-kona: Add missing newline to dev_err format string (git-fixes).\n- gpio: bcm-kona: Fix GPIO lock/unlock for banks above bank 0 (git-fixes).\n- gpio: bcm-kona: Make sure GPIO bits are unlocked when requesting IRQ (git-fixes).\n- gpio: pca953x: Improve interrupt support (git-fixes).\n- gpio: rcar: Fix missing of_node_put() call (git-fixes).\n- gpio: rcar: Use raw_spinlock to protect register access (stable-fixes).\n- gpio: stmpe: Check return value of stmpe_reg_read in stmpe_gpio_irq_sync_unlock (git-fixes).\n- gpio: tegra186: fix resource handling in ACPI probe path (git-fixes).\n- gpiolib: acpi: Add a quirk for Acer Nitro ANV14 (stable-fixes).\n- gpu: drm_dp_cec: fix broken CEC adapter properties check (git-fixes).\n- gpu: host1x: Do not assume that a NULL domain means no DMA IOMMU (git-fixes).\n- gtp: Use for_each_netdev_rcu() in gtp_genl_dump_pdp() (git-fixes).\n- gup: make the stack expansion warning a bit more targeted (bsc#1238214).\n- hfs: Sanity check the root record (git-fixes).\n- hwmon: (ad7314) Validate leading zero bits and return error (git-fixes).\n- hwmon: (nct6775-core) Fix out of bounds access for NCT679{8,9} (stable-fixes).\n- hwmon: (ntc_thermistor) Fix the ncpXXxh103 sensor table (git-fixes).\n- hwmon: (pmbus) Initialise page count in pmbus_identify() (git-fixes).\n- hwmon: fix a NULL vs IS_ERR_OR_NULL() check in xgene_hwmon_probe() (git-fixes).\n- i2c: Force ELAN06FA touchpad I2C bus freq to 100KHz (stable-fixes).\n- i2c: ali1535: Fix an error handling path in ali1535_probe() (git-fixes).\n- i2c: ali15x3: Fix an error handling path in ali15x3_probe() (git-fixes).\n- i2c: amd-mp2: drop free_irq() of devm_request_irq() allocated irq (git-fixes).\n- i2c: ls2x: Fix frequency division register access (git-fixes).\n- i2c: npcm: disable interrupt enable bit before devm_request_irq (git-fixes).\n- i2c: omap: fix IRQ storms (git-fixes).\n- i2c: sis630: Fix an error handling path in sis630_probe() (git-fixes).\n- i3c: Add NULL pointer check in i3c_master_queue_ibi() (git-fixes).\n- i3c: master: svc: Fix missing the IBI rules (git-fixes).\n- i3c: master: svc: Use readsb helper for reading MDB (git-fixes).\n- iavf: allow changing VLAN state without calling PF (git-fixes).\n- ice: Remove and readd netdev during devlink reload (bsc#1230497 bsc#1239518).\n- ice: Skip PTP HW writes during PTP reset procedure (git-fixes).\n- ice: add ice_adapter for shared data across PFs on the same NIC (bsc#1237415).\n- ice: avoid the PTP hardware semaphore in gettimex64 path (bsc#1237415).\n- ice: check ICE_VSI_DOWN under rtnl_lock when preparing for reset (git-fixes).\n- ice: fix incorrect PHY settings for 100 GB/s (git-fixes).\n- ice: fix max values for dpll pin phase adjust (git-fixes).\n- ice: fold ice_ptp_read_time into ice_ptp_gettimex64 (bsc#1237415).\n- ice: gather page_count()\u0027s of each frag right before XDP prog call (git-fixes).\n- ice: pass VSI pointer into ice_vc_isvalid_q_id (bsc#1237848 bsc#1230497).\n- ice: put Rx buffers after being done with current frame (git-fixes).\n- ice: stop storing XDP verdict within ice_rx_buf (git-fixes).\n- ice: use internal pf id instead of function number (git-fixes).\n- idpf: add read memory barrier when checking descriptor done bit (git-fixes).\n- idpf: call set_real_num_queues in idpf_open (bsc#1236661).\n- idpf: convert workqueues to unbound (git-fixes).\n- idpf: fix VF dynamic interrupt ctl register initialization (git-fixes).\n- idpf: fix handling rsc packet with a single segment (git-fixes).\n- igc: Fix HW RX timestamp when passed by ZC XDP (git-fixes).\n- igc: Set buffer type for empty frames in igc_init_empty_frame (git-fixes).\n- igc: return early when failing to read EECD register (git-fixes).\n- iio: accel: mma8452: Ensure error return on failure to matching oversampling ratio (git-fixes).\n- iio: accel: msa311: Fix failure to release runtime pm if direct mode claim fails (git-fixes).\n- iio: adc: ad4130: Fix comparison of channel setups (git-fixes).\n- iio: adc: ad7124: Fix comparison of channel configs (git-fixes).\n- iio: adc: at91-sama5d2_adc: fix sama7g5 realbits value (git-fixes).\n- iio: dac: ad3552r: clear reset status flag (git-fixes).\n- iio: filter: admv8818: Force initialization of SDO (git-fixes).\n- include/linux/mmzone.h: clean up watermark accessors (bsc#1239600).\n- include: net: add static inline dst_dev_overhead() to dst.h (git-fixes).\n- init: add initramfs_internal.h (bsc#1232848).\n- initcall_blacklist: Does not allow kernel_lockdown be blacklisted (bsc#1237521).\n- initramfs: allocate heap buffers together (bsc#1232848).\n- initramfs: fix hardlink hash leak without TRAILER (bsc#1232848).\n- intel_idle: Add ibrs_off module parameter to force-disable IBRS (git-fixes).\n- intel_idle: Use __update_spec_ctrl() in intel_idle_ibrs() (git-fixes).\n- intel_th: pci: Add Arrow Lake support (stable-fixes).\n- intel_th: pci: Add Panther Lake-H support (stable-fixes).\n- intel_th: pci: Add Panther Lake-P/U support (stable-fixes).\n- ioam6: improve checks on user data (git-fixes).\n- iommu/arm-smmu-v3: Clean up more on probe failure (stable-fixes).\n- iommu/vt-d: Fix suspicious RCU usage (git-fixes).\n- ipv4: add RCU protection to ip4_dst_hoplimit() (bsc#1239994).\n- ipv4: use RCU protection in inet_select_addr() (bsc#1239994).\n- ipv4: use RCU protection in ip_dst_mtu_maybe_forward() (bsc#1239994).\n- ipv4: use RCU protection in ipv4_default_advmss() (bsc#1239994).\n- ipv4: use RCU protection in rt_is_expired() (bsc#1239994).\n- ipv6: Ensure natural alignment of const ipv6 loopback and router addresses (git-fixes).\n- ipv6: Fix memleak of nhc_pcpu_rth_output in fib_check_nh_v6_gw() (git-fixes).\n- ipv6: Set errno after ip_fib_metrics_init() in ip6_route_info_create() (git-fixes).\n- ipv6: Use RCU in ip6_input() (bsc#1239994).\n- ipv6: annotate data-races around cnf.disable_ipv6 (git-fixes).\n- ipv6: avoid atomic fragment on GSO packets (git-fixes).\n- ipv6: fib6_rules: flush route cache when rule is changed (git-fixes).\n- ipv6: fib: hide unused \u0027pn\u0027 variable (git-fixes).\n- ipv6: fix ndisc_is_useropt() handling for PIO (git-fixes).\n- ipv6: fix potential NULL deref in fib6_add() (git-fixes).\n- ipv6: icmp: convert to dev_net_rcu() (bsc#1239994).\n- ipv6: introduce dst_rt6_info() helper (git-fixes).\n- ipv6: ioam: block BH from ioam6_output() (git-fixes).\n- ipv6: properly combine dev_base_seq and ipv6.dev_addr_genid (git-fixes).\n- ipv6: remove hard coded limitation on ipv6_pinfo (git-fixes).\n- ipv6: sr: add missing seg6_local_exit (git-fixes).\n- ipv6: sr: block BH in seg6_output_core() and seg6_input_core() (git-fixes).\n- ipv6: take care of scope when choosing the src addr (git-fixes).\n- jfs: add check read-only before truncation in jfs_truncate_nolock() (git-fixes).\n- jfs: add check read-only before txBeginAnon() call (git-fixes).\n- jfs: add index corruption check to DT_GETPAGE() (git-fixes).\n- jfs: fix slab-out-of-bounds read in ea_get() (git-fixes).\n- jfs: reject on-disk inodes of an unsupported type (git-fixes).\n- kABI fix for RDMA/core: Do not expose hw_counters outside (git-fixes)\n- kABI fix for ipv6: remove hard coded limitation on ipv6_pinfo (git-fixes).\n- kABI fix for net: ipv6: support reporting otherwise unknown prefix flags in RTM_NEWPREFIX (git-fixes).\n- kABI fix for netlink: terminate outstanding dump on socket close (git-fixes).\n- kABI fix for tcp: fix cookie_init_timestamp() overflows (git-fixes).\n- kABI fix for tcp: replace tcp_time_stamp_raw() (git-fixes).\n- kABI workaround for intel-ish-hid (git-fixes).\n- kABI workaround for soc_mixer_control changes (git-fixes).\n- kabi: fix bus type (bsc#1236896).\n- kabi: fix group_cpus_evenly (bsc#1236897).\n- kabi: hide adding RCU head into struct netdev_name_node (bsc#1233749).\n- kasan: do not call find_vm_area() in a PREEMPT_RT kernel (git-fixes).\n- kbuild: hdrcheck: fix cross build with clang (git-fixes).\n- kbuild: userprogs: fix bitsize and target detection on clang (git-fixes).\n- kernel-binary: Support livepatch_rt with merged RT branch\n- kernel-source: Also replace bin/env\n- kunit: qemu_configs: sparc: use Zilog console (git-fixes).\n- l2tp: fix ICMP error handling for UDP-encap sockets (git-fixes).\n- l2tp: fix incorrect parameter validation in the pppol2tp_getsockopt() function (git-fixes).\n- l2tp: fix lockdep splat (git-fixes).\n- leds: rgb: leds-qcom-lpg: Fix calculation of best period Hi-Res PWMs (git-fixes).\n- leds: rgb: leds-qcom-lpg: Fix pwm resolution max for Hi-Res PWMs (git-fixes).\n- lib/group_cpus: honor housekeeping config when grouping CPUs (bsc#1236897).\n- lib/group_cpus: let group_cpu_evenly return number initialized masks (bsc#1236897).\n- lib/iov_iter: fix import_iovec_ubuf iovec management (git-fixes).\n- lib: 842: Improve error handling in sw842_compress() (git-fixes).\n- lib: scatterlist: fix sg_split_phys to preserve original scatterlist offsets (git-fixes).\n- lib: stackinit: hide never-taken branch from compiler (stable-fixes).\n- libperf cpumap: Be tolerant of newline at the end of a cpumask (bsc#1234698 jsc#PED-12309).\n- libperf cpumap: Ensure empty cpumap is NULL from alloc (bsc#1234698 jsc#PED-12309).\n- libperf cpumap: Grow array of read CPUs in smaller increments (bsc#1234698 jsc#PED-12309).\n- libperf cpumap: Hide/reduce scope of MAX_NR_CPUS (bsc#1234698 jsc#PED-12309).\n- libperf cpumap: Remove use of perf_cpu_map__read() (bsc#1234698 jsc#PED-12309).\n- libperf cpumap: Rename perf_cpu_map__default_new() to\n perf_cpu_map__new_online_cpus() and prefer sysfs (bsc#1234698\n jsc#PED-12309).\n- libperf cpumap: Rename perf_cpu_map__dummy_new() to perf_cpu_map__new_any_cpu() (bsc#1234698 jsc#PED-12309).\n- libperf cpumap: Rename perf_cpu_map__empty() to perf_cpu_map__has_any_cpu_or_is_empty() (bsc#1234698 jsc#PED-12309).\n- lockdep: Do not disable interrupts on RT in disable_irq_nosync_lockdep.*() (git-fixes).\n- lockdep: Fix upper limit for LOCKDEP_*_BITS configs (stable-fixes).\n- lockdep: fix deadlock issue between lockdep and rcu (git-fixes).\n- locking/lockdep: Avoid creating new name string literals in lockdep_set_subclass() (git-fixes).\n- locking/rwsem: Add __always_inline annotation to __down_write_common() and inlined callers (git-fixes).\n- loop: do not set QUEUE_FLAG_NOMERGES (git-fixes).\n- md/md-bitmap: Add missing destroy_work_on_stack() (git-fixes).\n- md/md-bitmap: add \u0027sync_size\u0027 into struct md_bitmap_stats (git-fixes).\n- md/md-bitmap: replace md_bitmap_status() with a new helper md_bitmap_get_stats() (git-fixes).\n- md/md-cluster: fix spares warnings for __le64 (git-fixes).\n- md/raid0: do not free conf on raid0_run failure (git-fixes).\n- md/raid1: do not free conf on raid0_run failure (git-fixes).\n- md/raid5: Wait sync io to finish before changing group cnt (git-fixes).\n- md: Do not flush sync_work in md_write_start() (git-fixes).\n- md: convert comma to semicolon (git-fixes).\n- mdacon: rework dependency list (git-fixes).\n- media: cxd2841er: fix 64-bit division on gcc-9 (stable-fixes).\n- media: dvb: mb86a16: check the return value of mb86a16_read() (git-fixes).\n- media: firewire: firedtv-avc.c: replace BUG with proper, error return (git-fixes).\n- media: i2c: adv748x: Fix test pattern selection mask (git-fixes).\n- media: i2c: ccs: Set the device\u0027s runtime PM status correctly in remove (git-fixes).\n- media: i2c: ov7251: Introduce 1 ms delay between regulators and en GPIO (git-fixes).\n- media: i2c: ov7251: Set enable GPIO low in probe (git-fixes).\n- media: ov08x40: Fix hblank out of range issue (git-fixes).\n- media: platform: allgro-dvt: unregister v4l2_device on the error path (git-fixes).\n- media: platform: stm32: Add check for clk_enable() (git-fixes).\n- media: siano: Fix error handling in smsdvb_module_init() (git-fixes).\n- media: streamzap: fix race between device disconnection and urb callback (git-fixes).\n- media: streamzap: prevent processing IR data on URB failure (git-fixes).\n- media: uvcvideo: Add Kurokesu C1 PRO camera (stable-fixes).\n- media: uvcvideo: Add new quirk definition for the Sonix Technology Co. 292a camera (stable-fixes).\n- media: uvcvideo: Implement dual stream quirk to fix loss of usb packets (stable-fixes).\n- media: v4l2-dv-timings: prevent possible overflow in v4l2_detect_gtf() (git-fixes).\n- media: venus: hfi: add a check to handle OOB in sfr region (git-fixes).\n- media: venus: hfi: add check to handle incorrect queue size (git-fixes).\n- media: venus: hfi_parser: add check to avoid out of bound access (git-fixes).\n- media: venus: hfi_parser: refactor hfi packet parsing logic (git-fixes).\n- media: verisilicon: HEVC: Initialize start_bit field (git-fixes).\n- media: vidtv: Fix a null-ptr-deref in vidtv_mux_stop_thread (stable-fixes).\n- media: vim2m: print device name after registering device (git-fixes).\n- media: visl: Fix ERANGE error when setting enum controls (git-fixes).\n- mei: me: add panther lake P DID (stable-fixes).\n- memblock tests: fix warning: \"__ALIGN_KERNEL\" redefined (git-fixes).\n- memory: mtk-smi: Add ostd setting for mt8192 (git-fixes).\n- memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove (git-fixes).\n- mfd: ene-kb3930: Fix a potential NULL pointer dereference (git-fixes).\n- mfd: lpc_ich: Add another Gemini Lake ISA bridge PCI device-id (stable-fixes).\n- mfd: sm501: Switch to BIT() to mitigate integer overflows (git-fixes).\n- mfd: syscon: Add of_syscon_register_regmap() API (stable-fixes).\n- mfd: syscon: Fix race in device_node_get_regmap() (git-fixes).\n- mfd: syscon: Remove extern from function prototypes (stable-fixes).\n- mfd: syscon: Use scoped variables with memory allocators to simplify error paths (stable-fixes).\n- mm/compaction: fix UBSAN shift-out-of-bounds warning (git fixes (mm/compaction)).\n- mm/page_alloc: fix memory accept before watermarks gets initialized (bsc#1239600).\n- mm: accept to promo watermark (bsc#1239600).\n- mm: create promo_wmark_pages and clean up open-coded sites (bsc#1239600).\n- mm: fix endless reclaim on machines with unaccepted memory (bsc#1239600).\n- mm: hugetlb: Add huge page size param to huge_ptep_get_and_clear() (git-fixes)\n- mm: zswap: move allocations during CPU init outside the lock (git-fixes).\n- mmc: atmel-mci: Add missing clk_disable_unprepare() (git-fixes).\n- mmc: core: Respect quirk_max_rate for non-UHS SDIO card (stable-fixes).\n- mmc: mtk-sd: Fix register settings for hs400(es) mode (git-fixes).\n- mmc: omap: Fix memory leak in mmc_omap_new_slot (git-fixes).\n- mmc: sdhci-brcmstb: add cqhci suspend/resume to PM ops (git-fixes).\n- mmc: sdhci-msm: Correctly set the load for the regulator (stable-fixes).\n- mmc: sdhci-omap: Disable MMC_CAP_AGGRESSIVE_PM for eMMC/SD (git-fixes).\n- mmc: sdhci-pxav3: set NEED_RSP_BUSY capability (stable-fixes).\n- mptcp: export local_address (git-fixes)\n- mptcp: fix NL PM announced address accounting (git-fixes)\n- mptcp: fix data races on local_id (git-fixes)\n- mptcp: fix inconsistent state on fastopen race (bsc#1222672).\n- mptcp: fix recvbuffer adjust on sleeping rcvmsg (git-fixes)\n- mptcp: fully established after ADD_ADDR echo on MPJ (git-fixes)\n- mptcp: pass addr to mptcp_pm_alloc_anno_list (git-fixes)\n- mptcp: pm: check add_addr_accept_max before accepting new ADD_ADDR (git-fixes)\n- mptcp: pm: deny endp with signal + subflow + port (git-fixes)\n- mptcp: pm: do not ignore \u0027subflow\u0027 if \u0027signal\u0027 flag is also set (git-fixes)\n- mptcp: pm: do not try to create sf if alloc failed (git-fixes)\n- mptcp: pm: fullmesh: select the right ID later (git-fixes)\n- mptcp: pm: inc RmAddr MIB counter once per RM_ADDR ID (git-fixes)\n- mptcp: pm: only in-kernel cannot have entries with ID 0 (git-fixes)\n- mptcp: pm: re-using ID of unused flushed subflows (git-fixes)\n- mptcp: pm: re-using ID of unused removed ADD_ADDR (git-fixes)\n- mptcp: pm: re-using ID of unused removed subflows (git-fixes)\n- mptcp: pm: reduce indentation blocks (git-fixes)\n- mptcp: pm: remove mptcp_pm_remove_subflow (git-fixes)\n- mptcp: unify pm get_flags_and_ifindex_by_id (git-fixes)\n- mptcp: unify pm get_local_id interfaces (git-fixes)\n- mptcp: unify pm set_flags interfaces (git-fixes)\n- mtd: Add check for devm_kcalloc() (git-fixes).\n- mtd: Replace kcalloc() with devm_kcalloc() (git-fixes).\n- mtd: inftlcore: Add error check for inftl_read_oob() (git-fixes).\n- mtd: nand: Fix a kdoc comment (git-fixes).\n- mtd: rawnand: Add status chack in r852_ready() (git-fixes).\n- mtd: rawnand: brcmnand: fix PM resume warning (git-fixes).\n- mtd: rawnand: cadence: fix error code in cadence_nand_init() (git-fixes).\n- mtd: rawnand: cadence: fix incorrect device in dma_unmap_single (git-fixes).\n- mtd: rawnand: cadence: fix unchecked dereference (git-fixes).\n- mtd: rawnand: cadence: use dma_map_resource for sdma address (git-fixes).\n- nbd: Fix signal handling (git-fixes).\n- nbd: Improve the documentation of the locking assumptions (git-fixes).\n- nbd: do not allow reconnect after disconnect (git-fixes).\n- ndisc: ndisc_send_redirect() must use dev_get_by_index_rcu() (bsc#1239994).\n- ndisc: use RCU protection in ndisc_alloc_skb() (bsc#1239994).\n- net l2tp: drop flow hash on forward (git-fixes).\n- net/mlx5: Correct TASR typo into TSAR (git-fixes).\n- net/mlx5: Fix RDMA TX steering prio (git-fixes).\n- net/mlx5: Fix msix vectors to respect platform limit (bsc#1225981).\n- net/mlx5: SF, Fix add port error handling (git-fixes).\n- net/mlx5: Verify support for scheduling element and TSAR type (git-fixes).\n- net/mlx5e: Always start IPsec sequence number from 1 (git-fixes).\n- net/mlx5e: Rely on reqid in IPsec tunnel mode (git-fixes).\n- net/mlx5e: macsec: Maintain TX SA from encoding_sa (git-fixes).\n- net/sched: act_api: deny mismatched skip_sw/skip_hw flags for actions created by classifiers (git-fixes).\n- net/sched: act_api: rely on rcu in tcf_idr_check_alloc (git-fixes).\n- net/sched: adjust device watchdog timer to detect stopped queue at right time (git-fixes).\n- net/sched: cbs: Fix integer overflow in cbs_set_port_rate() (git-fixes).\n- net/sched: cls_u32: replace int refcounts with proper refcounts (git-fixes).\n- net/sched: flower: Add lock protection when remove filter handle (git-fixes).\n- net/sched: taprio: make q-\u003epicos_per_byte available to fill_sched_entry() (git-fixes).\n- net/sched: tbf: correct backlog statistic for GSO packets (git-fixes).\n- net/smc: support ipv4 mapped ipv6 addr client for smc-r v2 (bsc#1236994).\n- net: Fix undefined behavior in netdev name allocation (bsc#1233749).\n- net: add dev_net_rcu() helper (bsc#1239994).\n- net: avoid UAF on deleted altname (bsc#1233749).\n- net: check for altname conflicts when changing netdev\u0027s netns (bsc#1233749).\n- net: constify sk_dst_get() and __sk_dst_get() argument (git-fixes).\n- net: core: Use the bitmap API to allocate bitmaps (bsc#1233749).\n- net: do not send a MOVE event when netdev changes netns (bsc#1233749).\n- net: do not use input buffer of __dev_alloc_name() as a scratch space (bsc#1233749).\n- net: fix ifname in netlink ntf during netns move (bsc#1233749).\n- net: fix removing a namespace with conflicting altnames (bsc#1233749).\n- net: free altname using an RCU callback (bsc#1233749).\n- net: ipv6: fix dst ref loop in ila lwtunnel (git-fixes).\n- net: ipv6: fix dst ref loop on input in rpl lwt (git-fixes).\n- net: ipv6: fix dst ref loop on input in seg6 lwt (git-fixes).\n- net: ipv6: fix dst refleaks in rpl, seg6 and ioam6 lwtunnels (git-fixes).\n- net: ipv6: fix missing dst ref drop in ila lwtunnel (git-fixes).\n- net: ipv6: fix wrong start position when receive hop-by-hop fragment (git-fixes).\n- net: ipv6: ioam6: code alignment (git-fixes).\n- net: ipv6: ioam6: new feature tunsrc (git-fixes).\n- net: ipv6: ioam6_iptunnel: mitigate 2-realloc issue (git-fixes).\n- net: ipv6: rpl_iptunnel: Fix memory leak in rpl_input (git-fixes).\n- net: ipv6: rpl_iptunnel: block BH in rpl_output() and rpl_input() (git-fixes).\n- net: ipv6: rpl_iptunnel: mitigate 2-realloc issue (git-fixes).\n- net: ipv6: seg6_iptunnel: mitigate 2-realloc issue (git-fixes).\n- net: ipv6: select DST_CACHE from IPV6_RPL_LWTUNNEL (git-fixes).\n- net: ipv6: support reporting otherwise unknown prefix flags in RTM_NEWPREFIX (git-fixes).\n- net: make dev_alloc_name() call dev_prep_valid_name() (bsc#1233749).\n- net: mana: Add flex array to struct mana_cfg_rx_steer_req_v2 (bsc#1239016).\n- net: mana: Add get_link and get_link_ksettings in ethtool (bsc#1236761).\n- net: mana: Allow variable size indirection table (bsc#1239016).\n- net: mana: Assigning IRQ affinity on HT cores (bsc#1239015).\n- net: mana: Avoid open coded arithmetic (bsc#1239016).\n- net: mana: Cleanup \"mana\" debugfs dir after cleanup of all children (bsc#1236760).\n- net: mana: Enable debugfs files for MANA device (bsc#1236758).\n- net: mana: Fix irq_contexts memory leak in mana_gd_setup_irqs (bsc#1239015).\n- net: mana: Fix memory leak in mana_gd_setup_irqs (bsc#1239015).\n- net: mana: Support holes in device list reply msg (git-fixes).\n- net: mana: add a function to spread IRQs per CPUs (bsc#1239015).\n- net: mana: cleanup mana struct after debugfs_remove() (git-fixes).\n- net: move altnames together with the netdevice (bsc#1233749).\n- net: netvsc: Update default VMBus channels (bsc#1236757).\n- net: reduce indentation of __dev_alloc_name() (bsc#1233749).\n- net: remove dev_valid_name() check from __dev_alloc_name() (bsc#1233749).\n- net: remove else after return in dev_prep_valid_name() (bsc#1233749).\n- net: rose: lock the socket in rose_bind() (git-fixes).\n- net: sfc: Correct key_len for efx_tc_ct_zone_ht_params (git-fixes).\n- net: smc: fix spurious error message from __sock_release() (bsc#1237126).\n- net: trust the bitmap in __dev_alloc_name() (bsc#1233749).\n- net: usb: qmi_wwan: add Telit Cinterion FE990B composition (stable-fixes).\n- net: usb: qmi_wwan: add Telit Cinterion FN990B composition (stable-fixes).\n- net: usb: usbnet: restore usb%d name exception for local mac addresses (bsc#1234480).\n- net: use unrcu_pointer() helper (git-fixes).\n- net: wwan: iosm: Fix hibernation by re-binding the driver around it (stable-fixes).\n- net: wwan: mhi_wwan_mbim: Silence sequence number glitch errors (stable-fixes).\n- net_sched: Prevent creation of classes with TC_H_ROOT (git-fixes).\n- net_sched: sch_sfq: annotate data-races around q-\u003eperturb_period (git-fixes).\n- net_sched: sch_sfq: handle bigger packets (git-fixes).\n- nfs: clear SB_RDONLY before getting superblock (bsc#1238565).\n- nfs: ignore SB_RDONLY when remounting nfs (bsc#1238565).\n- nfsd: clear acl_access/acl_default after releasing them (git-fixes).\n- nfsd: put dl_stid if fail to queue dl_recall (git-fixes).\n- nouveau/svm: fix missing folio unlock + put after make_device_exclusive_range() (git-fixes).\n- ntb: Force physically contiguous allocation of rx ring buffers (git-fixes).\n- ntb: intel: Fix using link status DB\u0027s (git-fixes).\n- ntb: use 64-bit arithmetic for the MSI doorbell mask (git-fixes).\n- ntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans (git-fixes).\n- ntb_perf: Delete duplicate dmaengine_unmap_put() call in perf_copy_chunk() (git-fixes).\n- ntb_perf: Fix printk format (git-fixes).\n- null_blk: Do not allow runt zone with zone capacity smaller then zone size (git-fixes).\n- null_blk: Fix missing mutex_destroy() at module removal (git-fixes).\n- null_blk: Fix the WARNING: modpost: missing MODULE_DESCRIPTION() (git-fixes).\n- null_blk: Print correct max open zones limit in null_init_zoned_dev() (git-fixes).\n- null_blk: Remove usage of the deprecated ida_simple_xx() API (git-fixes).\n- null_blk: do not cap max_hw_sectors to BLK_DEF_MAX_SECTORS (git-fixes).\n- null_blk: fix validation of block size (git-fixes).\n- nvme-fc: do not ignore connectivity loss during connecting (git-fixes bsc#1222649).\n- nvme-fc: go straight to connecting state when initializing (git-fixes bsc#1222649).\n- nvme-fc: rely on state transitions to handle connectivity loss (git-fixes bsc#1222649).\n- nvme-fc: use ctrl state getter (git-fixes).\n- nvme-ioctl: fix leaked requests on mapping error (git-fixes).\n- nvme-pci: Add TUXEDO IBP Gen9 to Samsung sleep quirk (git-fixes).\n- nvme-pci: Add TUXEDO InfinityFlex to Samsung sleep quirk (git-fixes).\n- nvme-pci: quirk Acer FA100 for non-uniqueue identifiers (git-fixes).\n- nvme-pci: remove stale comment (git-fixes).\n- nvme-pci: use block layer helpers to calculate num of queues (bsc#1236897).\n- nvme-tcp: Fix a C2HTermReq error message (git-fixes).\n- nvme-tcp: add basic support for the C2HTermReq PDU (git-fixes).\n- nvme-tcp: fix connect failure on receiving partial ICResp PDU (git-fixes).\n- nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu() (git-fixes).\n- nvme-tcp: fix signedness bug in nvme_tcp_init_connection() (git-fixes).\n- nvme/ioctl: add missing space in err message (git-fixes).\n- nvme: handle connectivity loss in nvme_set_queue_count (git-fixes).\n- nvme: introduce nvme_disk_is_ns_head helper (git-fixes).\n- nvme: make nvme_tls_attrs_group static (git-fixes).\n- nvme: move error logging from nvme_end_req() to __nvme_end_req() (git-fixes).\n- nvme: move passthrough logging attribute to head (git-fixes).\n- nvme: only allow entering LIVE from CONNECTING state (git-fixes bsc#1222649).\n- nvme: replace blk_mq_pci_map_queues with blk_mq_map_hw_queues (bsc#1236896).\n- nvme: tcp: Fix compilation warning with W=1 (git-fixes).\n- nvmet-fc: Remove unused functions (git-fixes).\n- nvmet-rdma: recheck queue state is LIVE in state lock in recv done (git-fixes).\n- nvmet-tcp: Fix a possible sporadic response drops in weakly ordered arch (git-fixes).\n- nvmet: Fix crash when a namespace is disabled (git-fixes).\n- nvmet: remove old function prototype (git-fixes).\n- objtool, media: dib8000: Prevent divide-by-zero in dib8000_set_dds() (git-fixes).\n- objtool, spi: amd: Fix out-of-bounds stack access in amd_set_spi_freq() (git-fixes).\n- objtool: Fix segfault in ignore_unreachable_insn() (git-fixes).\n- ocfs2: check dir i_size in ocfs2_find_entry (git-fixes).\n- ocfs2: fix deadlock in ocfs2_get_system_file_inode (git-fixes).\n- ocfs2: fix incorrect CPU endianness conversion causing mount failure (bsc#1236138).\n- ocfs2: handle a symlink read error correctly (git-fixes).\n- ocfs2: mark dquot as inactive if failed to start trans while releasing dquot (git-fixes).\n- ocfs2: update seq_file index in ocfs2_dlm_seq_next (git-fixes).\n- orangefs: fix a oob in orangefs_debug_write (git-fixes).\n- padata: Clean up in padata_do_multithreaded() (bsc#1237563).\n- padata: Honor the caller\u0027s alignment in case of chunk_size 0 (bsc#1237563).\n- padata: fix sysfs store callback check (git-fixes).\n- partitions: ldm: remove the initial kernel-doc notation (git-fixes).\n- partitions: mac: fix handling of bogus partition table (git-fixes).\n- perf cpumap: Reduce transitive dependencies on libperf MAX_NR_CPUS (bsc#1234698 jsc#PED-12309).\n- perf pmu: Remove use of perf_cpu_map__read() (bsc#1234698 jsc#PED-12309).\n- perf tools: annotate asm_pure_loop.S (bsc#1239906).\n- perf: Increase MAX_NR_CPUS to 4096 (bsc#1234698 jsc#PED-12309).\n- phy: exynos5-usbdrd: fix MPLL_MULTIPLIER and SSC_REFCLKSEL masks in refclk (git-fixes).\n- phy: rockchip: naneng-combphy: compatible reset with old DT (git-fixes).\n- phy: tegra: xusb: reset VBUS \u0026 ID OVERRIDE (git-fixes).\n- pinctrl: bcm281xx: Fix incorrect regmap max_registers value (git-fixes).\n- pinctrl: cy8c95x0: Respect IRQ trigger settings from firmware (git-fixes).\n- pinctrl: intel: Fix wrong bypass assignment in intel_pinctrl_probe_pwm() (git-fixes).\n- pinctrl: qcom: Clear latched interrupt status when changing IRQ type (git-fixes).\n- pinctrl: renesas: rza2: Fix missing of_node_put() call (git-fixes).\n- pinctrl: renesas: rzv2m: Fix missing of_node_put() call (git-fixes).\n- pinctrl: tegra: Set SFIO mode to Mux Register (git-fixes).\n- platform/x86/intel-uncore-freq: Ignore minor version change (bsc#1237452).\n- platform/x86/intel-uncore-freq: Increase minor number support (bsc#1237452).\n- platform/x86/intel/tpmi: Add defines to get version information (bsc#1237452).\n- platform/x86/intel/vsec: Add Diamond Rapids support (stable-fixes).\n- platform/x86/intel: pmc: fix ltr decode in pmc_core_ltr_show() (stable-fixes).\n- platform/x86: ISST: Correct command storage data length (git-fixes).\n- platform/x86: ISST: Ignore minor version change (bsc#1237452).\n- platform/x86: acer-wmi: Ignore AC events (stable-fixes).\n- platform/x86: dell-ddv: Fix temperature calculation (git-fixes).\n- platform/x86: int3472: Check for adev == NULL (stable-fixes).\n- platform/x86: intel-hid: fix volume buttons on Microsoft Surface Go 4 tablet (stable-fixes).\n- platform/x86: thinkpad_acpi: Add battery quirk for ThinkPad X131e (stable-fixes).\n- platform/x86: thinkpad_acpi: Fix invalid fan speed on ThinkPad X120e (stable-fixes).\n- platform/x86: thinkpad_acpi: Support for V9 DYTC platform profiles (stable-fixes).\n- pnfs/flexfiles: retry getting layout segment for reads (git-fixes).\n- power: supply: da9150-fg: fix potential overflow (git-fixes).\n- power: supply: max77693: Fix wrong conversion of charge input threshold value (git-fixes).\n- powercap: dtpm_devfreq: Fix error check against dev_pm_qos_add_request() (git-fixes).\n- powercap: intel_rapl_tpmi: Fix System Domain probing (git-fixes).\n- powercap: intel_rapl_tpmi: Fix bogus register reading (git-fixes).\n- powercap: intel_rapl_tpmi: Ignore minor version change (git-fixes).\n- powerpc/64s/mm: Move __real_pte stubs into hash-4k.h (bsc#1215199).\n- powerpc/64s: Rewrite __real_pte() and __rpte_to_hidx() as static inline (bsc#1215199).\n- powerpc/code-patching: Disable KASAN report during patching via temporary mm (bsc#1215199).\n- powerpc/code-patching: Fix KASAN hit by not flagging text patching area as VM_ALLOC (bsc#1215199).\n- powerpc/pseries/eeh: Fix pseries_eeh_err_inject (bsc#1239573).\n- powerpc/pseries/eeh: move pseries_eeh_err_inject() outside CONFIG_DEBUG_FS block (bsc#1239573).\n- powerpc/pseries/iommu: Split Dynamic DMA Window to be used in Hybrid\n mode (ltc#210895 bsc#1235933 ltc#210896 bsc#1235932).\n- powerpc/pseries/iommu: memory notifier incorrectly adds TCEs for pmemory (bsc#1239167 ltc#211055).\n- powerpc/trace: Add support for HAVE_FUNCTION_ARG_ACCESS_API (bsc#1236967 ltc#210988).\n- powerpc: Stop using no_llseek (bsc#1239573).\n- printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX (bsc#1237950).\n- r8169: enable SG/TSO on selected chip versions per default (bsc#1235874).\n- rapidio: add check for rio_add_net() in rio_scan_alloc_net() (git-fixes).\n- rapidio: fix an API misues when rio_add_net() fails (git-fixes).\n- rbd: do not assume RBD_LOCK_STATE_LOCKED for exclusive mappings (git-fixes).\n- rbd: do not assume rbd_is_lock_owner() for exclusive mappings (git-fixes).\n- rbd: do not move requests to the running list on errors (git-fixes).\n- rbd: rename RBD_LOCK_STATE_RELEASING and releasing_wait (git-fixes).\n- regmap-irq: Add missing kfree() (git-fixes).\n- regulator: check that dummy regulator has been probed before using it (stable-fixes).\n- regulator: core: Fix deadlock in create_regulator() (git-fixes).\n- regulator: dummy: force synchronous probing (git-fixes).\n- rndis_host: Flag RNDIS modems as WWAN devices (git-fixes).\n- rpm/kernel-docs.spec.in: Workaround for reproducible builds (bsc#1238303)\n- rpm/release-projects: Update the ALP projects again (bsc#1231293).\n- rpm/split-modules: Fix optional splitting with usrmerge (bsc#1238570)\n- rtnetlink: Allocate vfinfo size for VF GUIDs when supported (bsc#1224013).\n- s390/cio: Fix CHPID \"configure\" attribute caching (git-fixes bsc#1240979).\n- s390/cio: rename bitmap_size() -\u003e idset_bitmap_size() (git-fixes bsc#1236205).\n- s390/futex: Fix FUTEX_OP_ANDN implementation (git-fixes bsc#1237158).\n- s390/iucv: fix receive buffer virtual vs physical address confusion (git-fixes bsc#1236200).\n- s390/pci: Fix SR-IOV for PFs initially in standby (git-fixes bsc#1236752).\n- s390/pci: Fix handling of isolated VFs (git-fixes bsc#1238368).\n- s390/pci: Fix leak of struct zpci_dev when zpci_add_device() fails (bsc#1236752).\n- s390/pci: Fix zpci_bus_is_isolated_vf() for non-VFs (git-fixes bsc#1240978).\n- s390/pci: Ignore RID for isolated VFs (bsc#1236752).\n- s390/pci: Pull search for parent PF out of zpci_iov_setup_virtfn() (git-fixes bsc#1238368).\n- s390/pci: Sort PCI functions prior to creating virtual busses (bsc#1236752).\n- s390/pci: Use topology ID for multi-function devices (bsc#1236752).\n- s390/smp,mcck: fix early IPI handling (git-fixes bsc#1236199).\n- s390/stackleak: Use exrl instead of ex in __stackleak_poison() (git-fixes bsc#1239594).\n- s390/topology: Improve topology detection (bsc#1236591).\n- s390/traps: Fix test_monitor_call() inline assembly (git-fixes bsc#1239595).\n- s390/vfio-ap: Remove gmap_convert_to_secure() from vfio_ap_ops (git-fixes bsc#1236203).\n- sched/membarrier: Fix redundant load of membarrier_state (bsc#1232743).\n- sched/topology: Add a new arch_scale_freq_ref() method (bsc#1238052)\n- scripts/gdb: fix aarch64 userspace detection in get_current_task (stable-fixes).\n- scsi: core: Clear driver private data when retrying request (git-fixes).\n- scsi: core: Do not retry I/Os during depopulation (git-fixes).\n- scsi: core: Handle depopulation and restoration in progress (git-fixes).\n- scsi: hisi_sas: Allocate DFX memory during dump trigger (git-fixes).\n- scsi: hisi_sas: Directly call register snapshot instead of using workqueue (git-fixes).\n- scsi: hisi_sas: Enable all PHYs that are not disabled by user during controller reset (git-fixes).\n- scsi: hisi_sas: Fix a deadlock issue related to automatic dump (git-fixes).\n- scsi: hisi_sas: Remove redundant checks for automatic debugfs dump (git-fixes).\n- scsi: iscsi: Fix redundant response for ISCSI_UEVENT_GET_HOST_STATS request (git-fixes).\n- scsi: lpfc: Copyright updates for 14.4.0.8 patches (bsc#1238347).\n- scsi: lpfc: Free phba irq in lpfc_sli4_enable_msi() when pci_irq_vector() fails (bsc#1238347).\n- scsi: lpfc: Handle duplicate D_IDs in ndlp search-by D_ID routine (bsc#1238347).\n- scsi: lpfc: Ignore ndlp rport mismatch in dev_loss_tmo callbk (bsc#1238347).\n- scsi: lpfc: Reduce log message generation during ELS ring clean up (bsc#1238347).\n- scsi: lpfc: Update lpfc version to 14.4.0.8 (bsc#1238347).\n- scsi: megaraid_sas: Fix for a potential deadlock (git-fixes).\n- scsi: mpi3mr: Fix possible crash when setting up bsg fails (git-fixes).\n- scsi: mpi3mr: Start controller indexing from 0 (git-fixes).\n- scsi: mpi3mr: Use ida to manage mrioc ID (git-fixes).\n- scsi: mpt3sas: Diag-Reset when Doorbell-In-Use bit is set during driver load time (jsc#PED-11253).\n- scsi: myrb: Remove dead code (git-fixes).\n- scsi: qedi: Fix potential deadlock on \u0026qedi_percpu-\u003ep_work_lock (git-fixes).\n- scsi: qla1280: Fix hw revision numbering for ISP1020/1040 (git-fixes).\n- scsi: replace blk_mq_pci_map_queues with blk_mq_map_hw_queues (bsc#1236896).\n- scsi: scsi_debug: Fix hrtimer support for ndelay (git-fixes).\n- scsi: sg: Enable runtime power management (git-fixes).\n- scsi: st: Add MTIOCGET and MTLOAD to ioctls allowed after device reset (git-fixes).\n- scsi: st: Do not modify unknown block number in MTIOCGET (git-fixes).\n- scsi: storvsc: Set correct data length for sending SCSI command without payload (git-fixes).\n- scsi: use block layer helpers to calculate num of queues (bsc#1236897).\n- security, lsm: Introduce security_mptcp_add_subflow() (bsc#1240375).\n- selftest: hugetlb_dio: fix test naming (git-fixes).\n- selftest: mm: Test if hugepage does not get leaked during __bio_release_pages() (git-fixes).\n- selftests/bpf: Add test for narrow ctx load for pointer args (git-fixes).\n- selftests/bpf: Fix flaky selftest lwt_redirect/lwt_reroute (git-fixes).\n- selftests/bpf: Fix flaky test btf_map_in_map/lookup_update (git-fixes).\n- selftests/bpf: Prevent client connect before server bind in test_tc_tunnel.sh (git-fixes).\n- selftests/bpf: add fp-leaking precise subprog result tests (git-fixes).\n- selftests/futex: pass _GNU_SOURCE without a value to the compiler (git-fixes).\n- selftests/mm/cow: fix the incorrect error handling (git-fixes).\n- selftests/net/ipsec: Fix Null pointer dereference in rtattr_pack() (stable-fixes).\n- selftests/x86/syscall: Fix coccinelle WARNING recommending the use of ARRAY_SIZE() (git-fixes).\n- selftests: gpio: gpio-sim: Fix missing chip disablements (stable-fixes).\n- selftests: hugetlb_dio: check for initial conditions to skip in the start (git-fixes).\n- selftests: hugetlb_dio: fixup check for initial conditions to skip in the start (git-fixes).\n- selftests: mptcp: close fd_in before returning in main_loop (git-fixes).\n- selftests: mptcp: connect: -f: no reconnect (git-fixes).\n- selftests: mptcp: fix incorrect fd checks in main_loop (git-fixes).\n- selftests: rtnetlink: update netdevsim ipsec output format (stable-fixes).\n- selinux: Implement mptcp_add_subflow hook (bsc#1240375).\n- seq_file: add helper macro to define attribute for rw file (jsc#PED-12416).\n- serial: 8250: Fix fifo underflow on flush (git-fixes).\n- serial: 8250_dma: terminate correct DMA in tx_dma_flush() (git-fixes).\n- serial: sc16is7xx: use device_property APIs when configuring irda mode (stable-fixes).\n- slimbus: messaging: Free transaction ID in delayed interrupt scenario (git-fixes).\n- smb3: fix creating FIFOs when mounting with \"sfu\" mount option (git-fixes).\n- smb3: request handle caching when caching directories (bsc#1231432).\n- smb3: retrying on failed server close (bsc#1231432).\n- smb: cached directories can be more than root file handle (bsc#1231432).\n- smb: cilent: set reparse mount points as automounts (git-fixes).\n- smb: client: Fix a NULL vs IS_ERR() check in wsl_set_xattrs() (git-fixes).\n- smb: client: Fix minor whitespace errors and warnings (git-fixes).\n- smb: client: Fix netns refcount imbalance causing leaks and use-after-free (git-fixes).\n- smb: client: add support for WSL reparse points (git-fixes).\n- smb: client: allow creating special files via reparse points (git-fixes).\n- smb: client: allow creating symlinks via reparse points (git-fixes).\n- smb: client: cleanup smb2_query_reparse_point() (git-fixes).\n- smb: client: destroy cfid_put_wq on module exit (git-fixes).\n- smb: client: do not query reparse points twice on symlinks (git-fixes).\n- smb: client: extend smb2_compound_op() to accept more commands (bsc#1231432).\n- smb: client: fix OOB in SMB2_query_info_init() (bsc#1231432).\n- smb: client: fix OOB in smb2_query_reparse_point() (git-fixes).\n- smb: client: fix corruption in cifs_extend_writeback (bsc#1235609).\n- smb: client: fix double put of @cfile in smb2_rename_path() (git-fixes).\n- smb: client: fix double put of @cfile in smb2_set_path_size() (git-fixes).\n- smb: client: fix hardlinking of reparse points (git-fixes).\n- smb: client: fix missing mode bits for SMB symlinks (git-fixes).\n- smb: client: fix open_cached_dir retries with \u0027hard\u0027 mount option (bsc#1240616).\n- smb: client: fix possible double free in smb2_set_ea() (git-fixes).\n- smb: client: fix potential broken compound request (git-fixes).\n- smb: client: fix renaming of reparse points (git-fixes).\n- smb: client: get rid of smb311_posix_query_path_info() (git-fixes).\n- smb: client: handle STATUS_IO_REPARSE_TAG_NOT_HANDLED (git-fixes).\n- smb: client: handle lack of FSCTL_GET_REPARSE_POINT support (git-fixes).\n- smb: client: handle path separator of created SMB symlinks (git-fixes).\n- smb: client: handle special files and symlinks in SMB3 POSIX (git-fixes).\n- smb: client: ignore unhandled reparse tags (git-fixes).\n- smb: client: implement -\u003equery_reparse_point() for SMB1 (git-fixes).\n- smb: client: instantiate when creating SFU files (git-fixes).\n- smb: client: introduce -\u003eparse_reparse_point() (git-fixes).\n- smb: client: introduce SMB2_OP_QUERY_WSL_EA (git-fixes).\n- smb: client: introduce cifs_sfu_make_node() (git-fixes).\n- smb: client: introduce reparse mount option (git-fixes).\n- smb: client: make smb2_compound_op() return resp buffer on success (bsc#1231432).\n- smb: client: move most of reparse point handling code to common file (git-fixes).\n- smb: client: move some params to cifs_open_info_data (bsc#1231432).\n- smb: client: optimise reparse point querying (git-fixes).\n- smb: client: parse owner/group when creating reparse points (git-fixes).\n- smb: client: parse reparse point flag in create response (bsc#1231432).\n- smb: client: parse uid, gid, mode and dev from WSL reparse points (git-fixes).\n- smb: client: properly close cfids on umount (bsc#1231432, bsc#1232299, bsc#1235599, bsc#1234896).\n- smb: client: reduce number of parameters in smb2_compound_op() (git-fixes).\n- smb: client: reduce stack usage in smb2_query_info_compound() (bsc#1231432).\n- smb: client: reduce stack usage in smb2_query_reparse_point() (git-fixes).\n- smb: client: reduce stack usage in smb2_set_ea() (bsc#1231432).\n- smb: client: retry compound request without reusing lease (git-fixes).\n- smb: client: return reparse type in /proc/mounts (git-fixes).\n- smb: client: reuse file lease key in compound operations (git-fixes).\n- smb: client: set correct d_type for reparse DFS/DFSR and mount point (git-fixes).\n- smb: client: set correct file type from NFS reparse points (git-fixes).\n- smb: client: stop revalidating reparse points unnecessarily (git-fixes).\n- smb: use kernel_connect() and kernel_bind() (git-fixes).\n- soc/mediatek: mtk-devapc: Convert to platform remove callback returning void (stable-fixes).\n- soc/tegra: fuse: Update Tegra234 nvmem keepout list (stable-fixes).\n- soc: imx8m: Remove global soc_uid (stable-fixes).\n- soc: imx8m: Unregister cpufreq and soc dev in cleanup path (git-fixes).\n- soc: imx8m: Use devm_* to simplify probe failure handling (stable-fixes).\n- soc: loongson: loongson2_guts: Add check for devm_kstrdup() (git-fixes).\n- soc: mediatek: mt8167-mmsys: Fix missing regval in all entries (git-fixes).\n- soc: mediatek: mt8365-mmsys: Fix routing table masks and values (git-fixes).\n- soc: mediatek: mtk-devapc: Fix leaking IO map on driver remove (git-fixes).\n- soc: qcom: pdr: Fix the potential deadlock (git-fixes).\n- soc: qcom: smem: introduce qcom_smem_get_soc_id() (git-fixes).\n- soc: qcom: socinfo: move SMEM item struct and defines to a header (git-fixes).\n- soc: samsung: exynos-chipid: Add NULL pointer check in exynos_chipid_probe() (git-fixes).\n- soundwire: slave: fix an OF node reference leak in soundwire slave device (git-fixes).\n- spi: atmel-qspi: Memory barriers after memory-mapped I/O (git-fixes).\n- spi: atmel-quadspi: Create `atmel_qspi_ops` to support newer SoC families (stable-fixes).\n- spi: cadence-qspi: Fix probe on AM62A LP SK (git-fixes).\n- spi: microchip-core: Clean up redundant dev_err_probe() (git-fixes).\n- spi: microchip-core: Use helper function devm_clk_get_enabled() (git-fixes).\n- spi: sn-f-ospi: Fix division by zero (git-fixes).\n- splice: do not checksum AF_UNIX sockets (bsc#1240333).\n- staging: rtl8723bs: select CONFIG_CRYPTO_LIB_AES (git-fixes).\n- sunrpc: suppress warnings for unused procfs functions (git-fixes).\n- supported.conf: add now-included qat_420xx (external, intel)\n- tcp: Add memory barrier to tcp_push() (git-fixes).\n- tcp: Adjust clamping window for applications specifying SO_RCVBUF (git-fixes).\n- tcp: Annotate data-race around sk-\u003esk_mark in tcp_v4_send_reset (git-fixes).\n- tcp: Defer ts_recent changes until req is owned (git-fixes).\n- tcp: Do not drop SYN+ACK for simultaneous connect() (git-fixes).\n- tcp: Fix NEW_SYN_RECV handling in inet_twsk_purge() (git-fixes).\n- tcp: Fix bind() regression for v6-only wildcard and v4(-mapped-v6) non-wildcard addresses (git-fixes).\n- tcp: Update window clamping condition (git-fixes).\n- tcp: add tcp_done_with_error() helper (git-fixes).\n- tcp: adjust rcvq_space after updating scaling ratio (git-fixes).\n- tcp: annotate data-races around tp-\u003ewindow_clamp (git-fixes).\n- tcp: avoid premature drops in tcp_add_backlog() (git-fixes).\n- tcp: avoid reusing FIN_WAIT2 when trying to find port in connect() process (git-fixes).\n- tcp: check mptcp-level constraints for backlog coalescing (git-fixes).\n- tcp: check space before adding MPTCP SYN options (git-fixes).\n- tcp: clear tp-\u003eretrans_stamp in tcp_rcv_fastopen_synack() (git-fixes).\n- tcp: count CLOSE-WAIT sockets for TCP_MIB_CURRESTAB (git-fixes).\n- tcp: define initial scaling factor value as a macro (git-fixes).\n- tcp: derive delack_max from rto_min (git-fixes).\n- tcp: fix TFO SYN_RECV to not zero retrans_stamp with retransmits out (git-fixes).\n- tcp: fix cookie_init_timestamp() overflows (git-fixes).\n- tcp: fix forever orphan socket caused by tcp_abort (git-fixes).\n- tcp: fix incorrect parameter validation in the do_tcp_getsockopt() function (git-fixes).\n- tcp: fix incorrect undo caused by DSACK of TLP retransmit (git-fixes).\n- tcp: fix mid stream window clamp (git-fixes).\n- tcp: fix race in tcp_v6_syn_recv_sock() (git-fixes).\n- tcp: fix race in tcp_write_err() (git-fixes).\n- tcp: fix races in tcp_abort() (git-fixes).\n- tcp: fix races in tcp_v_err() (git-fixes).\n- tcp: fix tcp_enter_recovery() to zero retrans_stamp when it\u0027s safe (git-fixes).\n- tcp: fix tcp_rcv_fastopen_synack() to enter TCP_CA_Loss for failed TFO (git-fixes).\n- tcp: fix to allow timestamp undo if no retransmits were sent (git-fixes).\n- tcp: increase the default TCP scaling ratio (git-fixes).\n- tcp: introduce tcp_clock_ms() (git-fixes).\n- tcp: process the 3rd ACK with sk_socket for TFO/MPTCP (git-fixes).\n- tcp: reduce accepted window in NEW_SYN_RECV state (git-fixes).\n- tcp: remove 64 KByte limit for initial tp-\u003ercv_wnd value (git-fixes).\n- tcp: replace tcp_time_stamp_raw() (git-fixes).\n- tg3: Disable tg3 PCIe AER on system reboot (bsc#1219367).\n- thermal/drivers/rockchip: Add missing rk3328 mapping entry (git-fixes).\n- thermal: int340x: Add NULL check for adev (git-fixes).\n- tomoyo: do not emit warning in tomoyo_write_control() (stable-fixes).\n- tools/testing/selftests/bpf/test_tc_tunnel.sh: Fix wait for server bind (git-fixes).\n- tools: fix annoying \"mkdir -p ...\" logs when building tools in parallel (git-fixes).\n- tools: move alignment-related macros to new \u0026lt;linux/align.h\u003e (git-fixes).\n- topology: Set capacity_freq_ref in all cases (bsc#1238052)\n- tpm, tpm_tis: Fix timeout handling when waiting for TPM status (git-fixes).\n- tpm, tpm_tis: Workaround failed command reception on Infineon devices (bsc#1235870).\n- tpm: do not start chip while suspended (git-fixes).\n- tpm: send_data: Wait longer for the TPM to become ready (bsc#1235870).\n- tpm: tis: Double the timeout B to 4s (bsc#1235870).\n- tpm_tis: Move CRC check to generic send routine (bsc#1235870).\n- tpm_tis: Use responseRetry to recover from data transfer errors (bsc#1235870).\n- tty: serial: 8250: Add Brainboxes XC devices (stable-fixes).\n- tty: serial: 8250: Add some more device IDs (stable-fixes).\n- tty: serial: fsl_lpuart: disable transmitter before changing RS485 related registers (git-fixes).\n- tty: serial: lpuart: only disable CTS instead of overwriting the whole UARTMODIR register (git-fixes).\n- tty: xilinx_uartps: split sysrq handling (git-fixes).\n- ubi: Add a check for ubi_num (git-fixes).\n- ubi: block: Fix use-after-free in ubiblock_cleanup (git-fixes).\n- ubi: block: fix null-pointer-dereference in ubiblock_create() (git-fixes).\n- ubi: correct the calculation of fastmap size (stable-fixes).\n- ubi: eba: properly rollback inside self_check_eba (git-fixes).\n- ubi: fastmap: Fix missed ec updating after erasing old fastmap data block (git-fixes).\n- ubi: fastmap: may_reserve_for_fm: Do not reserve PEB if fm_anchor exists (git-fixes).\n- ubi: fastmap: wl: Schedule fm_work if wear-leveling pool is empty (git-fixes).\n- ubi: wl: Put source PEB into correct list if trying locking LEB failed (git-fixes).\n- ublk: fix error code for unsupported command (git-fixes).\n- ublk: fix ublk_ch_mmap() for 64K page size (git-fixes).\n- ublk: move ublk_cancel_dev() out of ub-\u003emutex (git-fixes).\n- ublk: move zone report data out of request pdu (git-fixes).\n- ucsi_ccg: Do not show failed to get FW build information error (git-fixes).\n- usb: atm: cxacru: fix a flaw in existing endpoint checks (git-fixes).\n- usb: cdc-acm: Check control transfer buffer size before access (git-fixes).\n- usb: cdc-acm: Fix handling of oversized fragments (git-fixes).\n- usb: chipidea: ci_hdrc_imx: decrement device\u0027s refcount in .remove() and in the error path of .probe() (git-fixes).\n- usb: core: fix pipe creation for get_bMaxPacketSize0 (git-fixes).\n- usb: dwc2: gadget: remove of_node reference upon udc_stop (git-fixes).\n- usb: dwc3: Fix timeout issue during controller enter/exit from halt state (git-fixes).\n- usb: dwc3: Set SUSPENDENABLE soon after phy init (git-fixes).\n- usb: dwc3: core: Defer the probe until USB power supply ready (git-fixes).\n- usb: dwc3: gadget: Prevent irq storm when TH re-executes (git-fixes).\n- usb: gadget: Check bmAttributes only if configuration is valid (git-fixes).\n- usb: gadget: Fix setting self-powered state on suspend (git-fixes).\n- usb: gadget: Set self-powered based on MaxPower and bmAttributes (git-fixes).\n- usb: gadget: core: flush gadget workqueue after device removal (git-fixes).\n- usb: gadget: f_midi: Fixing wMaxPacketSize exceeded issue during MIDI bind retries (git-fixes).\n- usb: gadget: f_midi: fix MIDI Streaming descriptor lengths (git-fixes).\n- usb: gadget: u_ether: Set is_suspend flag if remote wakeup fails (git-fixes).\n- usb: gadget: udc: renesas_usb3: Fix compiler warning (git-fixes).\n- usb: hub: lack of clearing xHC resources (git-fixes).\n- usb: phy: generic: Use proper helper for property detection (stable-fixes).\n- usb: quirks: Add DELAY_INIT and NO_LPM for Prolific Mass Storage Card Reader (stable-fixes).\n- usb: quirks: Add NO_LPM quirk for TOSHIBA TransMemory-Mx device (git-fixes).\n- usb: renesas_usbhs: Call clk_put() (git-fixes).\n- usb: renesas_usbhs: Flush the notify_hotplug_work (git-fixes).\n- usb: renesas_usbhs: Use devm_usb_get_phy() (git-fixes).\n- usb: roles: set switch registered flag early on (git-fixes).\n- usb: typec: tcpci_rt1711h: Unmask alert interrupts to fix functionality (git-fixes).\n- usb: typec: ucsi: Fix NULL pointer access (git-fixes).\n- usb: typec: ucsi: increase timeout for PPM reset operations (git-fixes).\n- usb: xHCI: add XHCI_RESET_ON_RESUME quirk for Phytium xHCI host (git-fixes).\n- usb: xhci: Enable the TRB overfetch quirk on VIA VL805 (git-fixes).\n- usb: xhci: Fix NULL pointer dereference on certain command aborts (git-fixes).\n- usb: xhci: correct debug message page size calculation (git-fixes).\n- usb: xhci: remove \u0027retval\u0027 from xhci_pci_resume() (git-fixes).\n- usbnet: gl620a: fix endpoint checking in genelink_bind() (git-fixes).\n- usbnet: ipheth: document scope of NCM implementation (stable-fixes).\n- usbnet:fix NPE during rx_complete (git-fixes).\n- util_macros.h: fix/rework find_closest() macros (git-fixes).\n- vboxsf: fix building with GCC 15 (stable-fixes).\n- vfio/pci: Lock external INTx masking ops (bsc#1222803).\n- vhost/net: Set num_buffers for virtio 1.0 (git-fixes).\n- virtio-mem: check if the config changed before fake offlining memory (git-fixes).\n- virtio-mem: convert most offline_and_remove_memory() errors to -EBUSY (git-fixes).\n- virtio-mem: keep retrying on offline_and_remove_memory() errors in Sub Block Mode (SBM) (git-fixes).\n- virtio-mem: remove unsafe unplug in Big Block Mode (BBM) (git-fixes).\n- virtio: blk/scsi: replace blk_mq_virtio_map_queues with blk_mq_map_hw_queues (bsc#1236896).\n- virtio: blk/scsi: use block layer helpers to calculate num of queues (bsc#1236897).\n- virtio: hookup irq_get_affinity callback (bsc#1236896).\n- virtio_blk: reverse request order in virtio_queue_rqs (git-fixes).\n- vsock/virtio: cancel close work in the destructor (git-fixes)\n- vsock: Keep the binding until socket destruction (git-fixes)\n- vsock: reset socket state when de-assigning the transport (git-fixes)\n- wifi: ath11k: Clear affinity hint before calling ath11k_pcic_free_irq() in error path (git-fixes).\n- wifi: ath11k: add srng-\u003elock for ath11k_hal_srng_* in monitor mode (git-fixes).\n- wifi: ath11k: choose default PM policy for hibernation (bsc#1207948).\n- wifi: ath11k: determine PM policy based on machine model (bsc#1207948).\n- wifi: ath11k: fix RCU stall while reaping monitor destination ring (git-fixes).\n- wifi: ath11k: fix memory leak in ath11k_xxx_remove() (git-fixes).\n- wifi: ath11k: fix wrong overriding for VHT Beamformee STS Capability (git-fixes).\n- wifi: ath11k: introduce ath11k_core_continue_suspend_resume() (bsc#1207948).\n- wifi: ath11k: refactor ath11k_core_suspend/_resume() (bsc#1207948).\n- wifi: ath11k: support non-WoWLAN mode suspend as well (bsc#1207948).\n- wifi: ath12k: Clear affinity hint before calling ath12k_pci_free_irq() in error path (git-fixes).\n- wifi: ath12k: encode max Tx power in scan channel list command (git-fixes).\n- wifi: ath12k: fix handling of 6 GHz rules (git-fixes).\n- wifi: ath9k: do not submit zero bytes to the entropy pool (git-fixes).\n- wifi: brcmfmac: Check the return value of of_property_read_string_index() (stable-fixes).\n- wifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize() (stable-fixes).\n- wifi: brcmfmac: keep power during suspend if board requires it (stable-fixes).\n- wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() (stable-fixes).\n- wifi: cfg80211: cancel wiphy_work before freeing wiphy (git-fixes).\n- wifi: cfg80211: init wiphy_work before allocating rfkill fails (git-fixes).\n- wifi: cfg80211: regulatory: improve invalid hints checking (git-fixes).\n- wifi: iwlwifi: avoid memory leak (stable-fixes).\n- wifi: iwlwifi: fw: allocate chained SG tables for dump (stable-fixes).\n- wifi: iwlwifi: limit printed string from FW file (git-fixes).\n- wifi: iwlwifi: mvm: do not try to talk to a dead firmware (git-fixes).\n- wifi: iwlwifi: mvm: fix PNVM timeout for non-MSI-X platforms (git-fixes).\n- wifi: iwlwifi: mvm: use the right version of the rate API (stable-fixes).\n- wifi: mac80211: fix integer overflow in hwmp_route_info_get() (git-fixes).\n- wifi: mac80211: flush the station before moving it to UN-AUTHORIZED state (stable-fixes).\n- wifi: mt76: Add check for devm_kstrdup() (git-fixes).\n- wifi: mt76: connac: move mt7615_mcu_del_wtbl_all to connac (stable-fixes).\n- wifi: mt76: mt7915: fix omac index assignment after hardware reset (git-fixes).\n- wifi: mt76: mt7915: fix possible integer overflows in mt7915_muru_stats_show() (git-fixes).\n- wifi: mt76: mt7915: improve hardware restart reliability (stable-fixes).\n- wifi: mt76: mt7921u: Add VID/PID for TP-Link TXE50UH (stable-fixes).\n- wifi: mt76: mt7925: ensure wow pattern command align fw format (git-fixes).\n- wifi: mt76: mt7925: fix country count limitation for CLC (git-fixes).\n- wifi: mt76: mt7925: remove unused acpi function for clc (git-fixes).\n- wifi: mwifiex: Fix premature release of RF calibration data (git-fixes).\n- wifi: nl80211: reject cooked mode if it is set along with other flags (git-fixes).\n- wifi: rtl8xxxu: Perform update_beacon_work when beaconing is enabled (git-fixes).\n- wifi: rtw88: sdio: Fix disconnection after beacon loss (stable-fixes).\n- wifi: rtw89: add crystal_cap check to avoid setting as overflow value (stable-fixes).\n- wifi: rtw89: fw: correct debug message format in rtw89_build_txpwr_trk_tbl_from_elm() (git-fixes).\n- wifi: rtw89: pci: correct ISR RDU bit for 8922AE (git-fixes).\n- x86/amd_nb: Fix compile-testing without CONFIG_AMD_NB (git-fixes).\n- x86/apic: Provide apic_force_nmi_on_cpu() (git-fixes).\n- x86/asm: Make serialize() always_inline (git-fixes).\n- x86/boot/32: De-uglify the 2/3 level paging difference in mk_early_pgtbl_32() (git-fixes).\n- x86/boot/32: Disable stackprotector and tracing for mk_early_pgtbl_32() (git-fixes).\n- x86/boot/32: Restructure mk_early_pgtbl_32() (git-fixes).\n- x86/boot/32: Temporarily map initrd for microcode loading (git-fixes).\n- x86/boot: Use __pa_nodebug() in mk_early_pgtbl_32() (git-fixes).\n- x86/bugs: Add SRSO_USER_KERNEL_NO support (git-fixes).\n- x86/coco: Replace \u0027static const cc_mask\u0027 with the newly introduced cc_get_mask() function (git-fixes).\n- x86/cpu/intel: Detect TME keyid bits before setting MTRR mask registers (git-fixes).\n- x86/cpu/kvm: SRSO: Fix possible missing IBPB on VM-Exit (git-fixes).\n- x86/cpu: Add Lunar Lake to list of CPUs with a broken MONITOR implementation (git-fixes).\n- x86/cpu: Allow reducing x86_phys_bits during early_identify_cpu() (git-fixes).\n- x86/entry: Add __init to ia32_emulation_override_cmdline() (git-fixes).\n- x86/fpu: Fix guest FPU state buffer allocation size (git-fixes).\n- x86/hyperv/vtl: Stop kernel from probing VTL0 low memory (git-fixes).\n- x86/hyperv: Fix output argument to hypercall that changes page visibility (git-fixes).\n- x86/idle: Disable IBRS when CPU is offline to improve single-threaded performance (git-fixes).\n- x86/microcode/32: Move early loading after paging enable (git-fixes).\n- x86/microcode/amd: Cache builtin microcode too (git-fixes).\n- x86/microcode/amd: Cache builtin/initrd microcode early (git-fixes).\n- x86/microcode/amd: Use cached microcode for AP load (git-fixes).\n- x86/microcode/amd: Use correct per CPU ucode_cpu_info (git-fixes).\n- x86/microcode/intel: Add a minimum required revision for late loading (git-fixes).\n- x86/microcode/intel: Cleanup code further (git-fixes).\n- x86/microcode/intel: Move microcode functions out of cpu/intel.c (git-fixes).\n- x86/microcode/intel: Remove debug code (git-fixes).\n- x86/microcode/intel: Remove pointless mutex (git-fixes).\n- x86/microcode/intel: Rename get_datasize() since its used externally (git-fixes).\n- x86/microcode/intel: Reuse intel_cpu_collect_info() git-fixes).\n- x86/microcode/intel: Rework intel_cpu_collect_info() (git-fixes).\n- x86/microcode/intel: Rework intel_find_matching_signature() (git-fixes).\n- x86/microcode/intel: Rip out mixed stepping support for Intel CPUs (git-fixes).\n- x86/microcode/intel: Save the microcode only after a successful late-load (git-fixes).\n- x86/microcode/intel: Simplify and rename generic_load_microcode() (git-fixes).\n- x86/microcode/intel: Simplify early loading (git-fixes).\n- x86/microcode/intel: Simplify scan_microcode() (git-fixes).\n- x86/microcode/intel: Switch to kvmalloc() (git-fixes).\n- x86/microcode/intel: Unify microcode apply() functions (git-fixes).\n- x86/microcode: Add per CPU control field (git-fixes).\n- x86/microcode: Add per CPU result state (git-fixes).\n- x86/microcode: Clarify the late load logic (git-fixes).\n- x86/microcode: Clean up mc_cpu_down_prep() (git-fixes).\n- x86/microcode: Get rid of the schedule work indirection (git-fixes).\n- x86/microcode: Handle \"nosmt\" correctly (git-fixes).\n- x86/microcode: Handle \"offline\" CPUs correctly (git-fixes).\n- x86/microcode: Hide the config knob (git-fixes).\n- x86/microcode: Include vendor headers into microcode.h (git-fixes).\n- x86/microcode: Make reload_early_microcode() static (git-fixes).\n- x86/microcode: Mop up early loading leftovers (git-fixes).\n- x86/microcode: Move core specific defines to local header (git-fixes).\n- x86/microcode: Prepare for minimal revision check (git-fixes).\n- x86/microcode: Protect against instrumentation (git-fixes).\n- x86/microcode: Provide CONFIG_MICROCODE_INITRD32 (git-fixes).\n- x86/microcode: Provide new control functions (git-fixes).\n- x86/microcode: Remove microcode_mutex (git-fixes).\n- x86/microcode: Remove pointless apply() invocation (git-fixes).\n- x86/microcode: Rendezvous and load in NMI (git-fixes).\n- x86/microcode: Replace the all-in-one rendevous handler (git-fixes).\n- x86/microcode: Sanitize __wait_for_cpus() (git-fixes).\n- x86/mm: Carve out INVLPG inline asm for use by others (git-fixes).\n- x86/mm: Remove unused microcode.h include (git-fixes).\n- x86/platform/olpc: Remove unused variable \u0027len\u0027 in olpc_dt_compatible_match() (git-fixes).\n- x86/speculation: Add __update_spec_ctrl() helper (git-fixes).\n- x86/usercopy: Fix kernel-doc func param name in clean_cache_range()\u0027s description (git-fixes).\n- x86/xen: add FRAME_END to xen_hypercall_hvm() (git-fixes).\n- x86/xen: allow larger contiguous memory regions in PV guests (git-fixes).\n- x86/xen: fix xen_hypercall_hvm() to not clobber %rbx (git-fixes).\n- xen/swiotlb: relax alignment requirements (git-fixes).\n- xhci: Apply XHCI_RESET_TO_DEFAULT quirk to TGL (git-fixes).\n- xhci: Cleanup Candence controller PCI device and vendor ID usage (git-fixes).\n- xhci: Combine two if statements for Etron xHCI host (jsc#PED-10701).\n- xhci: Do not issue Reset Device command to Etron xHCI host (jsc#PED-10701).\n- xhci: Do not perform Soft Retry for Etron xHCI host (git-fixes).\n- xhci: Fix null pointer dereference during S4 resume when resetting ep0 (bsc#1235550).\n- xhci: Reconfigure endpoint 0 max packet size only during endpoint reset (bsc#1235550).\n- xhci: dbc: Check for errors first in xhci_dbc_stop() (git-fixes).\n- xhci: dbc: Convert to use sysfs_streq() (git-fixes).\n- xhci: dbc: Drop duplicate checks for dma_free_coherent() (git-fixes).\n- xhci: dbc: Fix STALL transfer event handling (git-fixes).\n- xhci: dbc: Replace custom return value with proper Linux error code (git-fixes).\n- xhci: dbc: Use ATTRIBUTE_GROUPS() (git-fixes).\n- xhci: dbc: Use sysfs_emit() to instead of scnprintf() (git-fixes).\n- xhci: dbgtty: remove kfifo_out() wrapper (git-fixes).\n- xhci: fix possible null pointer deref during xhci urb enqueue (bsc#1235550).\n- xhci: pci: Fix indentation in the PCI device ID definitions (stable-fixes).\n- xhci: pci: Group out Thunderbolt xHCI IDs (git-fixes).\n- xhci: pci: Use PCI_VENDOR_ID_RENESAS (git-fixes).\n- xhci: pci: Use full names in PCI IDs for Intel platforms (git-fixes).\n- xhci: pci: Use standard pattern for device IDs (git-fixes).\n- zram: clear IDLE flag after recompression (git-fixes).\n- zram: clear IDLE flag in mark_idle() (git-fixes).\n- zram: do not mark idle slots that cannot be idle (git-fixes).\n- zram: fix potential UAF of zram table (git-fixes).\n- zram: fix uninitialized ZRAM not releasing backing device (git-fixes).\n- zram: refuse to use zero sized block device as backing device (git-fixes).\n- zram: split memory-tracking and ac-time tracking (git-fixes).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.0-kernel-14",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_20192-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:20192-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202520192-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:20192-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021150.html"
},
{
"category": "self",
"summary": "SUSE Bug 1012628",
"url": "https://bugzilla.suse.com/1012628"
},
{
"category": "self",
"summary": "SUSE Bug 1207948",
"url": "https://bugzilla.suse.com/1207948"
},
{
"category": "self",
"summary": "SUSE Bug 1215199",
"url": "https://bugzilla.suse.com/1215199"
},
{
"category": "self",
"summary": "SUSE Bug 1215211",
"url": "https://bugzilla.suse.com/1215211"
},
{
"category": "self",
"summary": "SUSE Bug 1218470",
"url": "https://bugzilla.suse.com/1218470"
},
{
"category": "self",
"summary": "SUSE Bug 1219367",
"url": "https://bugzilla.suse.com/1219367"
},
{
"category": "self",
"summary": "SUSE Bug 1221651",
"url": "https://bugzilla.suse.com/1221651"
},
{
"category": "self",
"summary": "SUSE Bug 1222649",
"url": "https://bugzilla.suse.com/1222649"
},
{
"category": "self",
"summary": "SUSE Bug 1222672",
"url": "https://bugzilla.suse.com/1222672"
},
{
"category": "self",
"summary": "SUSE Bug 1222803",
"url": "https://bugzilla.suse.com/1222803"
},
{
"category": "self",
"summary": "SUSE Bug 1223047",
"url": "https://bugzilla.suse.com/1223047"
},
{
"category": "self",
"summary": "SUSE Bug 1224013",
"url": "https://bugzilla.suse.com/1224013"
},
{
"category": "self",
"summary": "SUSE Bug 1224049",
"url": "https://bugzilla.suse.com/1224049"
},
{
"category": "self",
"summary": "SUSE Bug 1224489",
"url": "https://bugzilla.suse.com/1224489"
},
{
"category": "self",
"summary": "SUSE Bug 1224610",
"url": "https://bugzilla.suse.com/1224610"
},
{
"category": "self",
"summary": "SUSE Bug 1224757",
"url": "https://bugzilla.suse.com/1224757"
},
{
"category": "self",
"summary": "SUSE Bug 1225533",
"url": "https://bugzilla.suse.com/1225533"
},
{
"category": "self",
"summary": "SUSE Bug 1225606",
"url": "https://bugzilla.suse.com/1225606"
},
{
"category": "self",
"summary": "SUSE Bug 1225742",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "self",
"summary": "SUSE Bug 1225770",
"url": "https://bugzilla.suse.com/1225770"
},
{
"category": "self",
"summary": "SUSE Bug 1225981",
"url": "https://bugzilla.suse.com/1225981"
},
{
"category": "self",
"summary": "SUSE Bug 1226871",
"url": "https://bugzilla.suse.com/1226871"
},
{
"category": "self",
"summary": "SUSE Bug 1227858",
"url": "https://bugzilla.suse.com/1227858"
},
{
"category": "self",
"summary": "SUSE Bug 1227937",
"url": "https://bugzilla.suse.com/1227937"
},
{
"category": "self",
"summary": "SUSE Bug 1228521",
"url": "https://bugzilla.suse.com/1228521"
},
{
"category": "self",
"summary": "SUSE Bug 1228653",
"url": "https://bugzilla.suse.com/1228653"
},
{
"category": "self",
"summary": "SUSE Bug 1228659",
"url": "https://bugzilla.suse.com/1228659"
},
{
"category": "self",
"summary": "SUSE Bug 1229311",
"url": "https://bugzilla.suse.com/1229311"
},
{
"category": "self",
"summary": "SUSE Bug 1229361",
"url": "https://bugzilla.suse.com/1229361"
},
{
"category": "self",
"summary": "SUSE Bug 1230235",
"url": "https://bugzilla.suse.com/1230235"
},
{
"category": "self",
"summary": "SUSE Bug 1230438",
"url": "https://bugzilla.suse.com/1230438"
},
{
"category": "self",
"summary": "SUSE Bug 1230439",
"url": "https://bugzilla.suse.com/1230439"
},
{
"category": "self",
"summary": "SUSE Bug 1230497",
"url": "https://bugzilla.suse.com/1230497"
},
{
"category": "self",
"summary": "SUSE Bug 1230728",
"url": "https://bugzilla.suse.com/1230728"
},
{
"category": "self",
"summary": "SUSE Bug 1230769",
"url": "https://bugzilla.suse.com/1230769"
},
{
"category": "self",
"summary": "SUSE Bug 1230832",
"url": "https://bugzilla.suse.com/1230832"
},
{
"category": "self",
"summary": "SUSE Bug 1231088",
"url": "https://bugzilla.suse.com/1231088"
},
{
"category": "self",
"summary": "SUSE Bug 1231293",
"url": "https://bugzilla.suse.com/1231293"
},
{
"category": "self",
"summary": "SUSE Bug 1231432",
"url": "https://bugzilla.suse.com/1231432"
},
{
"category": "self",
"summary": "SUSE Bug 1231910",
"url": "https://bugzilla.suse.com/1231910"
},
{
"category": "self",
"summary": "SUSE Bug 1231912",
"url": "https://bugzilla.suse.com/1231912"
},
{
"category": "self",
"summary": "SUSE Bug 1231920",
"url": "https://bugzilla.suse.com/1231920"
},
{
"category": "self",
"summary": "SUSE Bug 1231949",
"url": "https://bugzilla.suse.com/1231949"
},
{
"category": "self",
"summary": "SUSE Bug 1232159",
"url": "https://bugzilla.suse.com/1232159"
},
{
"category": "self",
"summary": "SUSE Bug 1232198",
"url": "https://bugzilla.suse.com/1232198"
},
{
"category": "self",
"summary": "SUSE Bug 1232201",
"url": "https://bugzilla.suse.com/1232201"
},
{
"category": "self",
"summary": "SUSE Bug 1232299",
"url": "https://bugzilla.suse.com/1232299"
},
{
"category": "self",
"summary": "SUSE Bug 1232364",
"url": "https://bugzilla.suse.com/1232364"
},
{
"category": "self",
"summary": "SUSE Bug 1232389",
"url": "https://bugzilla.suse.com/1232389"
},
{
"category": "self",
"summary": "SUSE Bug 1232421",
"url": "https://bugzilla.suse.com/1232421"
},
{
"category": "self",
"summary": "SUSE Bug 1232508",
"url": "https://bugzilla.suse.com/1232508"
},
{
"category": "self",
"summary": "SUSE Bug 1232520",
"url": "https://bugzilla.suse.com/1232520"
},
{
"category": "self",
"summary": "SUSE Bug 1232743",
"url": "https://bugzilla.suse.com/1232743"
},
{
"category": "self",
"summary": "SUSE Bug 1232812",
"url": "https://bugzilla.suse.com/1232812"
},
{
"category": "self",
"summary": "SUSE Bug 1232848",
"url": "https://bugzilla.suse.com/1232848"
},
{
"category": "self",
"summary": "SUSE Bug 1232895",
"url": "https://bugzilla.suse.com/1232895"
},
{
"category": "self",
"summary": "SUSE Bug 1232919",
"url": "https://bugzilla.suse.com/1232919"
},
{
"category": "self",
"summary": "SUSE Bug 1233028",
"url": "https://bugzilla.suse.com/1233028"
},
{
"category": "self",
"summary": "SUSE Bug 1233033",
"url": "https://bugzilla.suse.com/1233033"
},
{
"category": "self",
"summary": "SUSE Bug 1233060",
"url": "https://bugzilla.suse.com/1233060"
},
{
"category": "self",
"summary": "SUSE Bug 1233109",
"url": "https://bugzilla.suse.com/1233109"
},
{
"category": "self",
"summary": "SUSE Bug 1233221",
"url": "https://bugzilla.suse.com/1233221"
},
{
"category": "self",
"summary": "SUSE Bug 1233248",
"url": "https://bugzilla.suse.com/1233248"
},
{
"category": "self",
"summary": "SUSE Bug 1233259",
"url": "https://bugzilla.suse.com/1233259"
},
{
"category": "self",
"summary": "SUSE Bug 1233260",
"url": "https://bugzilla.suse.com/1233260"
},
{
"category": "self",
"summary": "SUSE Bug 1233479",
"url": "https://bugzilla.suse.com/1233479"
},
{
"category": "self",
"summary": "SUSE Bug 1233483",
"url": "https://bugzilla.suse.com/1233483"
},
{
"category": "self",
"summary": "SUSE Bug 1233522",
"url": "https://bugzilla.suse.com/1233522"
},
{
"category": "self",
"summary": "SUSE Bug 1233551",
"url": "https://bugzilla.suse.com/1233551"
},
{
"category": "self",
"summary": "SUSE Bug 1233557",
"url": "https://bugzilla.suse.com/1233557"
},
{
"category": "self",
"summary": "SUSE Bug 1233749",
"url": "https://bugzilla.suse.com/1233749"
},
{
"category": "self",
"summary": "SUSE Bug 1234070",
"url": "https://bugzilla.suse.com/1234070"
},
{
"category": "self",
"summary": "SUSE Bug 1234074",
"url": "https://bugzilla.suse.com/1234074"
},
{
"category": "self",
"summary": "SUSE Bug 1234157",
"url": "https://bugzilla.suse.com/1234157"
},
{
"category": "self",
"summary": "SUSE Bug 1234222",
"url": "https://bugzilla.suse.com/1234222"
},
{
"category": "self",
"summary": "SUSE Bug 1234480",
"url": "https://bugzilla.suse.com/1234480"
},
{
"category": "self",
"summary": "SUSE Bug 1234698",
"url": "https://bugzilla.suse.com/1234698"
},
{
"category": "self",
"summary": "SUSE Bug 1234828",
"url": "https://bugzilla.suse.com/1234828"
},
{
"category": "self",
"summary": "SUSE Bug 1234853",
"url": "https://bugzilla.suse.com/1234853"
},
{
"category": "self",
"summary": "SUSE Bug 1234857",
"url": "https://bugzilla.suse.com/1234857"
},
{
"category": "self",
"summary": "SUSE Bug 1234891",
"url": "https://bugzilla.suse.com/1234891"
},
{
"category": "self",
"summary": "SUSE Bug 1234894",
"url": "https://bugzilla.suse.com/1234894"
},
{
"category": "self",
"summary": "SUSE Bug 1234895",
"url": "https://bugzilla.suse.com/1234895"
},
{
"category": "self",
"summary": "SUSE Bug 1234896",
"url": "https://bugzilla.suse.com/1234896"
},
{
"category": "self",
"summary": "SUSE Bug 1234936",
"url": "https://bugzilla.suse.com/1234936"
},
{
"category": "self",
"summary": "SUSE Bug 1234963",
"url": "https://bugzilla.suse.com/1234963"
},
{
"category": "self",
"summary": "SUSE Bug 1235054",
"url": "https://bugzilla.suse.com/1235054"
},
{
"category": "self",
"summary": "SUSE Bug 1235061",
"url": "https://bugzilla.suse.com/1235061"
},
{
"category": "self",
"summary": "SUSE Bug 1235073",
"url": "https://bugzilla.suse.com/1235073"
},
{
"category": "self",
"summary": "SUSE Bug 1235244",
"url": "https://bugzilla.suse.com/1235244"
},
{
"category": "self",
"summary": "SUSE Bug 1235435",
"url": "https://bugzilla.suse.com/1235435"
},
{
"category": "self",
"summary": "SUSE Bug 1235436",
"url": "https://bugzilla.suse.com/1235436"
},
{
"category": "self",
"summary": "SUSE Bug 1235441",
"url": "https://bugzilla.suse.com/1235441"
},
{
"category": "self",
"summary": "SUSE Bug 1235455",
"url": "https://bugzilla.suse.com/1235455"
},
{
"category": "self",
"summary": "SUSE Bug 1235485",
"url": "https://bugzilla.suse.com/1235485"
},
{
"category": "self",
"summary": "SUSE Bug 1235501",
"url": "https://bugzilla.suse.com/1235501"
},
{
"category": "self",
"summary": "SUSE Bug 1235524",
"url": "https://bugzilla.suse.com/1235524"
},
{
"category": "self",
"summary": "SUSE Bug 1235550",
"url": "https://bugzilla.suse.com/1235550"
},
{
"category": "self",
"summary": "SUSE Bug 1235589",
"url": "https://bugzilla.suse.com/1235589"
},
{
"category": "self",
"summary": "SUSE Bug 1235591",
"url": "https://bugzilla.suse.com/1235591"
},
{
"category": "self",
"summary": "SUSE Bug 1235592",
"url": "https://bugzilla.suse.com/1235592"
},
{
"category": "self",
"summary": "SUSE Bug 1235599",
"url": "https://bugzilla.suse.com/1235599"
},
{
"category": "self",
"summary": "SUSE Bug 1235609",
"url": "https://bugzilla.suse.com/1235609"
},
{
"category": "self",
"summary": "SUSE Bug 1235621",
"url": "https://bugzilla.suse.com/1235621"
},
{
"category": "self",
"summary": "SUSE Bug 1235637",
"url": "https://bugzilla.suse.com/1235637"
},
{
"category": "self",
"summary": "SUSE Bug 1235698",
"url": "https://bugzilla.suse.com/1235698"
},
{
"category": "self",
"summary": "SUSE Bug 1235711",
"url": "https://bugzilla.suse.com/1235711"
},
{
"category": "self",
"summary": "SUSE Bug 1235712",
"url": "https://bugzilla.suse.com/1235712"
},
{
"category": "self",
"summary": "SUSE Bug 1235715",
"url": "https://bugzilla.suse.com/1235715"
},
{
"category": "self",
"summary": "SUSE Bug 1235729",
"url": "https://bugzilla.suse.com/1235729"
},
{
"category": "self",
"summary": "SUSE Bug 1235733",
"url": "https://bugzilla.suse.com/1235733"
},
{
"category": "self",
"summary": "SUSE Bug 1235761",
"url": "https://bugzilla.suse.com/1235761"
},
{
"category": "self",
"summary": "SUSE Bug 1235870",
"url": "https://bugzilla.suse.com/1235870"
},
{
"category": "self",
"summary": "SUSE Bug 1235874",
"url": "https://bugzilla.suse.com/1235874"
},
{
"category": "self",
"summary": "SUSE Bug 1235914",
"url": "https://bugzilla.suse.com/1235914"
},
{
"category": "self",
"summary": "SUSE Bug 1235932",
"url": "https://bugzilla.suse.com/1235932"
},
{
"category": "self",
"summary": "SUSE Bug 1235933",
"url": "https://bugzilla.suse.com/1235933"
},
{
"category": "self",
"summary": "SUSE Bug 1235973",
"url": "https://bugzilla.suse.com/1235973"
},
{
"category": "self",
"summary": "SUSE Bug 1236099",
"url": "https://bugzilla.suse.com/1236099"
},
{
"category": "self",
"summary": "SUSE Bug 1236111",
"url": "https://bugzilla.suse.com/1236111"
},
{
"category": "self",
"summary": "SUSE Bug 1236113",
"url": "https://bugzilla.suse.com/1236113"
},
{
"category": "self",
"summary": "SUSE Bug 1236114",
"url": "https://bugzilla.suse.com/1236114"
},
{
"category": "self",
"summary": "SUSE Bug 1236115",
"url": "https://bugzilla.suse.com/1236115"
},
{
"category": "self",
"summary": "SUSE Bug 1236122",
"url": "https://bugzilla.suse.com/1236122"
},
{
"category": "self",
"summary": "SUSE Bug 1236123",
"url": "https://bugzilla.suse.com/1236123"
},
{
"category": "self",
"summary": "SUSE Bug 1236133",
"url": "https://bugzilla.suse.com/1236133"
},
{
"category": "self",
"summary": "SUSE Bug 1236138",
"url": "https://bugzilla.suse.com/1236138"
},
{
"category": "self",
"summary": "SUSE Bug 1236199",
"url": "https://bugzilla.suse.com/1236199"
},
{
"category": "self",
"summary": "SUSE Bug 1236200",
"url": "https://bugzilla.suse.com/1236200"
},
{
"category": "self",
"summary": "SUSE Bug 1236203",
"url": "https://bugzilla.suse.com/1236203"
},
{
"category": "self",
"summary": "SUSE Bug 1236205",
"url": "https://bugzilla.suse.com/1236205"
},
{
"category": "self",
"summary": "SUSE Bug 1236206",
"url": "https://bugzilla.suse.com/1236206"
},
{
"category": "self",
"summary": "SUSE Bug 1236333",
"url": "https://bugzilla.suse.com/1236333"
},
{
"category": "self",
"summary": "SUSE Bug 1236573",
"url": "https://bugzilla.suse.com/1236573"
},
{
"category": "self",
"summary": "SUSE Bug 1236575",
"url": "https://bugzilla.suse.com/1236575"
},
{
"category": "self",
"summary": "SUSE Bug 1236576",
"url": "https://bugzilla.suse.com/1236576"
},
{
"category": "self",
"summary": "SUSE Bug 1236591",
"url": "https://bugzilla.suse.com/1236591"
},
{
"category": "self",
"summary": "SUSE Bug 1236661",
"url": "https://bugzilla.suse.com/1236661"
},
{
"category": "self",
"summary": "SUSE Bug 1236677",
"url": "https://bugzilla.suse.com/1236677"
},
{
"category": "self",
"summary": "SUSE Bug 1236680",
"url": "https://bugzilla.suse.com/1236680"
},
{
"category": "self",
"summary": "SUSE Bug 1236681",
"url": "https://bugzilla.suse.com/1236681"
},
{
"category": "self",
"summary": "SUSE Bug 1236682",
"url": "https://bugzilla.suse.com/1236682"
},
{
"category": "self",
"summary": "SUSE Bug 1236683",
"url": "https://bugzilla.suse.com/1236683"
},
{
"category": "self",
"summary": "SUSE Bug 1236684",
"url": "https://bugzilla.suse.com/1236684"
},
{
"category": "self",
"summary": "SUSE Bug 1236685",
"url": "https://bugzilla.suse.com/1236685"
},
{
"category": "self",
"summary": "SUSE Bug 1236689",
"url": "https://bugzilla.suse.com/1236689"
},
{
"category": "self",
"summary": "SUSE Bug 1236692",
"url": "https://bugzilla.suse.com/1236692"
},
{
"category": "self",
"summary": "SUSE Bug 1236694",
"url": "https://bugzilla.suse.com/1236694"
},
{
"category": "self",
"summary": "SUSE Bug 1236698",
"url": "https://bugzilla.suse.com/1236698"
},
{
"category": "self",
"summary": "SUSE Bug 1236700",
"url": "https://bugzilla.suse.com/1236700"
},
{
"category": "self",
"summary": "SUSE Bug 1236702",
"url": "https://bugzilla.suse.com/1236702"
},
{
"category": "self",
"summary": "SUSE Bug 1236752",
"url": "https://bugzilla.suse.com/1236752"
},
{
"category": "self",
"summary": "SUSE Bug 1236757",
"url": "https://bugzilla.suse.com/1236757"
},
{
"category": "self",
"summary": "SUSE Bug 1236758",
"url": "https://bugzilla.suse.com/1236758"
},
{
"category": "self",
"summary": "SUSE Bug 1236759",
"url": "https://bugzilla.suse.com/1236759"
},
{
"category": "self",
"summary": "SUSE Bug 1236760",
"url": "https://bugzilla.suse.com/1236760"
},
{
"category": "self",
"summary": "SUSE Bug 1236761",
"url": "https://bugzilla.suse.com/1236761"
},
{
"category": "self",
"summary": "SUSE Bug 1236821",
"url": "https://bugzilla.suse.com/1236821"
},
{
"category": "self",
"summary": "SUSE Bug 1236822",
"url": "https://bugzilla.suse.com/1236822"
},
{
"category": "self",
"summary": "SUSE Bug 1236896",
"url": "https://bugzilla.suse.com/1236896"
},
{
"category": "self",
"summary": "SUSE Bug 1236897",
"url": "https://bugzilla.suse.com/1236897"
},
{
"category": "self",
"summary": "SUSE Bug 1236952",
"url": "https://bugzilla.suse.com/1236952"
},
{
"category": "self",
"summary": "SUSE Bug 1236967",
"url": "https://bugzilla.suse.com/1236967"
},
{
"category": "self",
"summary": "SUSE Bug 1236994",
"url": "https://bugzilla.suse.com/1236994"
},
{
"category": "self",
"summary": "SUSE Bug 1237007",
"url": "https://bugzilla.suse.com/1237007"
},
{
"category": "self",
"summary": "SUSE Bug 1237017",
"url": "https://bugzilla.suse.com/1237017"
},
{
"category": "self",
"summary": "SUSE Bug 1237025",
"url": "https://bugzilla.suse.com/1237025"
},
{
"category": "self",
"summary": "SUSE Bug 1237028",
"url": "https://bugzilla.suse.com/1237028"
},
{
"category": "self",
"summary": "SUSE Bug 1237029",
"url": "https://bugzilla.suse.com/1237029"
},
{
"category": "self",
"summary": "SUSE Bug 1237045",
"url": "https://bugzilla.suse.com/1237045"
},
{
"category": "self",
"summary": "SUSE Bug 1237126",
"url": "https://bugzilla.suse.com/1237126"
},
{
"category": "self",
"summary": "SUSE Bug 1237132",
"url": "https://bugzilla.suse.com/1237132"
},
{
"category": "self",
"summary": "SUSE Bug 1237139",
"url": "https://bugzilla.suse.com/1237139"
},
{
"category": "self",
"summary": "SUSE Bug 1237155",
"url": "https://bugzilla.suse.com/1237155"
},
{
"category": "self",
"summary": "SUSE Bug 1237158",
"url": "https://bugzilla.suse.com/1237158"
},
{
"category": "self",
"summary": "SUSE Bug 1237159",
"url": "https://bugzilla.suse.com/1237159"
},
{
"category": "self",
"summary": "SUSE Bug 1237164",
"url": "https://bugzilla.suse.com/1237164"
},
{
"category": "self",
"summary": "SUSE Bug 1237232",
"url": "https://bugzilla.suse.com/1237232"
},
{
"category": "self",
"summary": "SUSE Bug 1237234",
"url": "https://bugzilla.suse.com/1237234"
},
{
"category": "self",
"summary": "SUSE Bug 1237313",
"url": "https://bugzilla.suse.com/1237313"
},
{
"category": "self",
"summary": "SUSE Bug 1237325",
"url": "https://bugzilla.suse.com/1237325"
},
{
"category": "self",
"summary": "SUSE Bug 1237356",
"url": "https://bugzilla.suse.com/1237356"
},
{
"category": "self",
"summary": "SUSE Bug 1237415",
"url": "https://bugzilla.suse.com/1237415"
},
{
"category": "self",
"summary": "SUSE Bug 1237452",
"url": "https://bugzilla.suse.com/1237452"
},
{
"category": "self",
"summary": "SUSE Bug 1237504",
"url": "https://bugzilla.suse.com/1237504"
},
{
"category": "self",
"summary": "SUSE Bug 1237521",
"url": "https://bugzilla.suse.com/1237521"
},
{
"category": "self",
"summary": "SUSE Bug 1237530",
"url": "https://bugzilla.suse.com/1237530"
},
{
"category": "self",
"summary": "SUSE Bug 1237558",
"url": "https://bugzilla.suse.com/1237558"
},
{
"category": "self",
"summary": "SUSE Bug 1237562",
"url": "https://bugzilla.suse.com/1237562"
},
{
"category": "self",
"summary": "SUSE Bug 1237563",
"url": "https://bugzilla.suse.com/1237563"
},
{
"category": "self",
"summary": "SUSE Bug 1237565",
"url": "https://bugzilla.suse.com/1237565"
},
{
"category": "self",
"summary": "SUSE Bug 1237571",
"url": "https://bugzilla.suse.com/1237571"
},
{
"category": "self",
"summary": "SUSE Bug 1237848",
"url": "https://bugzilla.suse.com/1237848"
},
{
"category": "self",
"summary": "SUSE Bug 1237849",
"url": "https://bugzilla.suse.com/1237849"
},
{
"category": "self",
"summary": "SUSE Bug 1237853",
"url": "https://bugzilla.suse.com/1237853"
},
{
"category": "self",
"summary": "SUSE Bug 1237856",
"url": "https://bugzilla.suse.com/1237856"
},
{
"category": "self",
"summary": "SUSE Bug 1237873",
"url": "https://bugzilla.suse.com/1237873"
},
{
"category": "self",
"summary": "SUSE Bug 1237874",
"url": "https://bugzilla.suse.com/1237874"
},
{
"category": "self",
"summary": "SUSE Bug 1237875",
"url": "https://bugzilla.suse.com/1237875"
},
{
"category": "self",
"summary": "SUSE Bug 1237876",
"url": "https://bugzilla.suse.com/1237876"
},
{
"category": "self",
"summary": "SUSE Bug 1237877",
"url": "https://bugzilla.suse.com/1237877"
},
{
"category": "self",
"summary": "SUSE Bug 1237879",
"url": "https://bugzilla.suse.com/1237879"
},
{
"category": "self",
"summary": "SUSE Bug 1237881",
"url": "https://bugzilla.suse.com/1237881"
},
{
"category": "self",
"summary": "SUSE Bug 1237882",
"url": "https://bugzilla.suse.com/1237882"
},
{
"category": "self",
"summary": "SUSE Bug 1237885",
"url": "https://bugzilla.suse.com/1237885"
},
{
"category": "self",
"summary": "SUSE Bug 1237889",
"url": "https://bugzilla.suse.com/1237889"
},
{
"category": "self",
"summary": "SUSE Bug 1237890",
"url": "https://bugzilla.suse.com/1237890"
},
{
"category": "self",
"summary": "SUSE Bug 1237891",
"url": "https://bugzilla.suse.com/1237891"
},
{
"category": "self",
"summary": "SUSE Bug 1237894",
"url": "https://bugzilla.suse.com/1237894"
},
{
"category": "self",
"summary": "SUSE Bug 1237897",
"url": "https://bugzilla.suse.com/1237897"
},
{
"category": "self",
"summary": "SUSE Bug 1237900",
"url": "https://bugzilla.suse.com/1237900"
},
{
"category": "self",
"summary": "SUSE Bug 1237901",
"url": "https://bugzilla.suse.com/1237901"
},
{
"category": "self",
"summary": "SUSE Bug 1237906",
"url": "https://bugzilla.suse.com/1237906"
},
{
"category": "self",
"summary": "SUSE Bug 1237907",
"url": "https://bugzilla.suse.com/1237907"
},
{
"category": "self",
"summary": "SUSE Bug 1237911",
"url": "https://bugzilla.suse.com/1237911"
},
{
"category": "self",
"summary": "SUSE Bug 1237912",
"url": "https://bugzilla.suse.com/1237912"
},
{
"category": "self",
"summary": "SUSE Bug 1237950",
"url": "https://bugzilla.suse.com/1237950"
},
{
"category": "self",
"summary": "SUSE Bug 1238052",
"url": "https://bugzilla.suse.com/1238052"
},
{
"category": "self",
"summary": "SUSE Bug 1238212",
"url": "https://bugzilla.suse.com/1238212"
},
{
"category": "self",
"summary": "SUSE Bug 1238214",
"url": "https://bugzilla.suse.com/1238214"
},
{
"category": "self",
"summary": "SUSE Bug 1238303",
"url": "https://bugzilla.suse.com/1238303"
},
{
"category": "self",
"summary": "SUSE Bug 1238347",
"url": "https://bugzilla.suse.com/1238347"
},
{
"category": "self",
"summary": "SUSE Bug 1238368",
"url": "https://bugzilla.suse.com/1238368"
},
{
"category": "self",
"summary": "SUSE Bug 1238474",
"url": "https://bugzilla.suse.com/1238474"
},
{
"category": "self",
"summary": "SUSE Bug 1238475",
"url": "https://bugzilla.suse.com/1238475"
},
{
"category": "self",
"summary": "SUSE Bug 1238479",
"url": "https://bugzilla.suse.com/1238479"
},
{
"category": "self",
"summary": "SUSE Bug 1238494",
"url": "https://bugzilla.suse.com/1238494"
},
{
"category": "self",
"summary": "SUSE Bug 1238496",
"url": "https://bugzilla.suse.com/1238496"
},
{
"category": "self",
"summary": "SUSE Bug 1238497",
"url": "https://bugzilla.suse.com/1238497"
},
{
"category": "self",
"summary": "SUSE Bug 1238500",
"url": "https://bugzilla.suse.com/1238500"
},
{
"category": "self",
"summary": "SUSE Bug 1238501",
"url": "https://bugzilla.suse.com/1238501"
},
{
"category": "self",
"summary": "SUSE Bug 1238502",
"url": "https://bugzilla.suse.com/1238502"
},
{
"category": "self",
"summary": "SUSE Bug 1238503",
"url": "https://bugzilla.suse.com/1238503"
},
{
"category": "self",
"summary": "SUSE Bug 1238506",
"url": "https://bugzilla.suse.com/1238506"
},
{
"category": "self",
"summary": "SUSE Bug 1238507",
"url": "https://bugzilla.suse.com/1238507"
},
{
"category": "self",
"summary": "SUSE Bug 1238509",
"url": "https://bugzilla.suse.com/1238509"
},
{
"category": "self",
"summary": "SUSE Bug 1238510",
"url": "https://bugzilla.suse.com/1238510"
},
{
"category": "self",
"summary": "SUSE Bug 1238511",
"url": "https://bugzilla.suse.com/1238511"
},
{
"category": "self",
"summary": "SUSE Bug 1238512",
"url": "https://bugzilla.suse.com/1238512"
},
{
"category": "self",
"summary": "SUSE Bug 1238521",
"url": "https://bugzilla.suse.com/1238521"
},
{
"category": "self",
"summary": "SUSE Bug 1238523",
"url": "https://bugzilla.suse.com/1238523"
},
{
"category": "self",
"summary": "SUSE Bug 1238525",
"url": "https://bugzilla.suse.com/1238525"
},
{
"category": "self",
"summary": "SUSE Bug 1238526",
"url": "https://bugzilla.suse.com/1238526"
},
{
"category": "self",
"summary": "SUSE Bug 1238528",
"url": "https://bugzilla.suse.com/1238528"
},
{
"category": "self",
"summary": "SUSE Bug 1238529",
"url": "https://bugzilla.suse.com/1238529"
},
{
"category": "self",
"summary": "SUSE Bug 1238531",
"url": "https://bugzilla.suse.com/1238531"
},
{
"category": "self",
"summary": "SUSE Bug 1238532",
"url": "https://bugzilla.suse.com/1238532"
},
{
"category": "self",
"summary": "SUSE Bug 1238565",
"url": "https://bugzilla.suse.com/1238565"
},
{
"category": "self",
"summary": "SUSE Bug 1238570",
"url": "https://bugzilla.suse.com/1238570"
},
{
"category": "self",
"summary": "SUSE Bug 1238715",
"url": "https://bugzilla.suse.com/1238715"
},
{
"category": "self",
"summary": "SUSE Bug 1238716",
"url": "https://bugzilla.suse.com/1238716"
},
{
"category": "self",
"summary": "SUSE Bug 1238734",
"url": "https://bugzilla.suse.com/1238734"
},
{
"category": "self",
"summary": "SUSE Bug 1238735",
"url": "https://bugzilla.suse.com/1238735"
},
{
"category": "self",
"summary": "SUSE Bug 1238736",
"url": "https://bugzilla.suse.com/1238736"
},
{
"category": "self",
"summary": "SUSE Bug 1238738",
"url": "https://bugzilla.suse.com/1238738"
},
{
"category": "self",
"summary": "SUSE Bug 1238739",
"url": "https://bugzilla.suse.com/1238739"
},
{
"category": "self",
"summary": "SUSE Bug 1238746",
"url": "https://bugzilla.suse.com/1238746"
},
{
"category": "self",
"summary": "SUSE Bug 1238747",
"url": "https://bugzilla.suse.com/1238747"
},
{
"category": "self",
"summary": "SUSE Bug 1238751",
"url": "https://bugzilla.suse.com/1238751"
},
{
"category": "self",
"summary": "SUSE Bug 1238753",
"url": "https://bugzilla.suse.com/1238753"
},
{
"category": "self",
"summary": "SUSE Bug 1238754",
"url": "https://bugzilla.suse.com/1238754"
},
{
"category": "self",
"summary": "SUSE Bug 1238757",
"url": "https://bugzilla.suse.com/1238757"
},
{
"category": "self",
"summary": "SUSE Bug 1238759",
"url": "https://bugzilla.suse.com/1238759"
},
{
"category": "self",
"summary": "SUSE Bug 1238760",
"url": "https://bugzilla.suse.com/1238760"
},
{
"category": "self",
"summary": "SUSE Bug 1238762",
"url": "https://bugzilla.suse.com/1238762"
},
{
"category": "self",
"summary": "SUSE Bug 1238763",
"url": "https://bugzilla.suse.com/1238763"
},
{
"category": "self",
"summary": "SUSE Bug 1238767",
"url": "https://bugzilla.suse.com/1238767"
},
{
"category": "self",
"summary": "SUSE Bug 1238768",
"url": "https://bugzilla.suse.com/1238768"
},
{
"category": "self",
"summary": "SUSE Bug 1238771",
"url": "https://bugzilla.suse.com/1238771"
},
{
"category": "self",
"summary": "SUSE Bug 1238772",
"url": "https://bugzilla.suse.com/1238772"
},
{
"category": "self",
"summary": "SUSE Bug 1238773",
"url": "https://bugzilla.suse.com/1238773"
},
{
"category": "self",
"summary": "SUSE Bug 1238775",
"url": "https://bugzilla.suse.com/1238775"
},
{
"category": "self",
"summary": "SUSE Bug 1238780",
"url": "https://bugzilla.suse.com/1238780"
},
{
"category": "self",
"summary": "SUSE Bug 1238781",
"url": "https://bugzilla.suse.com/1238781"
},
{
"category": "self",
"summary": "SUSE Bug 1238785",
"url": "https://bugzilla.suse.com/1238785"
},
{
"category": "self",
"summary": "SUSE Bug 1238860",
"url": "https://bugzilla.suse.com/1238860"
},
{
"category": "self",
"summary": "SUSE Bug 1238863",
"url": "https://bugzilla.suse.com/1238863"
},
{
"category": "self",
"summary": "SUSE Bug 1238864",
"url": "https://bugzilla.suse.com/1238864"
},
{
"category": "self",
"summary": "SUSE Bug 1238865",
"url": "https://bugzilla.suse.com/1238865"
},
{
"category": "self",
"summary": "SUSE Bug 1238876",
"url": "https://bugzilla.suse.com/1238876"
},
{
"category": "self",
"summary": "SUSE Bug 1238877",
"url": "https://bugzilla.suse.com/1238877"
},
{
"category": "self",
"summary": "SUSE Bug 1238903",
"url": "https://bugzilla.suse.com/1238903"
},
{
"category": "self",
"summary": "SUSE Bug 1238904",
"url": "https://bugzilla.suse.com/1238904"
},
{
"category": "self",
"summary": "SUSE Bug 1238905",
"url": "https://bugzilla.suse.com/1238905"
},
{
"category": "self",
"summary": "SUSE Bug 1238909",
"url": "https://bugzilla.suse.com/1238909"
},
{
"category": "self",
"summary": "SUSE Bug 1238911",
"url": "https://bugzilla.suse.com/1238911"
},
{
"category": "self",
"summary": "SUSE Bug 1238917",
"url": "https://bugzilla.suse.com/1238917"
},
{
"category": "self",
"summary": "SUSE Bug 1238958",
"url": "https://bugzilla.suse.com/1238958"
},
{
"category": "self",
"summary": "SUSE Bug 1238959",
"url": "https://bugzilla.suse.com/1238959"
},
{
"category": "self",
"summary": "SUSE Bug 1238963",
"url": "https://bugzilla.suse.com/1238963"
},
{
"category": "self",
"summary": "SUSE Bug 1238964",
"url": "https://bugzilla.suse.com/1238964"
},
{
"category": "self",
"summary": "SUSE Bug 1238969",
"url": "https://bugzilla.suse.com/1238969"
},
{
"category": "self",
"summary": "SUSE Bug 1238970",
"url": "https://bugzilla.suse.com/1238970"
},
{
"category": "self",
"summary": "SUSE Bug 1238971",
"url": "https://bugzilla.suse.com/1238971"
},
{
"category": "self",
"summary": "SUSE Bug 1238973",
"url": "https://bugzilla.suse.com/1238973"
},
{
"category": "self",
"summary": "SUSE Bug 1238975",
"url": "https://bugzilla.suse.com/1238975"
},
{
"category": "self",
"summary": "SUSE Bug 1238978",
"url": "https://bugzilla.suse.com/1238978"
},
{
"category": "self",
"summary": "SUSE Bug 1238979",
"url": "https://bugzilla.suse.com/1238979"
},
{
"category": "self",
"summary": "SUSE Bug 1238981",
"url": "https://bugzilla.suse.com/1238981"
},
{
"category": "self",
"summary": "SUSE Bug 1238984",
"url": "https://bugzilla.suse.com/1238984"
},
{
"category": "self",
"summary": "SUSE Bug 1238986",
"url": "https://bugzilla.suse.com/1238986"
},
{
"category": "self",
"summary": "SUSE Bug 1238990",
"url": "https://bugzilla.suse.com/1238990"
},
{
"category": "self",
"summary": "SUSE Bug 1238993",
"url": "https://bugzilla.suse.com/1238993"
},
{
"category": "self",
"summary": "SUSE Bug 1238994",
"url": "https://bugzilla.suse.com/1238994"
},
{
"category": "self",
"summary": "SUSE Bug 1238997",
"url": "https://bugzilla.suse.com/1238997"
},
{
"category": "self",
"summary": "SUSE Bug 1239015",
"url": "https://bugzilla.suse.com/1239015"
},
{
"category": "self",
"summary": "SUSE Bug 1239016",
"url": "https://bugzilla.suse.com/1239016"
},
{
"category": "self",
"summary": "SUSE Bug 1239027",
"url": "https://bugzilla.suse.com/1239027"
},
{
"category": "self",
"summary": "SUSE Bug 1239029",
"url": "https://bugzilla.suse.com/1239029"
},
{
"category": "self",
"summary": "SUSE Bug 1239030",
"url": "https://bugzilla.suse.com/1239030"
},
{
"category": "self",
"summary": "SUSE Bug 1239033",
"url": "https://bugzilla.suse.com/1239033"
},
{
"category": "self",
"summary": "SUSE Bug 1239034",
"url": "https://bugzilla.suse.com/1239034"
},
{
"category": "self",
"summary": "SUSE Bug 1239036",
"url": "https://bugzilla.suse.com/1239036"
},
{
"category": "self",
"summary": "SUSE Bug 1239037",
"url": "https://bugzilla.suse.com/1239037"
},
{
"category": "self",
"summary": "SUSE Bug 1239038",
"url": "https://bugzilla.suse.com/1239038"
},
{
"category": "self",
"summary": "SUSE Bug 1239039",
"url": "https://bugzilla.suse.com/1239039"
},
{
"category": "self",
"summary": "SUSE Bug 1239045",
"url": "https://bugzilla.suse.com/1239045"
},
{
"category": "self",
"summary": "SUSE Bug 1239065",
"url": "https://bugzilla.suse.com/1239065"
},
{
"category": "self",
"summary": "SUSE Bug 1239066",
"url": "https://bugzilla.suse.com/1239066"
},
{
"category": "self",
"summary": "SUSE Bug 1239068",
"url": "https://bugzilla.suse.com/1239068"
},
{
"category": "self",
"summary": "SUSE Bug 1239073",
"url": "https://bugzilla.suse.com/1239073"
},
{
"category": "self",
"summary": "SUSE Bug 1239076",
"url": "https://bugzilla.suse.com/1239076"
},
{
"category": "self",
"summary": "SUSE Bug 1239080",
"url": "https://bugzilla.suse.com/1239080"
},
{
"category": "self",
"summary": "SUSE Bug 1239085",
"url": "https://bugzilla.suse.com/1239085"
},
{
"category": "self",
"summary": "SUSE Bug 1239087",
"url": "https://bugzilla.suse.com/1239087"
},
{
"category": "self",
"summary": "SUSE Bug 1239095",
"url": "https://bugzilla.suse.com/1239095"
},
{
"category": "self",
"summary": "SUSE Bug 1239104",
"url": "https://bugzilla.suse.com/1239104"
},
{
"category": "self",
"summary": "SUSE Bug 1239105",
"url": "https://bugzilla.suse.com/1239105"
},
{
"category": "self",
"summary": "SUSE Bug 1239109",
"url": "https://bugzilla.suse.com/1239109"
},
{
"category": "self",
"summary": "SUSE Bug 1239112",
"url": "https://bugzilla.suse.com/1239112"
},
{
"category": "self",
"summary": "SUSE Bug 1239114",
"url": "https://bugzilla.suse.com/1239114"
},
{
"category": "self",
"summary": "SUSE Bug 1239115",
"url": "https://bugzilla.suse.com/1239115"
},
{
"category": "self",
"summary": "SUSE Bug 1239117",
"url": "https://bugzilla.suse.com/1239117"
},
{
"category": "self",
"summary": "SUSE Bug 1239167",
"url": "https://bugzilla.suse.com/1239167"
},
{
"category": "self",
"summary": "SUSE Bug 1239174",
"url": "https://bugzilla.suse.com/1239174"
},
{
"category": "self",
"summary": "SUSE Bug 1239346",
"url": "https://bugzilla.suse.com/1239346"
},
{
"category": "self",
"summary": "SUSE Bug 1239349",
"url": "https://bugzilla.suse.com/1239349"
},
{
"category": "self",
"summary": "SUSE Bug 1239435",
"url": "https://bugzilla.suse.com/1239435"
},
{
"category": "self",
"summary": "SUSE Bug 1239467",
"url": "https://bugzilla.suse.com/1239467"
},
{
"category": "self",
"summary": "SUSE Bug 1239468",
"url": "https://bugzilla.suse.com/1239468"
},
{
"category": "self",
"summary": "SUSE Bug 1239471",
"url": "https://bugzilla.suse.com/1239471"
},
{
"category": "self",
"summary": "SUSE Bug 1239473",
"url": "https://bugzilla.suse.com/1239473"
},
{
"category": "self",
"summary": "SUSE Bug 1239474",
"url": "https://bugzilla.suse.com/1239474"
},
{
"category": "self",
"summary": "SUSE Bug 1239475",
"url": "https://bugzilla.suse.com/1239475"
},
{
"category": "self",
"summary": "SUSE Bug 1239477",
"url": "https://bugzilla.suse.com/1239477"
},
{
"category": "self",
"summary": "SUSE Bug 1239478",
"url": "https://bugzilla.suse.com/1239478"
},
{
"category": "self",
"summary": "SUSE Bug 1239479",
"url": "https://bugzilla.suse.com/1239479"
},
{
"category": "self",
"summary": "SUSE Bug 1239481",
"url": "https://bugzilla.suse.com/1239481"
},
{
"category": "self",
"summary": "SUSE Bug 1239482",
"url": "https://bugzilla.suse.com/1239482"
},
{
"category": "self",
"summary": "SUSE Bug 1239483",
"url": "https://bugzilla.suse.com/1239483"
},
{
"category": "self",
"summary": "SUSE Bug 1239484",
"url": "https://bugzilla.suse.com/1239484"
},
{
"category": "self",
"summary": "SUSE Bug 1239486",
"url": "https://bugzilla.suse.com/1239486"
},
{
"category": "self",
"summary": "SUSE Bug 1239508",
"url": "https://bugzilla.suse.com/1239508"
},
{
"category": "self",
"summary": "SUSE Bug 1239512",
"url": "https://bugzilla.suse.com/1239512"
},
{
"category": "self",
"summary": "SUSE Bug 1239518",
"url": "https://bugzilla.suse.com/1239518"
},
{
"category": "self",
"summary": "SUSE Bug 1239573",
"url": "https://bugzilla.suse.com/1239573"
},
{
"category": "self",
"summary": "SUSE Bug 1239594",
"url": "https://bugzilla.suse.com/1239594"
},
{
"category": "self",
"summary": "SUSE Bug 1239595",
"url": "https://bugzilla.suse.com/1239595"
},
{
"category": "self",
"summary": "SUSE Bug 1239600",
"url": "https://bugzilla.suse.com/1239600"
},
{
"category": "self",
"summary": "SUSE Bug 1239605",
"url": "https://bugzilla.suse.com/1239605"
},
{
"category": "self",
"summary": "SUSE Bug 1239615",
"url": "https://bugzilla.suse.com/1239615"
},
{
"category": "self",
"summary": "SUSE Bug 1239644",
"url": "https://bugzilla.suse.com/1239644"
},
{
"category": "self",
"summary": "SUSE Bug 1239684",
"url": "https://bugzilla.suse.com/1239684"
},
{
"category": "self",
"summary": "SUSE Bug 1239707",
"url": "https://bugzilla.suse.com/1239707"
},
{
"category": "self",
"summary": "SUSE Bug 1239906",
"url": "https://bugzilla.suse.com/1239906"
},
{
"category": "self",
"summary": "SUSE Bug 1239925",
"url": "https://bugzilla.suse.com/1239925"
},
{
"category": "self",
"summary": "SUSE Bug 1239986",
"url": "https://bugzilla.suse.com/1239986"
},
{
"category": "self",
"summary": "SUSE Bug 1239994",
"url": "https://bugzilla.suse.com/1239994"
},
{
"category": "self",
"summary": "SUSE Bug 1240167",
"url": "https://bugzilla.suse.com/1240167"
},
{
"category": "self",
"summary": "SUSE Bug 1240168",
"url": "https://bugzilla.suse.com/1240168"
},
{
"category": "self",
"summary": "SUSE Bug 1240169",
"url": "https://bugzilla.suse.com/1240169"
},
{
"category": "self",
"summary": "SUSE Bug 1240171",
"url": "https://bugzilla.suse.com/1240171"
},
{
"category": "self",
"summary": "SUSE Bug 1240172",
"url": "https://bugzilla.suse.com/1240172"
},
{
"category": "self",
"summary": "SUSE Bug 1240173",
"url": "https://bugzilla.suse.com/1240173"
},
{
"category": "self",
"summary": "SUSE Bug 1240175",
"url": "https://bugzilla.suse.com/1240175"
},
{
"category": "self",
"summary": "SUSE Bug 1240176",
"url": "https://bugzilla.suse.com/1240176"
},
{
"category": "self",
"summary": "SUSE Bug 1240177",
"url": "https://bugzilla.suse.com/1240177"
},
{
"category": "self",
"summary": "SUSE Bug 1240179",
"url": "https://bugzilla.suse.com/1240179"
},
{
"category": "self",
"summary": "SUSE Bug 1240182",
"url": "https://bugzilla.suse.com/1240182"
},
{
"category": "self",
"summary": "SUSE Bug 1240183",
"url": "https://bugzilla.suse.com/1240183"
},
{
"category": "self",
"summary": "SUSE Bug 1240184",
"url": "https://bugzilla.suse.com/1240184"
},
{
"category": "self",
"summary": "SUSE Bug 1240185",
"url": "https://bugzilla.suse.com/1240185"
},
{
"category": "self",
"summary": "SUSE Bug 1240186",
"url": "https://bugzilla.suse.com/1240186"
},
{
"category": "self",
"summary": "SUSE Bug 1240188",
"url": "https://bugzilla.suse.com/1240188"
},
{
"category": "self",
"summary": "SUSE Bug 1240189",
"url": "https://bugzilla.suse.com/1240189"
},
{
"category": "self",
"summary": "SUSE Bug 1240191",
"url": "https://bugzilla.suse.com/1240191"
},
{
"category": "self",
"summary": "SUSE Bug 1240192",
"url": "https://bugzilla.suse.com/1240192"
},
{
"category": "self",
"summary": "SUSE Bug 1240333",
"url": "https://bugzilla.suse.com/1240333"
},
{
"category": "self",
"summary": "SUSE Bug 1240334",
"url": "https://bugzilla.suse.com/1240334"
},
{
"category": "self",
"summary": "SUSE Bug 1240375",
"url": "https://bugzilla.suse.com/1240375"
},
{
"category": "self",
"summary": "SUSE Bug 1240575",
"url": "https://bugzilla.suse.com/1240575"
},
{
"category": "self",
"summary": "SUSE Bug 1240581",
"url": "https://bugzilla.suse.com/1240581"
},
{
"category": "self",
"summary": "SUSE Bug 1240582",
"url": "https://bugzilla.suse.com/1240582"
},
{
"category": "self",
"summary": "SUSE Bug 1240583",
"url": "https://bugzilla.suse.com/1240583"
},
{
"category": "self",
"summary": "SUSE Bug 1240584",
"url": "https://bugzilla.suse.com/1240584"
},
{
"category": "self",
"summary": "SUSE Bug 1240585",
"url": "https://bugzilla.suse.com/1240585"
},
{
"category": "self",
"summary": "SUSE Bug 1240587",
"url": "https://bugzilla.suse.com/1240587"
},
{
"category": "self",
"summary": "SUSE Bug 1240590",
"url": "https://bugzilla.suse.com/1240590"
},
{
"category": "self",
"summary": "SUSE Bug 1240591",
"url": "https://bugzilla.suse.com/1240591"
},
{
"category": "self",
"summary": "SUSE Bug 1240592",
"url": "https://bugzilla.suse.com/1240592"
},
{
"category": "self",
"summary": "SUSE Bug 1240594",
"url": "https://bugzilla.suse.com/1240594"
},
{
"category": "self",
"summary": "SUSE Bug 1240595",
"url": "https://bugzilla.suse.com/1240595"
},
{
"category": "self",
"summary": "SUSE Bug 1240596",
"url": "https://bugzilla.suse.com/1240596"
},
{
"category": "self",
"summary": "SUSE Bug 1240600",
"url": "https://bugzilla.suse.com/1240600"
},
{
"category": "self",
"summary": "SUSE Bug 1240612",
"url": "https://bugzilla.suse.com/1240612"
},
{
"category": "self",
"summary": "SUSE Bug 1240616",
"url": "https://bugzilla.suse.com/1240616"
},
{
"category": "self",
"summary": "SUSE Bug 1240639",
"url": "https://bugzilla.suse.com/1240639"
},
{
"category": "self",
"summary": "SUSE Bug 1240643",
"url": "https://bugzilla.suse.com/1240643"
},
{
"category": "self",
"summary": "SUSE Bug 1240647",
"url": "https://bugzilla.suse.com/1240647"
},
{
"category": "self",
"summary": "SUSE Bug 1240691",
"url": "https://bugzilla.suse.com/1240691"
},
{
"category": "self",
"summary": "SUSE Bug 1240700",
"url": "https://bugzilla.suse.com/1240700"
},
{
"category": "self",
"summary": "SUSE Bug 1240701",
"url": "https://bugzilla.suse.com/1240701"
},
{
"category": "self",
"summary": "SUSE Bug 1240703",
"url": "https://bugzilla.suse.com/1240703"
},
{
"category": "self",
"summary": "SUSE Bug 1240708",
"url": "https://bugzilla.suse.com/1240708"
},
{
"category": "self",
"summary": "SUSE Bug 1240714",
"url": "https://bugzilla.suse.com/1240714"
},
{
"category": "self",
"summary": "SUSE Bug 1240715",
"url": "https://bugzilla.suse.com/1240715"
},
{
"category": "self",
"summary": "SUSE Bug 1240716",
"url": "https://bugzilla.suse.com/1240716"
},
{
"category": "self",
"summary": "SUSE Bug 1240718",
"url": "https://bugzilla.suse.com/1240718"
},
{
"category": "self",
"summary": "SUSE Bug 1240719",
"url": "https://bugzilla.suse.com/1240719"
},
{
"category": "self",
"summary": "SUSE Bug 1240720",
"url": "https://bugzilla.suse.com/1240720"
},
{
"category": "self",
"summary": "SUSE Bug 1240722",
"url": "https://bugzilla.suse.com/1240722"
},
{
"category": "self",
"summary": "SUSE Bug 1240727",
"url": "https://bugzilla.suse.com/1240727"
},
{
"category": "self",
"summary": "SUSE Bug 1240739",
"url": "https://bugzilla.suse.com/1240739"
},
{
"category": "self",
"summary": "SUSE Bug 1240742",
"url": "https://bugzilla.suse.com/1240742"
},
{
"category": "self",
"summary": "SUSE Bug 1240779",
"url": "https://bugzilla.suse.com/1240779"
},
{
"category": "self",
"summary": "SUSE Bug 1240783",
"url": "https://bugzilla.suse.com/1240783"
},
{
"category": "self",
"summary": "SUSE Bug 1240784",
"url": "https://bugzilla.suse.com/1240784"
},
{
"category": "self",
"summary": "SUSE Bug 1240795",
"url": "https://bugzilla.suse.com/1240795"
},
{
"category": "self",
"summary": "SUSE Bug 1240796",
"url": "https://bugzilla.suse.com/1240796"
},
{
"category": "self",
"summary": "SUSE Bug 1240797",
"url": "https://bugzilla.suse.com/1240797"
},
{
"category": "self",
"summary": "SUSE Bug 1240799",
"url": "https://bugzilla.suse.com/1240799"
},
{
"category": "self",
"summary": "SUSE Bug 1240801",
"url": "https://bugzilla.suse.com/1240801"
},
{
"category": "self",
"summary": "SUSE Bug 1240806",
"url": "https://bugzilla.suse.com/1240806"
},
{
"category": "self",
"summary": "SUSE Bug 1240808",
"url": "https://bugzilla.suse.com/1240808"
},
{
"category": "self",
"summary": "SUSE Bug 1240812",
"url": "https://bugzilla.suse.com/1240812"
},
{
"category": "self",
"summary": "SUSE Bug 1240813",
"url": "https://bugzilla.suse.com/1240813"
},
{
"category": "self",
"summary": "SUSE Bug 1240815",
"url": "https://bugzilla.suse.com/1240815"
},
{
"category": "self",
"summary": "SUSE Bug 1240816",
"url": "https://bugzilla.suse.com/1240816"
},
{
"category": "self",
"summary": "SUSE Bug 1240819",
"url": "https://bugzilla.suse.com/1240819"
},
{
"category": "self",
"summary": "SUSE Bug 1240821",
"url": "https://bugzilla.suse.com/1240821"
},
{
"category": "self",
"summary": "SUSE Bug 1240825",
"url": "https://bugzilla.suse.com/1240825"
},
{
"category": "self",
"summary": "SUSE Bug 1240829",
"url": "https://bugzilla.suse.com/1240829"
},
{
"category": "self",
"summary": "SUSE Bug 1240873",
"url": "https://bugzilla.suse.com/1240873"
},
{
"category": "self",
"summary": "SUSE Bug 1240937",
"url": "https://bugzilla.suse.com/1240937"
},
{
"category": "self",
"summary": "SUSE Bug 1240938",
"url": "https://bugzilla.suse.com/1240938"
},
{
"category": "self",
"summary": "SUSE Bug 1240940",
"url": "https://bugzilla.suse.com/1240940"
},
{
"category": "self",
"summary": "SUSE Bug 1240942",
"url": "https://bugzilla.suse.com/1240942"
},
{
"category": "self",
"summary": "SUSE Bug 1240943",
"url": "https://bugzilla.suse.com/1240943"
},
{
"category": "self",
"summary": "SUSE Bug 1240978",
"url": "https://bugzilla.suse.com/1240978"
},
{
"category": "self",
"summary": "SUSE Bug 1240979",
"url": "https://bugzilla.suse.com/1240979"
},
{
"category": "self",
"summary": "SUSE Bug 1241038",
"url": "https://bugzilla.suse.com/1241038"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52831 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52831/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52924 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52924/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52925 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52925/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52926 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52926/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52927 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52927/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26634 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26634/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26708 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26708/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26810 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26810/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26873 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26873/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-27415 page",
"url": "https://www.suse.com/security/cve/CVE-2024-27415/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-35826 page",
"url": "https://www.suse.com/security/cve/CVE-2024-35826/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-35910 page",
"url": "https://www.suse.com/security/cve/CVE-2024-35910/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-38606 page",
"url": "https://www.suse.com/security/cve/CVE-2024-38606/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40980 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40980/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41005 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41005/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41055 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41055/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41077 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41077/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41149 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41149/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42307 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42307/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43820 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43820/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-44974 page",
"url": "https://www.suse.com/security/cve/CVE-2024-44974/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45009 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45009/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45010 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45010/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46736 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46736/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46782 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46782/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46796 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46796/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46858 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46858/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47408 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47408/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47701 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47701/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47794 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47794/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49571 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49571/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49884 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49884/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49924 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49924/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49940 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49940/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49950 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49950/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49994 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49994/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50029 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50029/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50036 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50036/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50038 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50038/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50056 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50056/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50073 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50073/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50085 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50085/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50115 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50115/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50126 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50126/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50140 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50140/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50142 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50142/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50152 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50152/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50185 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50185/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50251 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50251/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50258 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50258/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50290 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50290/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50294 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50294/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50304 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50304/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-52559 page",
"url": "https://www.suse.com/security/cve/CVE-2024-52559/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53057 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53057/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53063 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53063/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53123 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53123/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53124 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53124/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53139 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53139/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53140 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53140/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53147 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53147/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53163 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53163/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53173 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53173/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53176 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53176/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53177 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53177/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53178 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53178/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53226 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53226/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53239 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53239/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53680 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53680/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-54683 page",
"url": "https://www.suse.com/security/cve/CVE-2024-54683/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56539 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56539/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56548 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56548/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56579 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56579/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56592 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56592/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56605 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56605/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56633 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56633/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56638 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56638/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56640 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56640/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56647 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56647/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56658 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56658/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56702 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56702/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56703 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56703/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56718 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56718/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56719 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56719/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56720 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56720/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56751 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56751/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56758 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56758/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56770 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56770/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57807 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57807/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57834 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57834/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57882 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57882/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57889 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57889/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57900 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57900/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57947 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57947/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57948 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57948/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57973 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57973/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57974 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57974/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57978 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57978/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57979 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57979/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57980 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57980/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57981 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57981/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57986 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57986/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57990 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57990/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57993 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57993/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57994 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57994/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57996 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57996/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57997 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57997/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57999 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57999/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58002 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58002/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58005 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58005/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58006 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58006/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58007 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58007/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58009 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58009/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58011 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58011/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58012 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58012/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58013 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58013/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58014 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58014/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58017 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58017/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58018 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58018/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58019 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58019/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58020 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58020/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58034 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58034/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58051 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58051/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58052 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58052/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58054 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58054/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58055 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58055/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58056 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58056/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58057 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58057/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58058 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58058/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58061 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58061/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58063 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58063/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58069 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58069/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58071 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58071/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58072 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58072/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58076 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58076/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58078 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58078/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58079 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58079/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58080 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58080/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58083 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58083/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58085 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58085/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58086 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58086/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21631 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21631/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21635 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21635/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21636 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21636/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21637 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21637/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21638 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21638/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21639 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21639/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21640 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21640/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21647 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21647/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21659 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21659/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21665 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21665/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21666 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21666/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21667 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21667/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21668 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21668/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21669 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21669/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21670 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21670/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21671 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21671/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21673 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21673/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21675 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21675/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21678 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21678/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21680 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21680/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21681 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21681/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21684 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21684/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21687 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21687/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21688 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21688/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21689 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21689/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21690 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21690/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21692 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21692/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21693 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21693/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21697 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21697/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21699 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21699/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21700 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21700/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21701 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21701/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21703 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21703/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21704 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21704/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21705 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21705/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21706 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21706/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21708 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21708/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21711 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21711/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21714 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21714/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21715 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21715/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21716 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21716/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21718 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21718/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21719 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21719/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21723 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21723/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21724 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21724/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21725 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21725/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21726 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21726/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21727 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21727/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21728 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21728/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21729 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21729/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21731 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21731/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21732 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21732/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21733 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21733/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21734 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21734/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21735 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21735/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21736 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21736/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21738 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21738/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21739 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21739/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21741 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21741/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21742 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21742/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21743 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21743/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21744 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21744/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21745 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21745/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21749 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21749/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21750 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21750/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21753 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21753/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21754 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21754/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21755 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21755/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21756 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21756/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21759 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21759/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21760 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21760/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21761 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21761/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21762 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21762/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21763 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21763/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21764 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21764/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21765 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21765/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21766 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21766/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21767 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21767/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21772 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21772/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21773 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21773/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21775 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21775/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21776 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21776/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21779 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21779/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21780 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21780/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21781 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21781/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21782 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21782/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21784 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21784/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21785 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21785/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21790 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21790/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21791 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21791/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21793 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21793/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21794 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21794/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21795 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21795/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21796 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21796/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21799 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21799/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21802 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21802/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21804 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21804/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21806 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21806/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21810 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21810/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21815 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21815/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21819 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21819/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21820 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21820/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21821 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21821/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21823 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21823/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21825 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21825/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21828 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21828/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21829 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21829/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21830 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21830/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21831 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21831/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21832 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21832/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21835 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21835/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21836 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21836/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21838 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21838/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21844 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21844/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21846 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21846/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21847 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21847/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21848 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21848/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21850 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21850/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21855 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21855/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21856 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21856/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21857 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21857/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21858 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21858/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21859 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21859/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21861 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21861/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21862 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21862/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21863 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21863/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21864 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21864/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21865 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21865/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21866 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21866/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21869 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21869/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21870 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21870/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21871 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21871/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21873 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21873/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21875 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21875/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21876 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21876/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21877 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21877/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21878 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21878/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21881 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21881/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21883 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21883/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21884 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21884/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21885 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21885/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21886 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21886/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21887 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21887/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21888 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21888/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21889 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21889/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21890 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21890/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21891 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21891/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21892 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21892/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21894 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21894/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21895 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21895/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21905 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21905/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21906 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21906/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21908 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21908/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21909 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21909/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21910 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21910/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21912 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21912/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21913 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21913/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21914 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21914/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21915 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21915/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21916 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21916/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21917 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21917/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21918 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21918/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21922 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21922/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21923 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21923/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21924 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21924/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21927 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21927/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21928 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21928/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21930 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21930/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21934 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21934/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21935 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21935/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21936 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21936/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21937 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21937/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21941 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21941/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21943 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21943/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21948 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21948/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21950 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21950/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21951 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21951/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21953 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21953/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21956 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21956/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21957 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21957/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21960 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21960/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21961 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21961/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21966 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21966/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21968 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21968/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21969 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21969/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21970 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21970/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21971 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21971/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21972 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21972/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21975 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21975/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21978 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21978/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21979 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21979/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21981 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21981/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21991 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21991/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21992 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21992/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21993 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21993/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21995 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21995/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21996 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21996/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22001 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22001/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22003 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22003/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22007 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22007/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22008 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22008/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22009 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22009/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22010 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22010/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22013 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22013/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22014 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22014/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-2312 page",
"url": "https://www.suse.com/security/cve/CVE-2025-2312/"
}
],
"title": "Security update for the Linux Kernel",
"tracking": {
"current_release_date": "2025-04-17T14:37:10Z",
"generator": {
"date": "2025-04-17T14:37:10Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:20192-1",
"initial_release_date": "2025-04-17T14:37:10Z",
"revision_history": [
{
"date": "2025-04-17T14:37:10Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-default-6.4.0-28.1.aarch64",
"product": {
"name": "kernel-default-6.4.0-28.1.aarch64",
"product_id": "kernel-default-6.4.0-28.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-default-base-6.4.0-28.1.21.6.aarch64",
"product": {
"name": "kernel-default-base-6.4.0-28.1.21.6.aarch64",
"product_id": "kernel-default-base-6.4.0-28.1.21.6.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-6.4.0-28.1.noarch",
"product": {
"name": "kernel-devel-6.4.0-28.1.noarch",
"product_id": "kernel-devel-6.4.0-28.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-macros-6.4.0-28.1.noarch",
"product": {
"name": "kernel-macros-6.4.0-28.1.noarch",
"product_id": "kernel-macros-6.4.0-28.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-source-6.4.0-28.1.noarch",
"product": {
"name": "kernel-source-6.4.0-28.1.noarch",
"product_id": "kernel-source-6.4.0-28.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-default-6.4.0-28.1.s390x",
"product": {
"name": "kernel-default-6.4.0-28.1.s390x",
"product_id": "kernel-default-6.4.0-28.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-default-livepatch-6.4.0-28.1.s390x",
"product": {
"name": "kernel-default-livepatch-6.4.0-28.1.s390x",
"product_id": "kernel-default-livepatch-6.4.0-28.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"product": {
"name": "kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"product_id": "kernel-livepatch-6_4_0-28-default-1-3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-default-6.4.0-28.1.x86_64",
"product": {
"name": "kernel-default-6.4.0-28.1.x86_64",
"product_id": "kernel-default-6.4.0-28.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-base-6.4.0-28.1.21.6.x86_64",
"product": {
"name": "kernel-default-base-6.4.0-28.1.21.6.x86_64",
"product_id": "kernel-default-base-6.4.0-28.1.21.6.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-livepatch-6.4.0-28.1.x86_64",
"product": {
"name": "kernel-default-livepatch-6.4.0-28.1.x86_64",
"product_id": "kernel-default-livepatch-6.4.0-28.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-kvmsmall-6.4.0-28.1.x86_64",
"product": {
"name": "kernel-kvmsmall-6.4.0-28.1.x86_64",
"product_id": "kernel-kvmsmall-6.4.0-28.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"product": {
"name": "kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"product_id": "kernel-livepatch-6_4_0-28-default-1-3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.0",
"product": {
"name": "SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.0"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-6.4.0-28.1.aarch64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64"
},
"product_reference": "kernel-default-6.4.0-28.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-6.4.0-28.1.s390x as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x"
},
"product_reference": "kernel-default-6.4.0-28.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-6.4.0-28.1.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64"
},
"product_reference": "kernel-default-6.4.0-28.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-base-6.4.0-28.1.21.6.aarch64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64"
},
"product_reference": "kernel-default-base-6.4.0-28.1.21.6.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-base-6.4.0-28.1.21.6.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64"
},
"product_reference": "kernel-default-base-6.4.0-28.1.21.6.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-livepatch-6.4.0-28.1.s390x as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x"
},
"product_reference": "kernel-default-livepatch-6.4.0-28.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-livepatch-6.4.0-28.1.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64"
},
"product_reference": "kernel-default-livepatch-6.4.0-28.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-6.4.0-28.1.noarch as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch"
},
"product_reference": "kernel-devel-6.4.0-28.1.noarch",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-kvmsmall-6.4.0-28.1.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64"
},
"product_reference": "kernel-kvmsmall-6.4.0-28.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-28-default-1-3.1.s390x as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x"
},
"product_reference": "kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-28-default-1-3.1.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64"
},
"product_reference": "kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-macros-6.4.0-28.1.noarch as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch"
},
"product_reference": "kernel-macros-6.4.0-28.1.noarch",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-6.4.0-28.1.noarch as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
},
"product_reference": "kernel-source-6.4.0-28.1.noarch",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-52831",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52831"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncpu/hotplug: Don\u0027t offline the last non-isolated CPU\n\nIf a system has isolated CPUs via the \"isolcpus=\" command line parameter,\nthen an attempt to offline the last housekeeping CPU will result in a\nWARN_ON() when rebuilding the scheduler domains and a subsequent panic due\nto and unhandled empty CPU mas in partition_sched_domains_locked().\n\ncpuset_hotplug_workfn()\n rebuild_sched_domains_locked()\n ndoms = generate_sched_domains(\u0026doms, \u0026attr);\n cpumask_and(doms[0], top_cpuset.effective_cpus, housekeeping_cpumask(HK_FLAG_DOMAIN));\n\nThus results in an empty CPU mask which triggers the warning and then the\nsubsequent crash:\n\nWARNING: CPU: 4 PID: 80 at kernel/sched/topology.c:2366 build_sched_domains+0x120c/0x1408\nCall trace:\n build_sched_domains+0x120c/0x1408\n partition_sched_domains_locked+0x234/0x880\n rebuild_sched_domains_locked+0x37c/0x798\n rebuild_sched_domains+0x30/0x58\n cpuset_hotplug_workfn+0x2a8/0x930\n\nUnable to handle kernel paging request at virtual address fffe80027ab37080\n partition_sched_domains_locked+0x318/0x880\n rebuild_sched_domains_locked+0x37c/0x798\n\nAside of the resulting crash, it does not make any sense to offline the last\nlast housekeeping CPU.\n\nPrevent this by masking out the non-housekeeping CPUs when selecting a\ntarget CPU for initiating the CPU unplug operation via the work queue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52831",
"url": "https://www.suse.com/security/cve/CVE-2023-52831"
},
{
"category": "external",
"summary": "SUSE Bug 1225533 for CVE-2023-52831",
"url": "https://bugzilla.suse.com/1225533"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2023-52831"
},
{
"cve": "CVE-2023-52924",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52924"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: don\u0027t skip expired elements during walk\n\nThere is an asymmetry between commit/abort and preparation phase if the\nfollowing conditions are met:\n\n1. set is a verdict map (\"1.2.3.4 : jump foo\")\n2. timeouts are enabled\n\nIn this case, following sequence is problematic:\n\n1. element E in set S refers to chain C\n2. userspace requests removal of set S\n3. kernel does a set walk to decrement chain-\u003euse count for all elements\n from preparation phase\n4. kernel does another set walk to remove elements from the commit phase\n (or another walk to do a chain-\u003euse increment for all elements from\n abort phase)\n\nIf E has already expired in 1), it will be ignored during list walk, so its use count\nwon\u0027t have been changed.\n\nThen, when set is culled, -\u003edestroy callback will zap the element via\nnf_tables_set_elem_destroy(), but this function is only safe for\nelements that have been deactivated earlier from the preparation phase:\nlack of earlier deactivate removes the element but leaks the chain use\ncount, which results in a WARN splat when the chain gets removed later,\nplus a leak of the nft_chain structure.\n\nUpdate pipapo_get() not to skip expired elements, otherwise flush\ncommand reports bogus ENOENT errors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52924",
"url": "https://www.suse.com/security/cve/CVE-2023-52924"
},
{
"category": "external",
"summary": "SUSE Bug 1236821 for CVE-2023-52924",
"url": "https://bugzilla.suse.com/1236821"
},
{
"category": "external",
"summary": "SUSE Bug 1244630 for CVE-2023-52924",
"url": "https://bugzilla.suse.com/1244630"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2023-52924"
},
{
"cve": "CVE-2023-52925",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52925"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: don\u0027t fail inserts if duplicate has expired\n\nnftables selftests fail:\nrun-tests.sh testcases/sets/0044interval_overlap_0\nExpected: 0-2 . 0-3, got:\nW: [FAILED] ./testcases/sets/0044interval_overlap_0: got 1\n\nInsertion must ignore duplicate but expired entries.\n\nMoreover, there is a strange asymmetry in nft_pipapo_activate:\n\nIt refetches the current element, whereas the other -\u003eactivate callbacks\n(bitmap, hash, rhash, rbtree) use elem-\u003epriv.\nSame for .remove: other set implementations take elem-\u003epriv,\nnft_pipapo_remove fetches elem-\u003epriv, then does a relookup,\nremove this.\n\nI suspect this was the reason for the change that prompted the\nremoval of the expired check in pipapo_get() in the first place,\nbut skipping exired elements there makes no sense to me, this helper\nis used for normal get requests, insertions (duplicate check)\nand deactivate callback.\n\nIn first two cases expired elements must be skipped.\n\nFor -\u003edeactivate(), this gets called for DELSETELEM, so it\nseems to me that expired elements should be skipped as well, i.e.\ndelete request should fail with -ENOENT error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52925",
"url": "https://www.suse.com/security/cve/CVE-2023-52925"
},
{
"category": "external",
"summary": "SUSE Bug 1236822 for CVE-2023-52925",
"url": "https://bugzilla.suse.com/1236822"
},
{
"category": "external",
"summary": "SUSE Bug 1246009 for CVE-2023-52925",
"url": "https://bugzilla.suse.com/1246009"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2023-52925"
},
{
"cve": "CVE-2023-52926",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52926"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nIORING_OP_READ did not correctly consume the provided buffer list when\nread i/o returned \u003c 0 (except for -EAGAIN and -EIOCBQUEUED return).\nThis can lead to a potential use-after-free when the completion via\nio_rw_done runs at separate context.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52926",
"url": "https://www.suse.com/security/cve/CVE-2023-52926"
},
{
"category": "external",
"summary": "SUSE Bug 1237565 for CVE-2023-52926",
"url": "https://bugzilla.suse.com/1237565"
},
{
"category": "external",
"summary": "SUSE Bug 1237567 for CVE-2023-52926",
"url": "https://bugzilla.suse.com/1237567"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2023-52926"
},
{
"cve": "CVE-2023-52927",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52927"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: allow exp not to be removed in nf_ct_find_expectation\n\nCurrently nf_conntrack_in() calling nf_ct_find_expectation() will\nremove the exp from the hash table. However, in some scenario, we\nexpect the exp not to be removed when the created ct will not be\nconfirmed, like in OVS and TC conntrack in the following patches.\n\nThis patch allows exp not to be removed by setting IPS_CONFIRMED\nin the status of the tmpl.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52927",
"url": "https://www.suse.com/security/cve/CVE-2023-52927"
},
{
"category": "external",
"summary": "SUSE Bug 1239644 for CVE-2023-52927",
"url": "https://bugzilla.suse.com/1239644"
},
{
"category": "external",
"summary": "SUSE Bug 1246016 for CVE-2023-52927",
"url": "https://bugzilla.suse.com/1246016"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2023-52927"
},
{
"cve": "CVE-2024-26634",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26634"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix removing a namespace with conflicting altnames\n\nMark reports a BUG() when a net namespace is removed.\n\n kernel BUG at net/core/dev.c:11520!\n\nPhysical interfaces moved outside of init_net get \"refunded\"\nto init_net when that namespace disappears. The main interface\nname may get overwritten in the process if it would have\nconflicted. We need to also discard all conflicting altnames.\nRecent fixes addressed ensuring that altnames get moved\nwith the main interface, which surfaced this problem.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26634",
"url": "https://www.suse.com/security/cve/CVE-2024-26634"
},
{
"category": "external",
"summary": "SUSE Bug 1221651 for CVE-2024-26634",
"url": "https://bugzilla.suse.com/1221651"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-26634"
},
{
"cve": "CVE-2024-26708",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26708"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: really cope with fastopen race\n\nFastopen and PM-trigger subflow shutdown can race, as reported by\nsyzkaller.\n\nIn my first attempt to close such race, I missed the fact that\nthe subflow status can change again before the subflow_state_change\ncallback is invoked.\n\nAddress the issue additionally copying with all the states directly\nreachable from TCP_FIN_WAIT1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26708",
"url": "https://www.suse.com/security/cve/CVE-2024-26708"
},
{
"category": "external",
"summary": "SUSE Bug 1222672 for CVE-2024-26708",
"url": "https://bugzilla.suse.com/1222672"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-26708"
},
{
"cve": "CVE-2024-26810",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26810"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvfio/pci: Lock external INTx masking ops\n\nMask operations through config space changes to DisINTx may race INTx\nconfiguration changes via ioctl. Create wrappers that add locking for\npaths outside of the core interrupt code.\n\nIn particular, irq_type is updated holding igate, therefore testing\nis_intx() requires holding igate. For example clearing DisINTx from\nconfig space can otherwise race changes of the interrupt configuration.\n\nThis aligns interfaces which may trigger the INTx eventfd into two\ncamps, one side serialized by igate and the other only enabled while\nINTx is configured. A subsequent patch introduces synchronization for\nthe latter flows.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26810",
"url": "https://www.suse.com/security/cve/CVE-2024-26810"
},
{
"category": "external",
"summary": "SUSE Bug 1222803 for CVE-2024-26810",
"url": "https://bugzilla.suse.com/1222803"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-26810"
},
{
"cve": "CVE-2024-26873",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26873"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: hisi_sas: Fix a deadlock issue related to automatic dump\n\nIf we issue a disabling PHY command, the device attached with it will go\noffline, if a 2 bit ECC error occurs at the same time, a hung task may be\nfound:\n\n[ 4613.652388] INFO: task kworker/u256:0:165233 blocked for more than 120 seconds.\n[ 4613.666297] \"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\n[ 4613.674809] task:kworker/u256:0 state:D stack: 0 pid:165233 ppid: 2 flags:0x00000208\n[ 4613.683959] Workqueue: 0000:74:02.0_disco_q sas_revalidate_domain [libsas]\n[ 4613.691518] Call trace:\n[ 4613.694678] __switch_to+0xf8/0x17c\n[ 4613.698872] __schedule+0x660/0xee0\n[ 4613.703063] schedule+0xac/0x240\n[ 4613.706994] schedule_timeout+0x500/0x610\n[ 4613.711705] __down+0x128/0x36c\n[ 4613.715548] down+0x240/0x2d0\n[ 4613.719221] hisi_sas_internal_abort_timeout+0x1bc/0x260 [hisi_sas_main]\n[ 4613.726618] sas_execute_internal_abort+0x144/0x310 [libsas]\n[ 4613.732976] sas_execute_internal_abort_dev+0x44/0x60 [libsas]\n[ 4613.739504] hisi_sas_internal_task_abort_dev.isra.0+0xbc/0x1b0 [hisi_sas_main]\n[ 4613.747499] hisi_sas_dev_gone+0x174/0x250 [hisi_sas_main]\n[ 4613.753682] sas_notify_lldd_dev_gone+0xec/0x2e0 [libsas]\n[ 4613.759781] sas_unregister_common_dev+0x4c/0x7a0 [libsas]\n[ 4613.765962] sas_destruct_devices+0xb8/0x120 [libsas]\n[ 4613.771709] sas_do_revalidate_domain.constprop.0+0x1b8/0x31c [libsas]\n[ 4613.778930] sas_revalidate_domain+0x60/0xa4 [libsas]\n[ 4613.784716] process_one_work+0x248/0x950\n[ 4613.789424] worker_thread+0x318/0x934\n[ 4613.793878] kthread+0x190/0x200\n[ 4613.797810] ret_from_fork+0x10/0x18\n[ 4613.802121] INFO: task kworker/u256:4:316722 blocked for more than 120 seconds.\n[ 4613.816026] \"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\n[ 4613.824538] task:kworker/u256:4 state:D stack: 0 pid:316722 ppid: 2 flags:0x00000208\n[ 4613.833670] Workqueue: 0000:74:02.0 hisi_sas_rst_work_handler [hisi_sas_main]\n[ 4613.841491] Call trace:\n[ 4613.844647] __switch_to+0xf8/0x17c\n[ 4613.848852] __schedule+0x660/0xee0\n[ 4613.853052] schedule+0xac/0x240\n[ 4613.856984] schedule_timeout+0x500/0x610\n[ 4613.861695] __down+0x128/0x36c\n[ 4613.865542] down+0x240/0x2d0\n[ 4613.869216] hisi_sas_controller_prereset+0x58/0x1fc [hisi_sas_main]\n[ 4613.876324] hisi_sas_rst_work_handler+0x40/0x8c [hisi_sas_main]\n[ 4613.883019] process_one_work+0x248/0x950\n[ 4613.887732] worker_thread+0x318/0x934\n[ 4613.892204] kthread+0x190/0x200\n[ 4613.896118] ret_from_fork+0x10/0x18\n[ 4613.900423] INFO: task kworker/u256:1:348985 blocked for more than 121 seconds.\n[ 4613.914341] \"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\n[ 4613.922852] task:kworker/u256:1 state:D stack: 0 pid:348985 ppid: 2 flags:0x00000208\n[ 4613.931984] Workqueue: 0000:74:02.0_event_q sas_port_event_worker [libsas]\n[ 4613.939549] Call trace:\n[ 4613.942702] __switch_to+0xf8/0x17c\n[ 4613.946892] __schedule+0x660/0xee0\n[ 4613.951083] schedule+0xac/0x240\n[ 4613.955015] schedule_timeout+0x500/0x610\n[ 4613.959725] wait_for_common+0x200/0x610\n[ 4613.964349] wait_for_completion+0x3c/0x5c\n[ 4613.969146] flush_workqueue+0x198/0x790\n[ 4613.973776] sas_porte_broadcast_rcvd+0x1e8/0x320 [libsas]\n[ 4613.979960] sas_port_event_worker+0x54/0xa0 [libsas]\n[ 4613.985708] process_one_work+0x248/0x950\n[ 4613.990420] worker_thread+0x318/0x934\n[ 4613.994868] kthread+0x190/0x200\n[ 4613.998800] ret_from_fork+0x10/0x18\n\nThis is because when the device goes offline, we obtain the hisi_hba\nsemaphore and send the ABORT_DEV command to the device. However, the\ninternal abort timed out due to the 2 bit ECC error and triggers automatic\ndump. In addition, since the hisi_hba semaphore has been obtained, the dump\ncannot be executed and the controller cannot be reset.\n\nTherefore, the deadlocks occur on the following circular dependencies\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26873",
"url": "https://www.suse.com/security/cve/CVE-2024-26873"
},
{
"category": "external",
"summary": "SUSE Bug 1223047 for CVE-2024-26873",
"url": "https://bugzilla.suse.com/1223047"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-26873"
},
{
"cve": "CVE-2024-27415",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-27415"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: bridge: confirm multicast packets before passing them up the stack\n\nconntrack nf_confirm logic cannot handle cloned skbs referencing\nthe same nf_conn entry, which will happen for multicast (broadcast)\nframes on bridges.\n\n Example:\n macvlan0\n |\n br0\n / \\\n ethX ethY\n\n ethX (or Y) receives a L2 multicast or broadcast packet containing\n an IP packet, flow is not yet in conntrack table.\n\n 1. skb passes through bridge and fake-ip (br_netfilter)Prerouting.\n -\u003e skb-\u003e_nfct now references a unconfirmed entry\n 2. skb is broad/mcast packet. bridge now passes clones out on each bridge\n interface.\n 3. skb gets passed up the stack.\n 4. In macvlan case, macvlan driver retains clone(s) of the mcast skb\n and schedules a work queue to send them out on the lower devices.\n\n The clone skb-\u003e_nfct is not a copy, it is the same entry as the\n original skb. The macvlan rx handler then returns RX_HANDLER_PASS.\n 5. Normal conntrack hooks (in NF_INET_LOCAL_IN) confirm the orig skb.\n\nThe Macvlan broadcast worker and normal confirm path will race.\n\nThis race will not happen if step 2 already confirmed a clone. In that\ncase later steps perform skb_clone() with skb-\u003e_nfct already confirmed (in\nhash table). This works fine.\n\nBut such confirmation won\u0027t happen when eb/ip/nftables rules dropped the\npackets before they reached the nf_confirm step in postrouting.\n\nPablo points out that nf_conntrack_bridge doesn\u0027t allow use of stateful\nnat, so we can safely discard the nf_conn entry and let inet call\nconntrack again.\n\nThis doesn\u0027t work for bridge netfilter: skb could have a nat\ntransformation. Also bridge nf prevents re-invocation of inet prerouting\nvia \u0027sabotage_in\u0027 hook.\n\nWork around this problem by explicit confirmation of the entry at LOCAL_IN\ntime, before upper layer has a chance to clone the unconfirmed entry.\n\nThe downside is that this disables NAT and conntrack helpers.\n\nAlternative fix would be to add locking to all code parts that deal with\nunconfirmed packets, but even if that could be done in a sane way this\nopens up other problems, for example:\n\n-m physdev --physdev-out eth0 -j SNAT --snat-to 1.2.3.4\n-m physdev --physdev-out eth1 -j SNAT --snat-to 1.2.3.5\n\nFor multicast case, only one of such conflicting mappings will be\ncreated, conntrack only handles 1:1 NAT mappings.\n\nUsers should set create a setup that explicitly marks such traffic\nNOTRACK (conntrack bypass) to avoid this, but we cannot auto-bypass\nthem, ruleset might have accept rules for untracked traffic already,\nso user-visible behaviour would change.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-27415",
"url": "https://www.suse.com/security/cve/CVE-2024-27415"
},
{
"category": "external",
"summary": "SUSE Bug 1224757 for CVE-2024-27415",
"url": "https://bugzilla.suse.com/1224757"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-27415"
},
{
"cve": "CVE-2024-35826",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-35826"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: Fix page refcounts for unaligned buffers in __bio_release_pages()\n\nFix an incorrect number of pages being released for buffers that do not\nstart at the beginning of a page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-35826",
"url": "https://www.suse.com/security/cve/CVE-2024-35826"
},
{
"category": "external",
"summary": "SUSE Bug 1224610 for CVE-2024-35826",
"url": "https://bugzilla.suse.com/1224610"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-35826"
},
{
"cve": "CVE-2024-35910",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-35910"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: properly terminate timers for kernel sockets\n\nWe had various syzbot reports about tcp timers firing after\nthe corresponding netns has been dismantled.\n\nFortunately Josef Bacik could trigger the issue more often,\nand could test a patch I wrote two years ago.\n\nWhen TCP sockets are closed, we call inet_csk_clear_xmit_timers()\nto \u0027stop\u0027 the timers.\n\ninet_csk_clear_xmit_timers() can be called from any context,\nincluding when socket lock is held.\nThis is the reason it uses sk_stop_timer(), aka del_timer().\nThis means that ongoing timers might finish much later.\n\nFor user sockets, this is fine because each running timer\nholds a reference on the socket, and the user socket holds\na reference on the netns.\n\nFor kernel sockets, we risk that the netns is freed before\ntimer can complete, because kernel sockets do not hold\nreference on the netns.\n\nThis patch adds inet_csk_clear_xmit_timers_sync() function\nthat using sk_stop_timer_sync() to make sure all timers\nare terminated before the kernel socket is released.\nModules using kernel sockets close them in their netns exit()\nhandler.\n\nAlso add sock_not_owned_by_me() helper to get LOCKDEP\nsupport : inet_csk_clear_xmit_timers_sync() must not be called\nwhile socket lock is held.\n\nIt is very possible we can revert in the future commit\n3a58f13a881e (\"net: rds: acquire refcount on TCP sockets\")\nwhich attempted to solve the issue in rds only.\n(net/smc/af_smc.c and net/mptcp/subflow.c have similar code)\n\nWe probably can remove the check_net() tests from\ntcp_out_of_resources() and __tcp_close() in the future.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-35910",
"url": "https://www.suse.com/security/cve/CVE-2024-35910"
},
{
"category": "external",
"summary": "SUSE Bug 1224489 for CVE-2024-35910",
"url": "https://bugzilla.suse.com/1224489"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-35910"
},
{
"cve": "CVE-2024-38606",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-38606"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: qat - validate slices count returned by FW\n\nThe function adf_send_admin_tl_start() enables the telemetry (TL)\nfeature on a QAT device by sending the ICP_QAT_FW_TL_START message to\nthe firmware. This triggers the FW to start writing TL data to a DMA\nbuffer in memory and returns an array containing the number of\naccelerators of each type (slices) supported by this HW.\nThe pointer to this array is stored in the adf_tl_hw_data data\nstructure called slice_cnt.\n\nThe array slice_cnt is then used in the function tl_print_dev_data()\nto report in debugfs only statistics about the supported accelerators.\nAn incorrect value of the elements in slice_cnt might lead to an out\nof bounds memory read.\nAt the moment, there isn\u0027t an implementation of FW that returns a wrong\nvalue, but for robustness validate the slice count array returned by FW.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-38606",
"url": "https://www.suse.com/security/cve/CVE-2024-38606"
},
{
"category": "external",
"summary": "SUSE Bug 1226871 for CVE-2024-38606",
"url": "https://bugzilla.suse.com/1226871"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-38606"
},
{
"cve": "CVE-2024-40980",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40980"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrop_monitor: replace spin_lock by raw_spin_lock\n\ntrace_drop_common() is called with preemption disabled, and it acquires\na spin_lock. This is problematic for RT kernels because spin_locks are\nsleeping locks in this configuration, which causes the following splat:\n\nBUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48\nin_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 449, name: rcuc/47\npreempt_count: 1, expected: 0\nRCU nest depth: 2, expected: 2\n5 locks held by rcuc/47/449:\n #0: ff1100086ec30a60 ((softirq_ctrl.lock)){+.+.}-{2:2}, at: __local_bh_disable_ip+0x105/0x210\n #1: ffffffffb394a280 (rcu_read_lock){....}-{1:2}, at: rt_spin_lock+0xbf/0x130\n #2: ffffffffb394a280 (rcu_read_lock){....}-{1:2}, at: __local_bh_disable_ip+0x11c/0x210\n #3: ffffffffb394a160 (rcu_callback){....}-{0:0}, at: rcu_do_batch+0x360/0xc70\n #4: ff1100086ee07520 (\u0026data-\u003elock){+.+.}-{2:2}, at: trace_drop_common.constprop.0+0xb5/0x290\nirq event stamp: 139909\nhardirqs last enabled at (139908): [\u003cffffffffb1df2b33\u003e] _raw_spin_unlock_irqrestore+0x63/0x80\nhardirqs last disabled at (139909): [\u003cffffffffb19bd03d\u003e] trace_drop_common.constprop.0+0x26d/0x290\nsoftirqs last enabled at (139892): [\u003cffffffffb07a1083\u003e] __local_bh_enable_ip+0x103/0x170\nsoftirqs last disabled at (139898): [\u003cffffffffb0909b33\u003e] rcu_cpu_kthread+0x93/0x1f0\nPreemption disabled at:\n[\u003cffffffffb1de786b\u003e] rt_mutex_slowunlock+0xab/0x2e0\nCPU: 47 PID: 449 Comm: rcuc/47 Not tainted 6.9.0-rc2-rt1+ #7\nHardware name: Dell Inc. PowerEdge R650/0Y2G81, BIOS 1.6.5 04/15/2022\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x8c/0xd0\n dump_stack+0x14/0x20\n __might_resched+0x21e/0x2f0\n rt_spin_lock+0x5e/0x130\n ? trace_drop_common.constprop.0+0xb5/0x290\n ? skb_queue_purge_reason.part.0+0x1bf/0x230\n trace_drop_common.constprop.0+0xb5/0x290\n ? preempt_count_sub+0x1c/0xd0\n ? _raw_spin_unlock_irqrestore+0x4a/0x80\n ? __pfx_trace_drop_common.constprop.0+0x10/0x10\n ? rt_mutex_slowunlock+0x26a/0x2e0\n ? skb_queue_purge_reason.part.0+0x1bf/0x230\n ? __pfx_rt_mutex_slowunlock+0x10/0x10\n ? skb_queue_purge_reason.part.0+0x1bf/0x230\n trace_kfree_skb_hit+0x15/0x20\n trace_kfree_skb+0xe9/0x150\n kfree_skb_reason+0x7b/0x110\n skb_queue_purge_reason.part.0+0x1bf/0x230\n ? __pfx_skb_queue_purge_reason.part.0+0x10/0x10\n ? mark_lock.part.0+0x8a/0x520\n...\n\ntrace_drop_common() also disables interrupts, but this is a minor issue\nbecause we could easily replace it with a local_lock.\n\nReplace the spin_lock with raw_spin_lock to avoid sleeping in atomic\ncontext.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40980",
"url": "https://www.suse.com/security/cve/CVE-2024-40980"
},
{
"category": "external",
"summary": "SUSE Bug 1227937 for CVE-2024-40980",
"url": "https://bugzilla.suse.com/1227937"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-40980"
},
{
"cve": "CVE-2024-41005",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41005"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetpoll: Fix race condition in netpoll_owner_active\n\nKCSAN detected a race condition in netpoll:\n\n\tBUG: KCSAN: data-race in net_rx_action / netpoll_send_skb\n\twrite (marked) to 0xffff8881164168b0 of 4 bytes by interrupt on cpu 10:\n\tnet_rx_action (./include/linux/netpoll.h:90 net/core/dev.c:6712 net/core/dev.c:6822)\n\u003csnip\u003e\n\tread to 0xffff8881164168b0 of 4 bytes by task 1 on cpu 2:\n\tnetpoll_send_skb (net/core/netpoll.c:319 net/core/netpoll.c:345 net/core/netpoll.c:393)\n\tnetpoll_send_udp (net/core/netpoll.c:?)\n\u003csnip\u003e\n\tvalue changed: 0x0000000a -\u003e 0xffffffff\n\nThis happens because netpoll_owner_active() needs to check if the\ncurrent CPU is the owner of the lock, touching napi-\u003epoll_owner\nnon atomically. The -\u003epoll_owner field contains the current CPU holding\nthe lock.\n\nUse an atomic read to check if the poll owner is the current CPU.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41005",
"url": "https://www.suse.com/security/cve/CVE-2024-41005"
},
{
"category": "external",
"summary": "SUSE Bug 1227858 for CVE-2024-41005",
"url": "https://bugzilla.suse.com/1227858"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-41005"
},
{
"cve": "CVE-2024-41055",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41055"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: prevent derefencing NULL ptr in pfn_section_valid()\n\nCommit 5ec8e8ea8b77 (\"mm/sparsemem: fix race in accessing\nmemory_section-\u003eusage\") changed pfn_section_valid() to add a READ_ONCE()\ncall around \"ms-\u003eusage\" to fix a race with section_deactivate() where\nms-\u003eusage can be cleared. The READ_ONCE() call, by itself, is not enough\nto prevent NULL pointer dereference. We need to check its value before\ndereferencing it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41055",
"url": "https://www.suse.com/security/cve/CVE-2024-41055"
},
{
"category": "external",
"summary": "SUSE Bug 1228521 for CVE-2024-41055",
"url": "https://bugzilla.suse.com/1228521"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-41055"
},
{
"cve": "CVE-2024-41077",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41077"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnull_blk: fix validation of block size\n\nBlock size should be between 512 and PAGE_SIZE and be a power of 2. The current\ncheck does not validate this, so update the check.\n\nWithout this patch, null_blk would Oops due to a null pointer deref when\nloaded with bs=1536 [1].\n\n\n[axboe: remove unnecessary braces and != 0 check]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41077",
"url": "https://www.suse.com/security/cve/CVE-2024-41077"
},
{
"category": "external",
"summary": "SUSE Bug 1228653 for CVE-2024-41077",
"url": "https://bugzilla.suse.com/1228653"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-41077"
},
{
"cve": "CVE-2024-41149",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41149"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: avoid to reuse `hctx` not removed from cpuhp callback list\n\nIf the \u0027hctx\u0027 isn\u0027t removed from cpuhp callback list, we can\u0027t reuse it,\notherwise use-after-free may be triggered.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41149",
"url": "https://www.suse.com/security/cve/CVE-2024-41149"
},
{
"category": "external",
"summary": "SUSE Bug 1235698 for CVE-2024-41149",
"url": "https://bugzilla.suse.com/1235698"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-41149"
},
{
"cve": "CVE-2024-42307",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42307"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: fix potential null pointer use in destroy_workqueue in init_cifs error path\n\nDan Carpenter reported a Smack static checker warning:\n fs/smb/client/cifsfs.c:1981 init_cifs()\n error: we previously assumed \u0027serverclose_wq\u0027 could be null (see line 1895)\n\nThe patch which introduced the serverclose workqueue used the wrong\noredering in error paths in init_cifs() for freeing it on errors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42307",
"url": "https://www.suse.com/security/cve/CVE-2024-42307"
},
{
"category": "external",
"summary": "SUSE Bug 1229361 for CVE-2024-42307",
"url": "https://bugzilla.suse.com/1229361"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-42307"
},
{
"cve": "CVE-2024-43820",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43820"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm-raid: Fix WARN_ON_ONCE check for sync_thread in raid_resume\n\nrm-raid devices will occasionally trigger the following warning when\nbeing resumed after a table load because DM_RECOVERY_RUNNING is set:\n\nWARNING: CPU: 7 PID: 5660 at drivers/md/dm-raid.c:4105 raid_resume+0xee/0x100 [dm_raid]\n\nThe failing check is:\nWARN_ON_ONCE(test_bit(MD_RECOVERY_RUNNING, \u0026mddev-\u003erecovery));\n\nThis check is designed to make sure that the sync thread isn\u0027t\nregistered, but md_check_recovery can set MD_RECOVERY_RUNNING without\nthe sync_thread ever getting registered. Instead of checking if\nMD_RECOVERY_RUNNING is set, check if sync_thread is non-NULL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43820",
"url": "https://www.suse.com/security/cve/CVE-2024-43820"
},
{
"category": "external",
"summary": "SUSE Bug 1229311 for CVE-2024-43820",
"url": "https://bugzilla.suse.com/1229311"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-43820"
},
{
"cve": "CVE-2024-44974",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-44974"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: avoid possible UaF when selecting endp\n\nselect_local_address() and select_signal_address() both select an\nendpoint entry from the list inside an RCU protected section, but return\na reference to it, to be read later on. If the entry is dereferenced\nafter the RCU unlock, reading info could cause a Use-after-Free.\n\nA simple solution is to copy the required info while inside the RCU\nprotected section to avoid any risk of UaF later. The address ID might\nneed to be modified later to handle the ID0 case later, so a copy seems\nOK to deal with.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-44974",
"url": "https://www.suse.com/security/cve/CVE-2024-44974"
},
{
"category": "external",
"summary": "SUSE Bug 1230235 for CVE-2024-44974",
"url": "https://bugzilla.suse.com/1230235"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-44974"
},
{
"cve": "CVE-2024-45009",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45009"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: only decrement add_addr_accepted for MPJ req\n\nAdding the following warning ...\n\n WARN_ON_ONCE(msk-\u003epm.add_addr_accepted == 0)\n\n... before decrementing the add_addr_accepted counter helped to find a\nbug when running the \"remove single subflow\" subtest from the\nmptcp_join.sh selftest.\n\nRemoving a \u0027subflow\u0027 endpoint will first trigger a RM_ADDR, then the\nsubflow closure. Before this patch, and upon the reception of the\nRM_ADDR, the other peer will then try to decrement this\nadd_addr_accepted. That\u0027s not correct because the attached subflows have\nnot been created upon the reception of an ADD_ADDR.\n\nA way to solve that is to decrement the counter only if the attached\nsubflow was an MP_JOIN to a remote id that was not 0, and initiated by\nthe host receiving the RM_ADDR.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45009",
"url": "https://www.suse.com/security/cve/CVE-2024-45009"
},
{
"category": "external",
"summary": "SUSE Bug 1230438 for CVE-2024-45009",
"url": "https://bugzilla.suse.com/1230438"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-45009"
},
{
"cve": "CVE-2024-45010",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45010"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: only mark \u0027subflow\u0027 endp as available\n\nAdding the following warning ...\n\n WARN_ON_ONCE(msk-\u003epm.local_addr_used == 0)\n\n... before decrementing the local_addr_used counter helped to find a bug\nwhen running the \"remove single address\" subtest from the mptcp_join.sh\nselftests.\n\nRemoving a \u0027signal\u0027 endpoint will trigger the removal of all subflows\nlinked to this endpoint via mptcp_pm_nl_rm_addr_or_subflow() with\nrm_type == MPTCP_MIB_RMSUBFLOW. This will decrement the local_addr_used\ncounter, which is wrong in this case because this counter is linked to\n\u0027subflow\u0027 endpoints, and here it is a \u0027signal\u0027 endpoint that is being\nremoved.\n\nNow, the counter is decremented, only if the ID is being used outside\nof mptcp_pm_nl_rm_addr_or_subflow(), only for \u0027subflow\u0027 endpoints, and\nif the ID is not 0 -- local_addr_used is not taking into account these\nones. This marking of the ID as being available, and the decrement is\ndone no matter if a subflow using this ID is currently available,\nbecause the subflow could have been closed before.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45010",
"url": "https://www.suse.com/security/cve/CVE-2024-45010"
},
{
"category": "external",
"summary": "SUSE Bug 1230439 for CVE-2024-45010",
"url": "https://bugzilla.suse.com/1230439"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-45010"
},
{
"cve": "CVE-2024-46736",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46736"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix double put of @cfile in smb2_rename_path()\n\nIf smb2_set_path_attr() is called with a valid @cfile and returned\n-EINVAL, we need to call cifs_get_writable_path() again as the\nreference of @cfile was already dropped by previous smb2_compound_op()\ncall.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46736",
"url": "https://www.suse.com/security/cve/CVE-2024-46736"
},
{
"category": "external",
"summary": "SUSE Bug 1230728 for CVE-2024-46736",
"url": "https://bugzilla.suse.com/1230728"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-46736"
},
{
"cve": "CVE-2024-46782",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46782"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nila: call nf_unregister_net_hooks() sooner\n\nsyzbot found an use-after-free Read in ila_nf_input [1]\n\nIssue here is that ila_xlat_exit_net() frees the rhashtable,\nthen call nf_unregister_net_hooks().\n\nIt should be done in the reverse way, with a synchronize_rcu().\n\nThis is a good match for a pre_exit() method.\n\n[1]\n BUG: KASAN: use-after-free in rht_key_hashfn include/linux/rhashtable.h:159 [inline]\n BUG: KASAN: use-after-free in __rhashtable_lookup include/linux/rhashtable.h:604 [inline]\n BUG: KASAN: use-after-free in rhashtable_lookup include/linux/rhashtable.h:646 [inline]\n BUG: KASAN: use-after-free in rhashtable_lookup_fast+0x77a/0x9b0 include/linux/rhashtable.h:672\nRead of size 4 at addr ffff888064620008 by task ksoftirqd/0/16\n\nCPU: 0 UID: 0 PID: 16 Comm: ksoftirqd/0 Not tainted 6.11.0-rc4-syzkaller-00238-g2ad6d23f465a #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:93 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:488\n kasan_report+0x143/0x180 mm/kasan/report.c:601\n rht_key_hashfn include/linux/rhashtable.h:159 [inline]\n __rhashtable_lookup include/linux/rhashtable.h:604 [inline]\n rhashtable_lookup include/linux/rhashtable.h:646 [inline]\n rhashtable_lookup_fast+0x77a/0x9b0 include/linux/rhashtable.h:672\n ila_lookup_wildcards net/ipv6/ila/ila_xlat.c:132 [inline]\n ila_xlat_addr net/ipv6/ila/ila_xlat.c:652 [inline]\n ila_nf_input+0x1fe/0x3c0 net/ipv6/ila/ila_xlat.c:190\n nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]\n nf_hook_slow+0xc3/0x220 net/netfilter/core.c:626\n nf_hook include/linux/netfilter.h:269 [inline]\n NF_HOOK+0x29e/0x450 include/linux/netfilter.h:312\n __netif_receive_skb_one_core net/core/dev.c:5661 [inline]\n __netif_receive_skb+0x1ea/0x650 net/core/dev.c:5775\n process_backlog+0x662/0x15b0 net/core/dev.c:6108\n __napi_poll+0xcb/0x490 net/core/dev.c:6772\n napi_poll net/core/dev.c:6841 [inline]\n net_rx_action+0x89b/0x1240 net/core/dev.c:6963\n handle_softirqs+0x2c4/0x970 kernel/softirq.c:554\n run_ksoftirqd+0xca/0x130 kernel/softirq.c:928\n smpboot_thread_fn+0x544/0xa30 kernel/smpboot.c:164\n kthread+0x2f0/0x390 kernel/kthread.c:389\n ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n \u003c/TASK\u003e\n\nThe buggy address belongs to the physical page:\npage: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x64620\nflags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)\npage_type: 0xbfffffff(buddy)\nraw: 00fff00000000000 ffffea0000959608 ffffea00019d9408 0000000000000000\nraw: 0000000000000000 0000000000000003 00000000bfffffff 0000000000000000\npage dumped because: kasan: bad access detected\npage_owner tracks the page as freed\npage last allocated via order 3, migratetype Unmovable, gfp_mask 0x52dc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_ZERO), pid 5242, tgid 5242 (syz-executor), ts 73611328570, free_ts 618981657187\n set_page_owner include/linux/page_owner.h:32 [inline]\n post_alloc_hook+0x1f3/0x230 mm/page_alloc.c:1493\n prep_new_page mm/page_alloc.c:1501 [inline]\n get_page_from_freelist+0x2e4c/0x2f10 mm/page_alloc.c:3439\n __alloc_pages_noprof+0x256/0x6c0 mm/page_alloc.c:4695\n __alloc_pages_node_noprof include/linux/gfp.h:269 [inline]\n alloc_pages_node_noprof include/linux/gfp.h:296 [inline]\n ___kmalloc_large_node+0x8b/0x1d0 mm/slub.c:4103\n __kmalloc_large_node_noprof+0x1a/0x80 mm/slub.c:4130\n __do_kmalloc_node mm/slub.c:4146 [inline]\n __kmalloc_node_noprof+0x2d2/0x440 mm/slub.c:4164\n __kvmalloc_node_noprof+0x72/0x190 mm/util.c:650\n bucket_table_alloc lib/rhashtable.c:186 [inline]\n rhashtable_init_noprof+0x534/0xa60 lib/rhashtable.c:1071\n ila_xlat_init_net+0xa0/0x110 net/ipv6/ila/ila_xlat.c:613\n ops_ini\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46782",
"url": "https://www.suse.com/security/cve/CVE-2024-46782"
},
{
"category": "external",
"summary": "SUSE Bug 1230769 for CVE-2024-46782",
"url": "https://bugzilla.suse.com/1230769"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-46782"
},
{
"cve": "CVE-2024-46796",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46796"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix double put of @cfile in smb2_set_path_size()\n\nIf smb2_compound_op() is called with a valid @cfile and returned\n-EINVAL, we need to call cifs_get_writable_path() before retrying it\nas the reference of @cfile was already dropped by previous call.\n\nThis fixes the following KASAN splat when running fstests generic/013\nagainst Windows Server 2022:\n\n CIFS: Attempting to mount //w22-fs0/scratch\n run fstests generic/013 at 2024-09-02 19:48:59\n ==================================================================\n BUG: KASAN: slab-use-after-free in detach_if_pending+0xab/0x200\n Write of size 8 at addr ffff88811f1a3730 by task kworker/3:2/176\n\n CPU: 3 UID: 0 PID: 176 Comm: kworker/3:2 Not tainted 6.11.0-rc6 #2\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-2.fc40\n 04/01/2014\n Workqueue: cifsoplockd cifs_oplock_break [cifs]\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x5d/0x80\n ? detach_if_pending+0xab/0x200\n print_report+0x156/0x4d9\n ? detach_if_pending+0xab/0x200\n ? __virt_addr_valid+0x145/0x300\n ? __phys_addr+0x46/0x90\n ? detach_if_pending+0xab/0x200\n kasan_report+0xda/0x110\n ? detach_if_pending+0xab/0x200\n detach_if_pending+0xab/0x200\n timer_delete+0x96/0xe0\n ? __pfx_timer_delete+0x10/0x10\n ? rcu_is_watching+0x20/0x50\n try_to_grab_pending+0x46/0x3b0\n __cancel_work+0x89/0x1b0\n ? __pfx___cancel_work+0x10/0x10\n ? kasan_save_track+0x14/0x30\n cifs_close_deferred_file+0x110/0x2c0 [cifs]\n ? __pfx_cifs_close_deferred_file+0x10/0x10 [cifs]\n ? __pfx_down_read+0x10/0x10\n cifs_oplock_break+0x4c1/0xa50 [cifs]\n ? __pfx_cifs_oplock_break+0x10/0x10 [cifs]\n ? lock_is_held_type+0x85/0xf0\n ? mark_held_locks+0x1a/0x90\n process_one_work+0x4c6/0x9f0\n ? find_held_lock+0x8a/0xa0\n ? __pfx_process_one_work+0x10/0x10\n ? lock_acquired+0x220/0x550\n ? __list_add_valid_or_report+0x37/0x100\n worker_thread+0x2e4/0x570\n ? __kthread_parkme+0xd1/0xf0\n ? __pfx_worker_thread+0x10/0x10\n kthread+0x17f/0x1c0\n ? kthread+0xda/0x1c0\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x31/0x60\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n\n Allocated by task 1118:\n kasan_save_stack+0x30/0x50\n kasan_save_track+0x14/0x30\n __kasan_kmalloc+0xaa/0xb0\n cifs_new_fileinfo+0xc8/0x9d0 [cifs]\n cifs_atomic_open+0x467/0x770 [cifs]\n lookup_open.isra.0+0x665/0x8b0\n path_openat+0x4c3/0x1380\n do_filp_open+0x167/0x270\n do_sys_openat2+0x129/0x160\n __x64_sys_creat+0xad/0xe0\n do_syscall_64+0xbb/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\n Freed by task 83:\n kasan_save_stack+0x30/0x50\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3b/0x70\n poison_slab_object+0xe9/0x160\n __kasan_slab_free+0x32/0x50\n kfree+0xf2/0x300\n process_one_work+0x4c6/0x9f0\n worker_thread+0x2e4/0x570\n kthread+0x17f/0x1c0\n ret_from_fork+0x31/0x60\n ret_from_fork_asm+0x1a/0x30\n\n Last potentially related work creation:\n kasan_save_stack+0x30/0x50\n __kasan_record_aux_stack+0xad/0xc0\n insert_work+0x29/0xe0\n __queue_work+0x5ea/0x760\n queue_work_on+0x6d/0x90\n _cifsFileInfo_put+0x3f6/0x770 [cifs]\n smb2_compound_op+0x911/0x3940 [cifs]\n smb2_set_path_size+0x228/0x270 [cifs]\n cifs_set_file_size+0x197/0x460 [cifs]\n cifs_setattr+0xd9c/0x14b0 [cifs]\n notify_change+0x4e3/0x740\n do_truncate+0xfa/0x180\n vfs_truncate+0x195/0x200\n __x64_sys_truncate+0x109/0x150\n do_syscall_64+0xbb/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46796",
"url": "https://www.suse.com/security/cve/CVE-2024-46796"
},
{
"category": "external",
"summary": "SUSE Bug 1230832 for CVE-2024-46796",
"url": "https://bugzilla.suse.com/1230832"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-46796"
},
{
"cve": "CVE-2024-46858",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46858"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: Fix uaf in __timer_delete_sync\n\nThere are two paths to access mptcp_pm_del_add_timer, result in a race\ncondition:\n\n CPU1\t\t\t\tCPU2\n ==== ====\n net_rx_action\n napi_poll netlink_sendmsg\n __napi_poll netlink_unicast\n process_backlog netlink_unicast_kernel\n __netif_receive_skb genl_rcv\n __netif_receive_skb_one_core netlink_rcv_skb\n NF_HOOK genl_rcv_msg\n ip_local_deliver_finish genl_family_rcv_msg\n ip_protocol_deliver_rcu genl_family_rcv_msg_doit\n tcp_v4_rcv mptcp_pm_nl_flush_addrs_doit\n tcp_v4_do_rcv mptcp_nl_remove_addrs_list\n tcp_rcv_established mptcp_pm_remove_addrs_and_subflows\n tcp_data_queue remove_anno_list_by_saddr\n mptcp_incoming_options mptcp_pm_del_add_timer\n mptcp_pm_del_add_timer kfree(entry)\n\nIn remove_anno_list_by_saddr(running on CPU2), after leaving the critical\nzone protected by \"pm.lock\", the entry will be released, which leads to the\noccurrence of uaf in the mptcp_pm_del_add_timer(running on CPU1).\n\nKeeping a reference to add_timer inside the lock, and calling\nsk_stop_timer_sync() with this reference, instead of \"entry-\u003eadd_timer\".\n\nMove list_del(\u0026entry-\u003elist) to mptcp_pm_del_add_timer and inside the pm lock,\ndo not directly access any members of the entry outside the pm lock, which\ncan avoid similar \"entry-\u003ex\" uaf.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46858",
"url": "https://www.suse.com/security/cve/CVE-2024-46858"
},
{
"category": "external",
"summary": "SUSE Bug 1231088 for CVE-2024-46858",
"url": "https://bugzilla.suse.com/1231088"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-46858"
},
{
"cve": "CVE-2024-47408",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47408"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: check smcd_v2_ext_offset when receiving proposal msg\n\nWhen receiving proposal msg in server, the field smcd_v2_ext_offset in\nproposal msg is from the remote client and can not be fully trusted.\nOnce the value of smcd_v2_ext_offset exceed the max value, there has\nthe chance to access wrong address, and crash may happen.\n\nThis patch checks the value of smcd_v2_ext_offset before using it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47408",
"url": "https://www.suse.com/security/cve/CVE-2024-47408"
},
{
"category": "external",
"summary": "SUSE Bug 1235711 for CVE-2024-47408",
"url": "https://bugzilla.suse.com/1235711"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-47408"
},
{
"cve": "CVE-2024-47701",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47701"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: avoid OOB when system.data xattr changes underneath the filesystem\n\nWhen looking up for an entry in an inlined directory, if e_value_offs is\nchanged underneath the filesystem by some change in the block device, it\nwill lead to an out-of-bounds access that KASAN detects as an UAF.\n\nEXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.\nloop0: detected capacity change from 2048 to 2047\n==================================================================\nBUG: KASAN: use-after-free in ext4_search_dir+0xf2/0x1c0 fs/ext4/namei.c:1500\nRead of size 1 at addr ffff88803e91130f by task syz-executor269/5103\n\nCPU: 0 UID: 0 PID: 5103 Comm: syz-executor269 Not tainted 6.11.0-rc4-syzkaller #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:93 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:488\n kasan_report+0x143/0x180 mm/kasan/report.c:601\n ext4_search_dir+0xf2/0x1c0 fs/ext4/namei.c:1500\n ext4_find_inline_entry+0x4be/0x5e0 fs/ext4/inline.c:1697\n __ext4_find_entry+0x2b4/0x1b30 fs/ext4/namei.c:1573\n ext4_lookup_entry fs/ext4/namei.c:1727 [inline]\n ext4_lookup+0x15f/0x750 fs/ext4/namei.c:1795\n lookup_one_qstr_excl+0x11f/0x260 fs/namei.c:1633\n filename_create+0x297/0x540 fs/namei.c:3980\n do_symlinkat+0xf9/0x3a0 fs/namei.c:4587\n __do_sys_symlinkat fs/namei.c:4610 [inline]\n __se_sys_symlinkat fs/namei.c:4607 [inline]\n __x64_sys_symlinkat+0x95/0xb0 fs/namei.c:4607\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f3e73ced469\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007fff4d40c258 EFLAGS: 00000246 ORIG_RAX: 000000000000010a\nRAX: ffffffffffffffda RBX: 0032656c69662f2e RCX: 00007f3e73ced469\nRDX: 0000000020000200 RSI: 00000000ffffff9c RDI: 00000000200001c0\nRBP: 0000000000000000 R08: 00007fff4d40c290 R09: 00007fff4d40c290\nR10: 0023706f6f6c2f76 R11: 0000000000000246 R12: 00007fff4d40c27c\nR13: 0000000000000003 R14: 431bde82d7b634db R15: 00007fff4d40c2b0\n \u003c/TASK\u003e\n\nCalling ext4_xattr_ibody_find right after reading the inode with\next4_get_inode_loc will lead to a check of the validity of the xattrs,\navoiding this problem.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47701",
"url": "https://www.suse.com/security/cve/CVE-2024-47701"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-47701",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "external",
"summary": "SUSE Bug 1231920 for CVE-2024-47701",
"url": "https://bugzilla.suse.com/1231920"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-47701"
},
{
"cve": "CVE-2024-47794",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47794"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Prevent tailcall infinite loop caused by freplace\n\nThere is a potential infinite loop issue that can occur when using a\ncombination of tail calls and freplace.\n\nIn an upcoming selftest, the attach target for entry_freplace of\ntailcall_freplace.c is subprog_tc of tc_bpf2bpf.c, while the tail call in\nentry_freplace leads to entry_tc. This results in an infinite loop:\n\nentry_tc -\u003e subprog_tc -\u003e entry_freplace --tailcall-\u003e entry_tc.\n\nThe problem arises because the tail_call_cnt in entry_freplace resets to\nzero each time entry_freplace is executed, causing the tail call mechanism\nto never terminate, eventually leading to a kernel panic.\n\nTo fix this issue, the solution is twofold:\n\n1. Prevent updating a program extended by an freplace program to a\n prog_array map.\n2. Prevent extending a program that is already part of a prog_array map\n with an freplace program.\n\nThis ensures that:\n\n* If a program or its subprogram has been extended by an freplace program,\n it can no longer be updated to a prog_array map.\n* If a program has been added to a prog_array map, neither it nor its\n subprograms can be extended by an freplace program.\n\nMoreover, an extension program should not be tailcalled. As such, return\n-EINVAL if the program has a type of BPF_PROG_TYPE_EXT when adding it to a\nprog_array map.\n\nAdditionally, fix a minor code style issue by replacing eight spaces with a\ntab for proper formatting.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47794",
"url": "https://www.suse.com/security/cve/CVE-2024-47794"
},
{
"category": "external",
"summary": "SUSE Bug 1235712 for CVE-2024-47794",
"url": "https://bugzilla.suse.com/1235712"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-47794"
},
{
"cve": "CVE-2024-49571",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49571"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: check iparea_offset and ipv6_prefixes_cnt when receiving proposal msg\n\nWhen receiving proposal msg in server, the field iparea_offset\nand the field ipv6_prefixes_cnt in proposal msg are from the\nremote client and can not be fully trusted. Especially the\nfield iparea_offset, once exceed the max value, there has the\nchance to access wrong address, and crash may happen.\n\nThis patch checks iparea_offset and ipv6_prefixes_cnt before using them.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49571",
"url": "https://www.suse.com/security/cve/CVE-2024-49571"
},
{
"category": "external",
"summary": "SUSE Bug 1235733 for CVE-2024-49571",
"url": "https://bugzilla.suse.com/1235733"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-49571"
},
{
"cve": "CVE-2024-49884",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49884"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix slab-use-after-free in ext4_split_extent_at()\n\nWe hit the following use-after-free:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in ext4_split_extent_at+0xba8/0xcc0\nRead of size 2 at addr ffff88810548ed08 by task kworker/u20:0/40\nCPU: 0 PID: 40 Comm: kworker/u20:0 Not tainted 6.9.0-dirty #724\nCall Trace:\n \u003cTASK\u003e\n kasan_report+0x93/0xc0\n ext4_split_extent_at+0xba8/0xcc0\n ext4_split_extent.isra.0+0x18f/0x500\n ext4_split_convert_extents+0x275/0x750\n ext4_ext_handle_unwritten_extents+0x73e/0x1580\n ext4_ext_map_blocks+0xe20/0x2dc0\n ext4_map_blocks+0x724/0x1700\n ext4_do_writepages+0x12d6/0x2a70\n[...]\n\nAllocated by task 40:\n __kmalloc_noprof+0x1ac/0x480\n ext4_find_extent+0xf3b/0x1e70\n ext4_ext_map_blocks+0x188/0x2dc0\n ext4_map_blocks+0x724/0x1700\n ext4_do_writepages+0x12d6/0x2a70\n[...]\n\nFreed by task 40:\n kfree+0xf1/0x2b0\n ext4_find_extent+0xa71/0x1e70\n ext4_ext_insert_extent+0xa22/0x3260\n ext4_split_extent_at+0x3ef/0xcc0\n ext4_split_extent.isra.0+0x18f/0x500\n ext4_split_convert_extents+0x275/0x750\n ext4_ext_handle_unwritten_extents+0x73e/0x1580\n ext4_ext_map_blocks+0xe20/0x2dc0\n ext4_map_blocks+0x724/0x1700\n ext4_do_writepages+0x12d6/0x2a70\n[...]\n==================================================================\n\nThe flow of issue triggering is as follows:\n\next4_split_extent_at\n path = *ppath\n ext4_ext_insert_extent(ppath)\n ext4_ext_create_new_leaf(ppath)\n ext4_find_extent(orig_path)\n path = *orig_path\n read_extent_tree_block\n // return -ENOMEM or -EIO\n ext4_free_ext_path(path)\n kfree(path)\n *orig_path = NULL\n a. If err is -ENOMEM:\n ext4_ext_dirty(path + path-\u003ep_depth)\n // path use-after-free !!!\n b. If err is -EIO and we have EXT_DEBUG defined:\n ext4_ext_show_leaf(path)\n eh = path[depth].p_hdr\n // path also use-after-free !!!\n\nSo when trying to zeroout or fix the extent length, call ext4_find_extent()\nto update the path.\n\nIn addition we use *ppath directly as an ext4_ext_show_leaf() input to\navoid possible use-after-free when EXT_DEBUG is defined, and to avoid\nunnecessary path updates.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49884",
"url": "https://www.suse.com/security/cve/CVE-2024-49884"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-49884",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "external",
"summary": "SUSE Bug 1232198 for CVE-2024-49884",
"url": "https://bugzilla.suse.com/1232198"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-49884"
},
{
"cve": "CVE-2024-49924",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49924"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: pxafb: Fix possible use after free in pxafb_task()\n\nIn the pxafb_probe function, it calls the pxafb_init_fbinfo function,\nafter which \u0026fbi-\u003etask is associated with pxafb_task. Moreover,\nwithin this pxafb_init_fbinfo function, the pxafb_blank function\nwithin the \u0026pxafb_ops struct is capable of scheduling work.\n\nIf we remove the module which will call pxafb_remove to make cleanup,\nit will call unregister_framebuffer function which can call\ndo_unregister_framebuffer to free fbi-\u003efb through\nput_fb_info(fb_info), while the work mentioned above will be used.\nThe sequence of operations that may lead to a UAF bug is as follows:\n\nCPU0 CPU1\n\n | pxafb_task\npxafb_remove |\nunregister_framebuffer(info) |\ndo_unregister_framebuffer(fb_info) |\nput_fb_info(fb_info) |\n// free fbi-\u003efb | set_ctrlr_state(fbi, state)\n | __pxafb_lcd_power(fbi, 0)\n | fbi-\u003elcd_power(on, \u0026fbi-\u003efb.var)\n | //use fbi-\u003efb\n\nFix it by ensuring that the work is canceled before proceeding\nwith the cleanup in pxafb_remove.\n\nNote that only root user can remove the driver at runtime.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49924",
"url": "https://www.suse.com/security/cve/CVE-2024-49924"
},
{
"category": "external",
"summary": "SUSE Bug 1232364 for CVE-2024-49924",
"url": "https://bugzilla.suse.com/1232364"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-49924"
},
{
"cve": "CVE-2024-49940",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49940"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nl2tp: prevent possible tunnel refcount underflow\n\nWhen a session is created, it sets a backpointer to its tunnel. When\nthe session refcount drops to 0, l2tp_session_free drops the tunnel\nrefcount if session-\u003etunnel is non-NULL. However, session-\u003etunnel is\nset in l2tp_session_create, before the tunnel refcount is incremented\nby l2tp_session_register, which leaves a small window where\nsession-\u003etunnel is non-NULL when the tunnel refcount hasn\u0027t been\nbumped.\n\nMoving the assignment to l2tp_session_register is trivial but\nl2tp_session_create calls l2tp_session_set_header_len which uses\nsession-\u003etunnel to get the tunnel\u0027s encap. Add an encap arg to\nl2tp_session_set_header_len to avoid using session-\u003etunnel.\n\nIf l2tpv3 sessions have colliding IDs, it is possible for\nl2tp_v3_session_get to race with l2tp_session_register and fetch a\nsession which doesn\u0027t yet have session-\u003etunnel set. Add a check for\nthis case.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49940",
"url": "https://www.suse.com/security/cve/CVE-2024-49940"
},
{
"category": "external",
"summary": "SUSE Bug 1232812 for CVE-2024-49940",
"url": "https://bugzilla.suse.com/1232812"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-49940"
},
{
"cve": "CVE-2024-49950",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49950"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: Fix uaf in l2cap_connect\n\n[Syzbot reported]\nBUG: KASAN: slab-use-after-free in l2cap_connect.constprop.0+0x10d8/0x1270 net/bluetooth/l2cap_core.c:3949\nRead of size 8 at addr ffff8880241e9800 by task kworker/u9:0/54\n\nCPU: 0 UID: 0 PID: 54 Comm: kworker/u9:0 Not tainted 6.11.0-rc6-syzkaller-00268-g788220eee30d #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024\nWorkqueue: hci2 hci_rx_work\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:93 [inline]\n dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:119\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0xc3/0x620 mm/kasan/report.c:488\n kasan_report+0xd9/0x110 mm/kasan/report.c:601\n l2cap_connect.constprop.0+0x10d8/0x1270 net/bluetooth/l2cap_core.c:3949\n l2cap_connect_req net/bluetooth/l2cap_core.c:4080 [inline]\n l2cap_bredr_sig_cmd net/bluetooth/l2cap_core.c:4772 [inline]\n l2cap_sig_channel net/bluetooth/l2cap_core.c:5543 [inline]\n l2cap_recv_frame+0xf0b/0x8eb0 net/bluetooth/l2cap_core.c:6825\n l2cap_recv_acldata+0x9b4/0xb70 net/bluetooth/l2cap_core.c:7514\n hci_acldata_packet net/bluetooth/hci_core.c:3791 [inline]\n hci_rx_work+0xaab/0x1610 net/bluetooth/hci_core.c:4028\n process_one_work+0x9c5/0x1b40 kernel/workqueue.c:3231\n process_scheduled_works kernel/workqueue.c:3312 [inline]\n worker_thread+0x6c8/0xed0 kernel/workqueue.c:3389\n kthread+0x2c1/0x3a0 kernel/kthread.c:389\n ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n...\n\nFreed by task 5245:\n kasan_save_stack+0x33/0x60 mm/kasan/common.c:47\n kasan_save_track+0x14/0x30 mm/kasan/common.c:68\n kasan_save_free_info+0x3b/0x60 mm/kasan/generic.c:579\n poison_slab_object+0xf7/0x160 mm/kasan/common.c:240\n __kasan_slab_free+0x32/0x50 mm/kasan/common.c:256\n kasan_slab_free include/linux/kasan.h:184 [inline]\n slab_free_hook mm/slub.c:2256 [inline]\n slab_free mm/slub.c:4477 [inline]\n kfree+0x12a/0x3b0 mm/slub.c:4598\n l2cap_conn_free net/bluetooth/l2cap_core.c:1810 [inline]\n kref_put include/linux/kref.h:65 [inline]\n l2cap_conn_put net/bluetooth/l2cap_core.c:1822 [inline]\n l2cap_conn_del+0x59d/0x730 net/bluetooth/l2cap_core.c:1802\n l2cap_connect_cfm+0x9e6/0xf80 net/bluetooth/l2cap_core.c:7241\n hci_connect_cfm include/net/bluetooth/hci_core.h:1960 [inline]\n hci_conn_failed+0x1c3/0x370 net/bluetooth/hci_conn.c:1265\n hci_abort_conn_sync+0x75a/0xb50 net/bluetooth/hci_sync.c:5583\n abort_conn_sync+0x197/0x360 net/bluetooth/hci_conn.c:2917\n hci_cmd_sync_work+0x1a4/0x410 net/bluetooth/hci_sync.c:328\n process_one_work+0x9c5/0x1b40 kernel/workqueue.c:3231\n process_scheduled_works kernel/workqueue.c:3312 [inline]\n worker_thread+0x6c8/0xed0 kernel/workqueue.c:3389\n kthread+0x2c1/0x3a0 kernel/kthread.c:389\n ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49950",
"url": "https://www.suse.com/security/cve/CVE-2024-49950"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-49950",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "external",
"summary": "SUSE Bug 1232159 for CVE-2024-49950",
"url": "https://bugzilla.suse.com/1232159"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-49950"
},
{
"cve": "CVE-2024-49994",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49994"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: fix integer overflow in BLKSECDISCARD\n\nI independently rediscovered\n\n\tcommit 22d24a544b0d49bbcbd61c8c0eaf77d3c9297155\n\tblock: fix overflow in blk_ioctl_discard()\n\nbut for secure erase.\n\nSame problem:\n\n\tuint64_t r[2] = {512, 18446744073709551104ULL};\n\tioctl(fd, BLKSECDISCARD, r);\n\nwill enter near infinite loop inside blkdev_issue_secure_erase():\n\n\ta.out: attempt to access beyond end of device\n\tloop0: rw=5, sector=3399043073, nr_sectors = 1024 limit=2048\n\tbio_check_eod: 3286214 callbacks suppressed",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49994",
"url": "https://www.suse.com/security/cve/CVE-2024-49994"
},
{
"category": "external",
"summary": "SUSE Bug 1237757 for CVE-2024-49994",
"url": "https://bugzilla.suse.com/1237757"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-49994"
},
{
"cve": "CVE-2024-50029",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50029"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_conn: Fix UAF in hci_enhanced_setup_sync\n\nThis checks if the ACL connection remains valid as it could be destroyed\nwhile hci_enhanced_setup_sync is pending on cmd_sync leading to the\nfollowing trace:\n\nBUG: KASAN: slab-use-after-free in hci_enhanced_setup_sync+0x91b/0xa60\nRead of size 1 at addr ffff888002328ffd by task kworker/u5:2/37\n\nCPU: 0 UID: 0 PID: 37 Comm: kworker/u5:2 Not tainted 6.11.0-rc6-01300-g810be445d8d6 #7099\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-2.fc40 04/01/2014\nWorkqueue: hci0 hci_cmd_sync_work\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x5d/0x80\n ? hci_enhanced_setup_sync+0x91b/0xa60\n print_report+0x152/0x4c0\n ? hci_enhanced_setup_sync+0x91b/0xa60\n ? __virt_addr_valid+0x1fa/0x420\n ? hci_enhanced_setup_sync+0x91b/0xa60\n kasan_report+0xda/0x1b0\n ? hci_enhanced_setup_sync+0x91b/0xa60\n hci_enhanced_setup_sync+0x91b/0xa60\n ? __pfx_hci_enhanced_setup_sync+0x10/0x10\n ? __pfx___mutex_lock+0x10/0x10\n hci_cmd_sync_work+0x1c2/0x330\n process_one_work+0x7d9/0x1360\n ? __pfx_lock_acquire+0x10/0x10\n ? __pfx_process_one_work+0x10/0x10\n ? assign_work+0x167/0x240\n worker_thread+0x5b7/0xf60\n ? __kthread_parkme+0xac/0x1c0\n ? __pfx_worker_thread+0x10/0x10\n ? __pfx_worker_thread+0x10/0x10\n kthread+0x293/0x360\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x2f/0x70\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n\nAllocated by task 34:\n kasan_save_stack+0x30/0x50\n kasan_save_track+0x14/0x30\n __kasan_kmalloc+0x8f/0xa0\n __hci_conn_add+0x187/0x17d0\n hci_connect_sco+0x2e1/0xb90\n sco_sock_connect+0x2a2/0xb80\n __sys_connect+0x227/0x2a0\n __x64_sys_connect+0x6d/0xb0\n do_syscall_64+0x71/0x140\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nFreed by task 37:\n kasan_save_stack+0x30/0x50\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3b/0x60\n __kasan_slab_free+0x101/0x160\n kfree+0xd0/0x250\n device_release+0x9a/0x210\n kobject_put+0x151/0x280\n hci_conn_del+0x448/0xbf0\n hci_abort_conn_sync+0x46f/0x980\n hci_cmd_sync_work+0x1c2/0x330\n process_one_work+0x7d9/0x1360\n worker_thread+0x5b7/0xf60\n kthread+0x293/0x360\n ret_from_fork+0x2f/0x70\n ret_from_fork_asm+0x1a/0x30",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50029",
"url": "https://www.suse.com/security/cve/CVE-2024-50029"
},
{
"category": "external",
"summary": "SUSE Bug 1231949 for CVE-2024-50029",
"url": "https://bugzilla.suse.com/1231949"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-50029"
},
{
"cve": "CVE-2024-50036",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50036"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: do not delay dst_entries_add() in dst_release()\n\ndst_entries_add() uses per-cpu data that might be freed at netns\ndismantle from ip6_route_net_exit() calling dst_entries_destroy()\n\nBefore ip6_route_net_exit() can be called, we release all\nthe dsts associated with this netns, via calls to dst_release(),\nwhich waits an rcu grace period before calling dst_destroy()\n\ndst_entries_add() use in dst_destroy() is racy, because\ndst_entries_destroy() could have been called already.\n\nDecrementing the number of dsts must happen sooner.\n\nNotes:\n\n1) in CONFIG_XFRM case, dst_destroy() can call\n dst_release_immediate(child), this might also cause UAF\n if the child does not have DST_NOCOUNT set.\n IPSEC maintainers might take a look and see how to address this.\n\n2) There is also discussion about removing this count of dst,\n which might happen in future kernels.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50036",
"url": "https://www.suse.com/security/cve/CVE-2024-50036"
},
{
"category": "external",
"summary": "SUSE Bug 1231912 for CVE-2024-50036",
"url": "https://bugzilla.suse.com/1231912"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-50036"
},
{
"cve": "CVE-2024-50038",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50038"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: xtables: avoid NFPROTO_UNSPEC where needed\n\nsyzbot managed to call xt_cluster match via ebtables:\n\n WARNING: CPU: 0 PID: 11 at net/netfilter/xt_cluster.c:72 xt_cluster_mt+0x196/0x780\n [..]\n ebt_do_table+0x174b/0x2a40\n\nModule registers to NFPROTO_UNSPEC, but it assumes ipv4/ipv6 packet\nprocessing. As this is only useful to restrict locally terminating\nTCP/UDP traffic, register this for ipv4 and ipv6 family only.\n\nPablo points out that this is a general issue, direct users of the\nset/getsockopt interface can call into targets/matches that were only\nintended for use with ip(6)tables.\n\nCheck all UNSPEC matches and targets for similar issues:\n\n- matches and targets are fine except if they assume skb_network_header()\n is valid -- this is only true when called from inet layer: ip(6) stack\n pulls the ip/ipv6 header into linear data area.\n- targets that return XT_CONTINUE or other xtables verdicts must be\n restricted too, they are incompatbile with the ebtables traverser, e.g.\n EBT_CONTINUE is a completely different value than XT_CONTINUE.\n\nMost matches/targets are changed to register for NFPROTO_IPV4/IPV6, as\nthey are provided for use by ip(6)tables.\n\nThe MARK target is also used by arptables, so register for NFPROTO_ARP too.\n\nWhile at it, bail out if connbytes fails to enable the corresponding\nconntrack family.\n\nThis change passes the selftests in iptables.git.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50038",
"url": "https://www.suse.com/security/cve/CVE-2024-50038"
},
{
"category": "external",
"summary": "SUSE Bug 1231910 for CVE-2024-50038",
"url": "https://bugzilla.suse.com/1231910"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-50038"
},
{
"cve": "CVE-2024-50056",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50056"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: uvc: Fix ERR_PTR dereference in uvc_v4l2.c\n\nFix potential dereferencing of ERR_PTR() in find_format_by_pix()\nand uvc_v4l2_enum_format().\n\nFix the following smatch errors:\n\ndrivers/usb/gadget/function/uvc_v4l2.c:124 find_format_by_pix()\nerror: \u0027fmtdesc\u0027 dereferencing possible ERR_PTR()\n\ndrivers/usb/gadget/function/uvc_v4l2.c:392 uvc_v4l2_enum_format()\nerror: \u0027fmtdesc\u0027 dereferencing possible ERR_PTR()\n\nAlso, fix similar issue in uvc_v4l2_try_format() for potential\ndereferencing of ERR_PTR().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50056",
"url": "https://www.suse.com/security/cve/CVE-2024-50056"
},
{
"category": "external",
"summary": "SUSE Bug 1232389 for CVE-2024-50056",
"url": "https://bugzilla.suse.com/1232389"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-50056"
},
{
"cve": "CVE-2024-50073",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50073"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: n_gsm: Fix use-after-free in gsm_cleanup_mux\n\nBUG: KASAN: slab-use-after-free in gsm_cleanup_mux+0x77b/0x7b0\ndrivers/tty/n_gsm.c:3160 [n_gsm]\nRead of size 8 at addr ffff88815fe99c00 by task poc/3379\nCPU: 0 UID: 0 PID: 3379 Comm: poc Not tainted 6.11.0+ #56\nHardware name: VMware, Inc. VMware Virtual Platform/440BX\nDesktop Reference Platform, BIOS 6.00 11/12/2020\nCall Trace:\n \u003cTASK\u003e\n gsm_cleanup_mux+0x77b/0x7b0 drivers/tty/n_gsm.c:3160 [n_gsm]\n __pfx_gsm_cleanup_mux+0x10/0x10 drivers/tty/n_gsm.c:3124 [n_gsm]\n __pfx_sched_clock_cpu+0x10/0x10 kernel/sched/clock.c:389\n update_load_avg+0x1c1/0x27b0 kernel/sched/fair.c:4500\n __pfx_min_vruntime_cb_rotate+0x10/0x10 kernel/sched/fair.c:846\n __rb_insert_augmented+0x492/0xbf0 lib/rbtree.c:161\n gsmld_ioctl+0x395/0x1450 drivers/tty/n_gsm.c:3408 [n_gsm]\n _raw_spin_lock_irqsave+0x92/0xf0 arch/x86/include/asm/atomic.h:107\n __pfx_gsmld_ioctl+0x10/0x10 drivers/tty/n_gsm.c:3822 [n_gsm]\n ktime_get+0x5e/0x140 kernel/time/timekeeping.c:195\n ldsem_down_read+0x94/0x4e0 arch/x86/include/asm/atomic64_64.h:79\n __pfx_ldsem_down_read+0x10/0x10 drivers/tty/tty_ldsem.c:338\n __pfx_do_vfs_ioctl+0x10/0x10 fs/ioctl.c:805\n tty_ioctl+0x643/0x1100 drivers/tty/tty_io.c:2818\n\nAllocated by task 65:\n gsm_data_alloc.constprop.0+0x27/0x190 drivers/tty/n_gsm.c:926 [n_gsm]\n gsm_send+0x2c/0x580 drivers/tty/n_gsm.c:819 [n_gsm]\n gsm1_receive+0x547/0xad0 drivers/tty/n_gsm.c:3038 [n_gsm]\n gsmld_receive_buf+0x176/0x280 drivers/tty/n_gsm.c:3609 [n_gsm]\n tty_ldisc_receive_buf+0x101/0x1e0 drivers/tty/tty_buffer.c:391\n tty_port_default_receive_buf+0x61/0xa0 drivers/tty/tty_port.c:39\n flush_to_ldisc+0x1b0/0x750 drivers/tty/tty_buffer.c:445\n process_scheduled_works+0x2b0/0x10d0 kernel/workqueue.c:3229\n worker_thread+0x3dc/0x950 kernel/workqueue.c:3391\n kthread+0x2a3/0x370 kernel/kthread.c:389\n ret_from_fork+0x2d/0x70 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:257\n\nFreed by task 3367:\n kfree+0x126/0x420 mm/slub.c:4580\n gsm_cleanup_mux+0x36c/0x7b0 drivers/tty/n_gsm.c:3160 [n_gsm]\n gsmld_ioctl+0x395/0x1450 drivers/tty/n_gsm.c:3408 [n_gsm]\n tty_ioctl+0x643/0x1100 drivers/tty/tty_io.c:2818\n\n[Analysis]\ngsm_msg on the tx_ctrl_list or tx_data_list of gsm_mux\ncan be freed by multi threads through ioctl,which leads\nto the occurrence of uaf. Protect it by gsm tx lock.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50073",
"url": "https://www.suse.com/security/cve/CVE-2024-50073"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-50073",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "external",
"summary": "SUSE Bug 1232520 for CVE-2024-50073",
"url": "https://bugzilla.suse.com/1232520"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2024-50073"
},
{
"cve": "CVE-2024-50085",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50085"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: fix UaF read in mptcp_pm_nl_rm_addr_or_subflow\n\nSyzkaller reported this splat:\n\n ==================================================================\n BUG: KASAN: slab-use-after-free in mptcp_pm_nl_rm_addr_or_subflow+0xb44/0xcc0 net/mptcp/pm_netlink.c:881\n Read of size 4 at addr ffff8880569ac858 by task syz.1.2799/14662\n\n CPU: 0 UID: 0 PID: 14662 Comm: syz.1.2799 Not tainted 6.12.0-rc2-syzkaller-00307-g36c254515dc6 #0\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\n Call Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0xc3/0x620 mm/kasan/report.c:488\n kasan_report+0xd9/0x110 mm/kasan/report.c:601\n mptcp_pm_nl_rm_addr_or_subflow+0xb44/0xcc0 net/mptcp/pm_netlink.c:881\n mptcp_pm_nl_rm_subflow_received net/mptcp/pm_netlink.c:914 [inline]\n mptcp_nl_remove_id_zero_address+0x305/0x4a0 net/mptcp/pm_netlink.c:1572\n mptcp_pm_nl_del_addr_doit+0x5c9/0x770 net/mptcp/pm_netlink.c:1603\n genl_family_rcv_msg_doit+0x202/0x2f0 net/netlink/genetlink.c:1115\n genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]\n genl_rcv_msg+0x565/0x800 net/netlink/genetlink.c:1210\n netlink_rcv_skb+0x165/0x410 net/netlink/af_netlink.c:2551\n genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219\n netlink_unicast_kernel net/netlink/af_netlink.c:1331 [inline]\n netlink_unicast+0x53c/0x7f0 net/netlink/af_netlink.c:1357\n netlink_sendmsg+0x8b8/0xd70 net/netlink/af_netlink.c:1901\n sock_sendmsg_nosec net/socket.c:729 [inline]\n __sock_sendmsg net/socket.c:744 [inline]\n ____sys_sendmsg+0x9ae/0xb40 net/socket.c:2607\n ___sys_sendmsg+0x135/0x1e0 net/socket.c:2661\n __sys_sendmsg+0x117/0x1f0 net/socket.c:2690\n do_syscall_32_irqs_on arch/x86/entry/common.c:165 [inline]\n __do_fast_syscall_32+0x73/0x120 arch/x86/entry/common.c:386\n do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411\n entry_SYSENTER_compat_after_hwframe+0x84/0x8e\n RIP: 0023:0xf7fe4579\n Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 \u003c5d\u003e 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00\n RSP: 002b:00000000f574556c EFLAGS: 00000296 ORIG_RAX: 0000000000000172\n RAX: ffffffffffffffda RBX: 000000000000000b RCX: 0000000020000140\n RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\n RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000\n R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000\n R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000\n \u003c/TASK\u003e\n\n Allocated by task 5387:\n kasan_save_stack+0x33/0x60 mm/kasan/common.c:47\n kasan_save_track+0x14/0x30 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0xaa/0xb0 mm/kasan/common.c:394\n kmalloc_noprof include/linux/slab.h:878 [inline]\n kzalloc_noprof include/linux/slab.h:1014 [inline]\n subflow_create_ctx+0x87/0x2a0 net/mptcp/subflow.c:1803\n subflow_ulp_init+0xc3/0x4d0 net/mptcp/subflow.c:1956\n __tcp_set_ulp net/ipv4/tcp_ulp.c:146 [inline]\n tcp_set_ulp+0x326/0x7f0 net/ipv4/tcp_ulp.c:167\n mptcp_subflow_create_socket+0x4ae/0x10a0 net/mptcp/subflow.c:1764\n __mptcp_subflow_connect+0x3cc/0x1490 net/mptcp/subflow.c:1592\n mptcp_pm_create_subflow_or_signal_addr+0xbda/0x23a0 net/mptcp/pm_netlink.c:642\n mptcp_pm_nl_fully_established net/mptcp/pm_netlink.c:650 [inline]\n mptcp_pm_nl_work+0x3a1/0x4f0 net/mptcp/pm_netlink.c:943\n mptcp_worker+0x15a/0x1240 net/mptcp/protocol.c:2777\n process_one_work+0x958/0x1b30 kernel/workqueue.c:3229\n process_scheduled_works kernel/workqueue.c:3310 [inline]\n worker_thread+0x6c8/0xf00 kernel/workqueue.c:3391\n kthread+0x2c1/0x3a0 kernel/kthread.c:389\n ret_from_fork+0x45/0x80 arch/x86/ke\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50085",
"url": "https://www.suse.com/security/cve/CVE-2024-50085"
},
{
"category": "external",
"summary": "SUSE Bug 1232508 for CVE-2024-50085",
"url": "https://bugzilla.suse.com/1232508"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-50085"
},
{
"cve": "CVE-2024-50115",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50115"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory\n\nIgnore nCR3[4:0] when loading PDPTEs from memory for nested SVM, as bits\n4:0 of CR3 are ignored when PAE paging is used, and thus VMRUN doesn\u0027t\nenforce 32-byte alignment of nCR3.\n\nIn the absolute worst case scenario, failure to ignore bits 4:0 can result\nin an out-of-bounds read, e.g. if the target page is at the end of a\nmemslot, and the VMM isn\u0027t using guard pages.\n\nPer the APM:\n\n The CR3 register points to the base address of the page-directory-pointer\n table. The page-directory-pointer table is aligned on a 32-byte boundary,\n with the low 5 address bits 4:0 assumed to be 0.\n\nAnd the SDM\u0027s much more explicit:\n\n 4:0 Ignored\n\nNote, KVM gets this right when loading PDPTRs, it\u0027s only the nSVM flow\nthat is broken.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50115",
"url": "https://www.suse.com/security/cve/CVE-2024-50115"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-50115",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "external",
"summary": "SUSE Bug 1232919 for CVE-2024-50115",
"url": "https://bugzilla.suse.com/1232919"
},
{
"category": "external",
"summary": "SUSE Bug 1233019 for CVE-2024-50115",
"url": "https://bugzilla.suse.com/1233019"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2024-50115"
},
{
"cve": "CVE-2024-50126",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50126"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sched: use RCU read-side critical section in taprio_dump()\n\nFix possible use-after-free in \u0027taprio_dump()\u0027 by adding RCU\nread-side critical section there. Never seen on x86 but\nfound on a KASAN-enabled arm64 system when investigating\nhttps://syzkaller.appspot.com/bug?extid=b65e0af58423fc8a73aa:\n\n[T15862] BUG: KASAN: slab-use-after-free in taprio_dump+0xa0c/0xbb0\n[T15862] Read of size 4 at addr ffff0000d4bb88f8 by task repro/15862\n[T15862]\n[T15862] CPU: 0 UID: 0 PID: 15862 Comm: repro Not tainted 6.11.0-rc1-00293-gdefaf1a2113a-dirty #2\n[T15862] Hardware name: QEMU QEMU Virtual Machine, BIOS edk2-20240524-5.fc40 05/24/2024\n[T15862] Call trace:\n[T15862] dump_backtrace+0x20c/0x220\n[T15862] show_stack+0x2c/0x40\n[T15862] dump_stack_lvl+0xf8/0x174\n[T15862] print_report+0x170/0x4d8\n[T15862] kasan_report+0xb8/0x1d4\n[T15862] __asan_report_load4_noabort+0x20/0x2c\n[T15862] taprio_dump+0xa0c/0xbb0\n[T15862] tc_fill_qdisc+0x540/0x1020\n[T15862] qdisc_notify.isra.0+0x330/0x3a0\n[T15862] tc_modify_qdisc+0x7b8/0x1838\n[T15862] rtnetlink_rcv_msg+0x3c8/0xc20\n[T15862] netlink_rcv_skb+0x1f8/0x3d4\n[T15862] rtnetlink_rcv+0x28/0x40\n[T15862] netlink_unicast+0x51c/0x790\n[T15862] netlink_sendmsg+0x79c/0xc20\n[T15862] __sock_sendmsg+0xe0/0x1a0\n[T15862] ____sys_sendmsg+0x6c0/0x840\n[T15862] ___sys_sendmsg+0x1ac/0x1f0\n[T15862] __sys_sendmsg+0x110/0x1d0\n[T15862] __arm64_sys_sendmsg+0x74/0xb0\n[T15862] invoke_syscall+0x88/0x2e0\n[T15862] el0_svc_common.constprop.0+0xe4/0x2a0\n[T15862] do_el0_svc+0x44/0x60\n[T15862] el0_svc+0x50/0x184\n[T15862] el0t_64_sync_handler+0x120/0x12c\n[T15862] el0t_64_sync+0x190/0x194\n[T15862]\n[T15862] Allocated by task 15857:\n[T15862] kasan_save_stack+0x3c/0x70\n[T15862] kasan_save_track+0x20/0x3c\n[T15862] kasan_save_alloc_info+0x40/0x60\n[T15862] __kasan_kmalloc+0xd4/0xe0\n[T15862] __kmalloc_cache_noprof+0x194/0x334\n[T15862] taprio_change+0x45c/0x2fe0\n[T15862] tc_modify_qdisc+0x6a8/0x1838\n[T15862] rtnetlink_rcv_msg+0x3c8/0xc20\n[T15862] netlink_rcv_skb+0x1f8/0x3d4\n[T15862] rtnetlink_rcv+0x28/0x40\n[T15862] netlink_unicast+0x51c/0x790\n[T15862] netlink_sendmsg+0x79c/0xc20\n[T15862] __sock_sendmsg+0xe0/0x1a0\n[T15862] ____sys_sendmsg+0x6c0/0x840\n[T15862] ___sys_sendmsg+0x1ac/0x1f0\n[T15862] __sys_sendmsg+0x110/0x1d0\n[T15862] __arm64_sys_sendmsg+0x74/0xb0\n[T15862] invoke_syscall+0x88/0x2e0\n[T15862] el0_svc_common.constprop.0+0xe4/0x2a0\n[T15862] do_el0_svc+0x44/0x60\n[T15862] el0_svc+0x50/0x184\n[T15862] el0t_64_sync_handler+0x120/0x12c\n[T15862] el0t_64_sync+0x190/0x194\n[T15862]\n[T15862] Freed by task 6192:\n[T15862] kasan_save_stack+0x3c/0x70\n[T15862] kasan_save_track+0x20/0x3c\n[T15862] kasan_save_free_info+0x4c/0x80\n[T15862] poison_slab_object+0x110/0x160\n[T15862] __kasan_slab_free+0x3c/0x74\n[T15862] kfree+0x134/0x3c0\n[T15862] taprio_free_sched_cb+0x18c/0x220\n[T15862] rcu_core+0x920/0x1b7c\n[T15862] rcu_core_si+0x10/0x1c\n[T15862] handle_softirqs+0x2e8/0xd64\n[T15862] __do_softirq+0x14/0x20",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50126",
"url": "https://www.suse.com/security/cve/CVE-2024-50126"
},
{
"category": "external",
"summary": "SUSE Bug 1232895 for CVE-2024-50126",
"url": "https://bugzilla.suse.com/1232895"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-50126"
},
{
"cve": "CVE-2024-50140",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50140"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched/core: Disable page allocation in task_tick_mm_cid()\n\nWith KASAN and PREEMPT_RT enabled, calling task_work_add() in\ntask_tick_mm_cid() may cause the following splat.\n\n[ 63.696416] BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48\n[ 63.696416] in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 610, name: modprobe\n[ 63.696416] preempt_count: 10001, expected: 0\n[ 63.696416] RCU nest depth: 1, expected: 1\n\nThis problem is caused by the following call trace.\n\n sched_tick() [ acquire rq-\u003e__lock ]\n -\u003e task_tick_mm_cid()\n -\u003e task_work_add()\n -\u003e __kasan_record_aux_stack()\n -\u003e kasan_save_stack()\n -\u003e stack_depot_save_flags()\n -\u003e alloc_pages_mpol_noprof()\n -\u003e __alloc_pages_noprof()\n\t -\u003e get_page_from_freelist()\n\t -\u003e rmqueue()\n\t -\u003e rmqueue_pcplist()\n\t -\u003e __rmqueue_pcplist()\n\t -\u003e rmqueue_bulk()\n\t -\u003e rt_spin_lock()\n\nThe rq lock is a raw_spinlock_t. We can\u0027t sleep while holding\nit. IOW, we can\u0027t call alloc_pages() in stack_depot_save_flags().\n\nThe task_tick_mm_cid() function with its task_work_add() call was\nintroduced by commit 223baf9d17f2 (\"sched: Fix performance regression\nintroduced by mm_cid\") in v6.4 kernel.\n\nFortunately, there is a kasan_record_aux_stack_noalloc() variant that\ncalls stack_depot_save_flags() while not allowing it to allocate\nnew pages. To allow task_tick_mm_cid() to use task_work without\npage allocation, a new TWAF_NO_ALLOC flag is added to enable calling\nkasan_record_aux_stack_noalloc() instead of kasan_record_aux_stack()\nif set. The task_tick_mm_cid() function is modified to add this new flag.\n\nThe possible downside is the missing stack trace in a KASAN report due\nto new page allocation required when task_work_add_noallloc() is called\nwhich should be rare.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50140",
"url": "https://www.suse.com/security/cve/CVE-2024-50140"
},
{
"category": "external",
"summary": "SUSE Bug 1233060 for CVE-2024-50140",
"url": "https://bugzilla.suse.com/1233060"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-50140"
},
{
"cve": "CVE-2024-50142",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50142"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm: validate new SA\u0027s prefixlen using SA family when sel.family is unset\n\nThis expands the validation introduced in commit 07bf7908950a (\"xfrm:\nValidate address prefix lengths in the xfrm selector.\")\n\nsyzbot created an SA with\n usersa.sel.family = AF_UNSPEC\n usersa.sel.prefixlen_s = 128\n usersa.family = AF_INET\n\nBecause of the AF_UNSPEC selector, verify_newsa_info doesn\u0027t put\nlimits on prefixlen_{s,d}. But then copy_from_user_state sets\nx-\u003esel.family to usersa.family (AF_INET). Do the same conversion in\nverify_newsa_info before validating prefixlen_{s,d}, since that\u0027s how\nprefixlen is going to be used later on.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50142",
"url": "https://www.suse.com/security/cve/CVE-2024-50142"
},
{
"category": "external",
"summary": "SUSE Bug 1233028 for CVE-2024-50142",
"url": "https://bugzilla.suse.com/1233028"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-50142"
},
{
"cve": "CVE-2024-50152",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50152"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix possible double free in smb2_set_ea()\n\nClang static checker(scan-build) warning:\nfs/smb/client/smb2ops.c:1304:2: Attempt to free released memory.\n 1304 | kfree(ea);\n | ^~~~~~~~~\n\nThere is a double free in such case:\n\u0027ea is initialized to NULL\u0027 -\u003e \u0027first successful memory allocation for\nea\u0027 -\u003e \u0027something failed, goto sea_exit\u0027 -\u003e \u0027first memory release for ea\u0027\n-\u003e \u0027goto replay_again\u0027 -\u003e \u0027second goto sea_exit before allocate memory\nfor ea\u0027 -\u003e \u0027second memory release for ea resulted in double free\u0027.\n\nRe-initialie \u0027ea\u0027 to NULL near to the replay_again label, it can fix this\ndouble free problem.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50152",
"url": "https://www.suse.com/security/cve/CVE-2024-50152"
},
{
"category": "external",
"summary": "SUSE Bug 1233033 for CVE-2024-50152",
"url": "https://bugzilla.suse.com/1233033"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-50152"
},
{
"cve": "CVE-2024-50185",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50185"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: handle consistently DSS corruption\n\nBugged peer implementation can send corrupted DSS options, consistently\nhitting a few warning in the data path. Use DEBUG_NET assertions, to\navoid the splat on some builds and handle consistently the error, dumping\nrelated MIBs and performing fallback and/or reset according to the\nsubflow type.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50185",
"url": "https://www.suse.com/security/cve/CVE-2024-50185"
},
{
"category": "external",
"summary": "SUSE Bug 1233109 for CVE-2024-50185",
"url": "https://bugzilla.suse.com/1233109"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-50185"
},
{
"cve": "CVE-2024-50251",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50251"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_payload: sanitize offset and length before calling skb_checksum()\n\nIf access to offset + length is larger than the skbuff length, then\nskb_checksum() triggers BUG_ON().\n\nskb_checksum() internally subtracts the length parameter while iterating\nover skbuff, BUG_ON(len) at the end of it checks that the expected\nlength to be included in the checksum calculation is fully consumed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50251",
"url": "https://www.suse.com/security/cve/CVE-2024-50251"
},
{
"category": "external",
"summary": "SUSE Bug 1233248 for CVE-2024-50251",
"url": "https://bugzilla.suse.com/1233248"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-50251"
},
{
"cve": "CVE-2024-50258",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50258"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix crash when config small gso_max_size/gso_ipv4_max_size\n\nConfig a small gso_max_size/gso_ipv4_max_size will lead to an underflow\nin sk_dst_gso_max_size(), which may trigger a BUG_ON crash,\nbecause sk-\u003esk_gso_max_size would be much bigger than device limits.\nCall Trace:\ntcp_write_xmit\n tso_segs = tcp_init_tso_segs(skb, mss_now);\n tcp_set_skb_tso_segs\n tcp_skb_pcount_set\n // skb-\u003elen = 524288, mss_now = 8\n // u16 tso_segs = 524288/8 = 65535 -\u003e 0\n tso_segs = DIV_ROUND_UP(skb-\u003elen, mss_now)\n BUG_ON(!tso_segs)\nAdd check for the minimum value of gso_max_size and gso_ipv4_max_size.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50258",
"url": "https://www.suse.com/security/cve/CVE-2024-50258"
},
{
"category": "external",
"summary": "SUSE Bug 1233221 for CVE-2024-50258",
"url": "https://bugzilla.suse.com/1233221"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-50258"
},
{
"cve": "CVE-2024-50290",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50290"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: cx24116: prevent overflows on SNR calculus\n\nas reported by Coverity, if reading SNR registers fail, a negative\nnumber will be returned, causing an underflow when reading SNR\nregisters.\n\nPrevent that.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50290",
"url": "https://www.suse.com/security/cve/CVE-2024-50290"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-50290",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "external",
"summary": "SUSE Bug 1233479 for CVE-2024-50290",
"url": "https://bugzilla.suse.com/1233479"
},
{
"category": "external",
"summary": "SUSE Bug 1233681 for CVE-2024-50290",
"url": "https://bugzilla.suse.com/1233681"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2024-50290"
},
{
"cve": "CVE-2024-50294",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50294"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nrxrpc: Fix missing locking causing hanging calls\n\nIf a call gets aborted (e.g. because kafs saw a signal) between it being\nqueued for connection and the I/O thread picking up the call, the abort\nwill be prioritised over the connection and it will be removed from\nlocal-\u003enew_client_calls by rxrpc_disconnect_client_call() without a lock\nbeing held. This may cause other calls on the list to disappear if a race\noccurs.\n\nFix this by taking the client_call_lock when removing a call from whatever\nlist its -\u003ewait_link happens to be on.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50294",
"url": "https://www.suse.com/security/cve/CVE-2024-50294"
},
{
"category": "external",
"summary": "SUSE Bug 1233483 for CVE-2024-50294",
"url": "https://bugzilla.suse.com/1233483"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-50294"
},
{
"cve": "CVE-2024-50304",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50304"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_find()\n\nThe per-netns IP tunnel hash table is protected by the RTNL mutex and\nip_tunnel_find() is only called from the control path where the mutex is\ntaken.\n\nAdd a lockdep expression to hlist_for_each_entry_rcu() in\nip_tunnel_find() in order to validate that the mutex is held and to\nsilence the suspicious RCU usage warning [1].\n\n[1]\nWARNING: suspicious RCU usage\n6.12.0-rc3-custom-gd95d9a31aceb #139 Not tainted\n-----------------------------\nnet/ipv4/ip_tunnel.c:221 RCU-list traversed in non-reader section!!\n\nother info that might help us debug this:\n\nrcu_scheduler_active = 2, debug_locks = 1\n1 lock held by ip/362:\n #0: ffffffff86fc7cb0 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x377/0xf60\n\nstack backtrace:\nCPU: 12 UID: 0 PID: 362 Comm: ip Not tainted 6.12.0-rc3-custom-gd95d9a31aceb #139\nHardware name: Bochs Bochs, BIOS Bochs 01/01/2011\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0xba/0x110\n lockdep_rcu_suspicious.cold+0x4f/0xd6\n ip_tunnel_find+0x435/0x4d0\n ip_tunnel_newlink+0x517/0x7a0\n ipgre_newlink+0x14c/0x170\n __rtnl_newlink+0x1173/0x19c0\n rtnl_newlink+0x6c/0xa0\n rtnetlink_rcv_msg+0x3cc/0xf60\n netlink_rcv_skb+0x171/0x450\n netlink_unicast+0x539/0x7f0\n netlink_sendmsg+0x8c1/0xd80\n ____sys_sendmsg+0x8f9/0xc20\n ___sys_sendmsg+0x197/0x1e0\n __sys_sendmsg+0x122/0x1f0\n do_syscall_64+0xbb/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50304",
"url": "https://www.suse.com/security/cve/CVE-2024-50304"
},
{
"category": "external",
"summary": "SUSE Bug 1233522 for CVE-2024-50304",
"url": "https://bugzilla.suse.com/1233522"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-50304"
},
{
"cve": "CVE-2024-52559",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-52559"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/gem: prevent integer overflow in msm_ioctl_gem_submit()\n\nThe \"submit-\u003ecmd[i].size\" and \"submit-\u003ecmd[i].offset\" variables are u32\nvalues that come from the user via the submit_lookup_cmds() function.\nThis addition could lead to an integer wrapping bug so use size_add()\nto prevent that.\n\nPatchwork: https://patchwork.freedesktop.org/patch/624696/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-52559",
"url": "https://www.suse.com/security/cve/CVE-2024-52559"
},
{
"category": "external",
"summary": "SUSE Bug 1238507 for CVE-2024-52559",
"url": "https://bugzilla.suse.com/1238507"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-52559"
},
{
"cve": "CVE-2024-53057",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53057"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT\n\nIn qdisc_tree_reduce_backlog, Qdiscs with major handle ffff: are assumed\nto be either root or ingress. This assumption is bogus since it\u0027s valid\nto create egress qdiscs with major handle ffff:\nBudimir Markovic found that for qdiscs like DRR that maintain an active\nclass list, it will cause a UAF with a dangling class pointer.\n\nIn 066a3b5b2346, the concern was to avoid iterating over the ingress\nqdisc since its parent is itself. The proper fix is to stop when parent\nTC_H_ROOT is reached because the only way to retrieve ingress is when a\nhierarchy which does not contain a ffff: major handle call into\nqdisc_lookup with TC_H_MAJ(TC_H_ROOT).\n\nIn the scenario where major ffff: is an egress qdisc in any of the tree\nlevels, the updates will also propagate to TC_H_ROOT, which then the\niteration must stop.\n\n\n net/sched/sch_api.c | 2 +-\n 1 file changed, 1 insertion(+), 1 deletion(-)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53057",
"url": "https://www.suse.com/security/cve/CVE-2024-53057"
},
{
"category": "external",
"summary": "SUSE Bug 1233551 for CVE-2024-53057",
"url": "https://bugzilla.suse.com/1233551"
},
{
"category": "external",
"summary": "SUSE Bug 1245816 for CVE-2024-53057",
"url": "https://bugzilla.suse.com/1245816"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2024-53057"
},
{
"cve": "CVE-2024-53063",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53063"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: dvbdev: prevent the risk of out of memory access\n\nThe dvbdev contains a static variable used to store dvb minors.\n\nThe behavior of it depends if CONFIG_DVB_DYNAMIC_MINORS is set\nor not. When not set, dvb_register_device() won\u0027t check for\nboundaries, as it will rely that a previous call to\ndvb_register_adapter() would already be enforcing it.\n\nOn a similar way, dvb_device_open() uses the assumption\nthat the register functions already did the needed checks.\n\nThis can be fragile if some device ends using different\ncalls. This also generate warnings on static check analysers\nlike Coverity.\n\nSo, add explicit guards to prevent potential risk of OOM issues.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53063",
"url": "https://www.suse.com/security/cve/CVE-2024-53063"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-53063",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "external",
"summary": "SUSE Bug 1233557 for CVE-2024-53063",
"url": "https://bugzilla.suse.com/1233557"
},
{
"category": "external",
"summary": "SUSE Bug 1233619 for CVE-2024-53063",
"url": "https://bugzilla.suse.com/1233619"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2024-53063"
},
{
"cve": "CVE-2024-53123",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53123"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: error out earlier on disconnect\n\nEric reported a division by zero splat in the MPTCP protocol:\n\nOops: divide error: 0000 [#1] PREEMPT SMP KASAN PTI\nCPU: 1 UID: 0 PID: 6094 Comm: syz-executor317 Not tainted\n6.12.0-rc5-syzkaller-00291-g05b92660cdfe #0\nHardware name: Google Google Compute Engine/Google Compute Engine,\nBIOS Google 09/13/2024\nRIP: 0010:__tcp_select_window+0x5b4/0x1310 net/ipv4/tcp_output.c:3163\nCode: f6 44 01 e3 89 df e8 9b 75 09 f8 44 39 f3 0f 8d 11 ff ff ff e8\n0d 74 09 f8 45 89 f4 e9 04 ff ff ff e8 00 74 09 f8 44 89 f0 99 \u003cf7\u003e 7c\n24 14 41 29 d6 45 89 f4 e9 ec fe ff ff e8 e8 73 09 f8 48 89\nRSP: 0018:ffffc900041f7930 EFLAGS: 00010293\nRAX: 0000000000017e67 RBX: 0000000000017e67 RCX: ffffffff8983314b\nRDX: 0000000000000000 RSI: ffffffff898331b0 RDI: 0000000000000004\nRBP: 00000000005d6000 R08: 0000000000000004 R09: 0000000000017e67\nR10: 0000000000003e80 R11: 0000000000000000 R12: 0000000000003e80\nR13: ffff888031d9b440 R14: 0000000000017e67 R15: 00000000002eb000\nFS: 00007feb5d7f16c0(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007feb5d8adbb8 CR3: 0000000074e4c000 CR4: 00000000003526f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n\u003cTASK\u003e\n__tcp_cleanup_rbuf+0x3e7/0x4b0 net/ipv4/tcp.c:1493\nmptcp_rcv_space_adjust net/mptcp/protocol.c:2085 [inline]\nmptcp_recvmsg+0x2156/0x2600 net/mptcp/protocol.c:2289\ninet_recvmsg+0x469/0x6a0 net/ipv4/af_inet.c:885\nsock_recvmsg_nosec net/socket.c:1051 [inline]\nsock_recvmsg+0x1b2/0x250 net/socket.c:1073\n__sys_recvfrom+0x1a5/0x2e0 net/socket.c:2265\n__do_sys_recvfrom net/socket.c:2283 [inline]\n__se_sys_recvfrom net/socket.c:2279 [inline]\n__x64_sys_recvfrom+0xe0/0x1c0 net/socket.c:2279\ndo_syscall_x64 arch/x86/entry/common.c:52 [inline]\ndo_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83\nentry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7feb5d857559\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48\n89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d\n01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007feb5d7f1208 EFLAGS: 00000246 ORIG_RAX: 000000000000002d\nRAX: ffffffffffffffda RBX: 00007feb5d8e1318 RCX: 00007feb5d857559\nRDX: 000000800000000e RSI: 0000000000000000 RDI: 0000000000000003\nRBP: 00007feb5d8e1310 R08: 0000000000000000 R09: ffffffff81000000\nR10: 0000000000000100 R11: 0000000000000246 R12: 00007feb5d8e131c\nR13: 00007feb5d8ae074 R14: 000000800000000e R15: 00000000fffffdef\n\nand provided a nice reproducer.\n\nThe root cause is the current bad handling of racing disconnect.\nAfter the blamed commit below, sk_wait_data() can return (with\nerror) with the underlying socket disconnected and a zero rcv_mss.\n\nCatch the error and return without performing any additional\noperations on the current socket.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53123",
"url": "https://www.suse.com/security/cve/CVE-2024-53123"
},
{
"category": "external",
"summary": "SUSE Bug 1234070 for CVE-2024-53123",
"url": "https://bugzilla.suse.com/1234070"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-53123"
},
{
"cve": "CVE-2024-53124",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53124"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix data-races around sk-\u003esk_forward_alloc\n\nSyzkaller reported this warning:\n ------------[ cut here ]------------\n WARNING: CPU: 0 PID: 16 at net/ipv4/af_inet.c:156 inet_sock_destruct+0x1c5/0x1e0\n Modules linked in:\n CPU: 0 UID: 0 PID: 16 Comm: ksoftirqd/0 Not tainted 6.12.0-rc5 #26\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\n RIP: 0010:inet_sock_destruct+0x1c5/0x1e0\n Code: 24 12 4c 89 e2 5b 48 c7 c7 98 ec bb 82 41 5c e9 d1 18 17 ff 4c 89 e6 5b 48 c7 c7 d0 ec bb 82 41 5c e9 bf 18 17 ff 0f 0b eb 83 \u003c0f\u003e 0b eb 97 0f 0b eb 87 0f 0b e9 68 ff ff ff 66 66 2e 0f 1f 84 00\n RSP: 0018:ffffc9000008bd90 EFLAGS: 00010206\n RAX: 0000000000000300 RBX: ffff88810b172a90 RCX: 0000000000000007\n RDX: 0000000000000002 RSI: 0000000000000300 RDI: ffff88810b172a00\n RBP: ffff88810b172a00 R08: ffff888104273c00 R09: 0000000000100007\n R10: 0000000000020000 R11: 0000000000000006 R12: ffff88810b172a00\n R13: 0000000000000004 R14: 0000000000000000 R15: ffff888237c31f78\n FS: 0000000000000000(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007ffc63fecac8 CR3: 000000000342e000 CR4: 00000000000006f0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n \u003cTASK\u003e\n ? __warn+0x88/0x130\n ? inet_sock_destruct+0x1c5/0x1e0\n ? report_bug+0x18e/0x1a0\n ? handle_bug+0x53/0x90\n ? exc_invalid_op+0x18/0x70\n ? asm_exc_invalid_op+0x1a/0x20\n ? inet_sock_destruct+0x1c5/0x1e0\n __sk_destruct+0x2a/0x200\n rcu_do_batch+0x1aa/0x530\n ? rcu_do_batch+0x13b/0x530\n rcu_core+0x159/0x2f0\n handle_softirqs+0xd3/0x2b0\n ? __pfx_smpboot_thread_fn+0x10/0x10\n run_ksoftirqd+0x25/0x30\n smpboot_thread_fn+0xdd/0x1d0\n kthread+0xd3/0x100\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x34/0x50\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n ---[ end trace 0000000000000000 ]---\n\nIts possible that two threads call tcp_v6_do_rcv()/sk_forward_alloc_add()\nconcurrently when sk-\u003esk_state == TCP_LISTEN with sk-\u003esk_lock unlocked,\nwhich triggers a data-race around sk-\u003esk_forward_alloc:\ntcp_v6_rcv\n tcp_v6_do_rcv\n skb_clone_and_charge_r\n sk_rmem_schedule\n __sk_mem_schedule\n sk_forward_alloc_add()\n skb_set_owner_r\n sk_mem_charge\n sk_forward_alloc_add()\n __kfree_skb\n skb_release_all\n skb_release_head_state\n sock_rfree\n sk_mem_uncharge\n sk_forward_alloc_add()\n sk_mem_reclaim\n // set local var reclaimable\n __sk_mem_reclaim\n sk_forward_alloc_add()\n\nIn this syzkaller testcase, two threads call\ntcp_v6_do_rcv() with skb-\u003etruesize=768, the sk_forward_alloc changes like\nthis:\n (cpu 1) | (cpu 2) | sk_forward_alloc\n ... | ... | 0\n __sk_mem_schedule() | | +4096 = 4096\n | __sk_mem_schedule() | +4096 = 8192\n sk_mem_charge() | | -768 = 7424\n | sk_mem_charge() | -768 = 6656\n ... | ... |\n sk_mem_uncharge() | | +768 = 7424\n reclaimable=7424 | |\n | sk_mem_uncharge() | +768 = 8192\n | reclaimable=8192 |\n __sk_mem_reclaim() | | -4096 = 4096\n | __sk_mem_reclaim() | -8192 = -4096 != 0\n\nThe skb_clone_and_charge_r() should not be called in tcp_v6_do_rcv() when\nsk-\u003esk_state is TCP_LISTEN, it happens later in tcp_v6_syn_recv_sock().\nFix the same issue in dccp_v6_do_rcv().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53124",
"url": "https://www.suse.com/security/cve/CVE-2024-53124"
},
{
"category": "external",
"summary": "SUSE Bug 1234074 for CVE-2024-53124",
"url": "https://bugzilla.suse.com/1234074"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-53124"
},
{
"cve": "CVE-2024-53139",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53139"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: fix possible UAF in sctp_v6_available()\n\nA lockdep report [1] with CONFIG_PROVE_RCU_LIST=y hints\nthat sctp_v6_available() is calling dev_get_by_index_rcu()\nand ipv6_chk_addr() without holding rcu.\n\n[1]\n =============================\n WARNING: suspicious RCU usage\n 6.12.0-rc5-virtme #1216 Tainted: G W\n -----------------------------\n net/core/dev.c:876 RCU-list traversed in non-reader section!!\n\nother info that might help us debug this:\n\nrcu_scheduler_active = 2, debug_locks = 1\n 1 lock held by sctp_hello/31495:\n #0: ffff9f1ebbdb7418 (sk_lock-AF_INET6){+.+.}-{0:0}, at: sctp_bind (./arch/x86/include/asm/jump_label.h:27 net/sctp/socket.c:315) sctp\n\nstack backtrace:\n CPU: 7 UID: 0 PID: 31495 Comm: sctp_hello Tainted: G W 6.12.0-rc5-virtme #1216\n Tainted: [W]=WARN\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl (lib/dump_stack.c:123)\n lockdep_rcu_suspicious (kernel/locking/lockdep.c:6822)\n dev_get_by_index_rcu (net/core/dev.c:876 (discriminator 7))\n sctp_v6_available (net/sctp/ipv6.c:701) sctp\n sctp_do_bind (net/sctp/socket.c:400 (discriminator 1)) sctp\n sctp_bind (net/sctp/socket.c:320) sctp\n inet6_bind_sk (net/ipv6/af_inet6.c:465)\n ? security_socket_bind (security/security.c:4581 (discriminator 1))\n __sys_bind (net/socket.c:1848 net/socket.c:1869)\n ? do_user_addr_fault (./include/linux/rcupdate.h:347 ./include/linux/rcupdate.h:880 ./include/linux/mm.h:729 arch/x86/mm/fault.c:1340)\n ? do_user_addr_fault (./arch/x86/include/asm/preempt.h:84 (discriminator 13) ./include/linux/rcupdate.h:98 (discriminator 13) ./include/linux/rcupdate.h:882 (discriminator 13) ./include/linux/mm.h:729 (discriminator 13) arch/x86/mm/fault.c:1340 (discriminator 13))\n __x64_sys_bind (net/socket.c:1877 (discriminator 1) net/socket.c:1875 (discriminator 1) net/socket.c:1875 (discriminator 1))\n do_syscall_64 (arch/x86/entry/common.c:52 (discriminator 1) arch/x86/entry/common.c:83 (discriminator 1))\n entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\n RIP: 0033:0x7f59b934a1e7\n Code: 44 00 00 48 8b 15 39 8c 0c 00 f7 d8 64 89 02 b8 ff ff ff ff eb bd 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 b8 31 00 00 00 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 0d 09 8c 0c 00 f7 d8 64 89 01 48\nAll code\n========\n 0:\t44 00 00 \tadd %r8b,(%rax)\n 3:\t48 8b 15 39 8c 0c 00 \tmov 0xc8c39(%rip),%rdx # 0xc8c43\n a:\tf7 d8 \tneg %eax\n c:\t64 89 02 \tmov %eax,%fs:(%rdx)\n f:\tb8 ff ff ff ff \tmov $0xffffffff,%eax\n 14:\teb bd \tjmp 0xffffffffffffffd3\n 16:\t66 2e 0f 1f 84 00 00 \tcs nopw 0x0(%rax,%rax,1)\n 1d:\t00 00 00\n 20:\t0f 1f 00 \tnopl (%rax)\n 23:\tb8 31 00 00 00 \tmov $0x31,%eax\n 28:\t0f 05 \tsyscall\n 2a:*\t48 3d 01 f0 ff ff \tcmp $0xfffffffffffff001,%rax\t\t\u003c-- trapping instruction\n 30:\t73 01 \tjae 0x33\n 32:\tc3 \tret\n 33:\t48 8b 0d 09 8c 0c 00 \tmov 0xc8c09(%rip),%rcx # 0xc8c43\n 3a:\tf7 d8 \tneg %eax\n 3c:\t64 89 01 \tmov %eax,%fs:(%rcx)\n 3f:\t48 \trex.W\n\nCode starting with the faulting instruction\n===========================================\n 0:\t48 3d 01 f0 ff ff \tcmp $0xfffffffffffff001,%rax\n 6:\t73 01 \tjae 0x9\n 8:\tc3 \tret\n 9:\t48 8b 0d 09 8c 0c 00 \tmov 0xc8c09(%rip),%rcx # 0xc8c19\n 10:\tf7 d8 \tneg %eax\n 12:\t64 89 01 \tmov %eax,%fs:(%rcx)\n 15:\t48 \trex.W\n RSP: 002b:00007ffe2d0ad398 EFLAGS: 00000202 ORIG_RAX: 0000000000000031\n RAX: ffffffffffffffda RBX: 00007ffe2d0ad3d0 RCX: 00007f59b934a1e7\n RDX: 000000000000001c RSI: 00007ffe2d0ad3d0 RDI: 0000000000000005\n RBP: 0000000000000005 R08: 1999999999999999 R09: 0000000000000000\n R10: 00007f59b9253298 R11: 000000000000\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53139",
"url": "https://www.suse.com/security/cve/CVE-2024-53139"
},
{
"category": "external",
"summary": "SUSE Bug 1234157 for CVE-2024-53139",
"url": "https://bugzilla.suse.com/1234157"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-53139"
},
{
"cve": "CVE-2024-53140",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53140"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetlink: terminate outstanding dump on socket close\n\nNetlink supports iterative dumping of data. It provides the families\nthe following ops:\n - start - (optional) kicks off the dumping process\n - dump - actual dump helper, keeps getting called until it returns 0\n - done - (optional) pairs with .start, can be used for cleanup\nThe whole process is asynchronous and the repeated calls to .dump\ndon\u0027t actually happen in a tight loop, but rather are triggered\nin response to recvmsg() on the socket.\n\nThis gives the user full control over the dump, but also means that\nthe user can close the socket without getting to the end of the dump.\nTo make sure .start is always paired with .done we check if there\nis an ongoing dump before freeing the socket, and if so call .done.\n\nThe complication is that sockets can get freed from BH and .done\nis allowed to sleep. So we use a workqueue to defer the call, when\nneeded.\n\nUnfortunately this does not work correctly. What we defer is not\nthe cleanup but rather releasing a reference on the socket.\nWe have no guarantee that we own the last reference, if someone\nelse holds the socket they may release it in BH and we\u0027re back\nto square one.\n\nThe whole dance, however, appears to be unnecessary. Only the user\ncan interact with dumps, so we can clean up when socket is closed.\nAnd close always happens in process context. Some async code may\nstill access the socket after close, queue notification skbs to it etc.\nbut no dumps can start, end or otherwise make progress.\n\nDelete the workqueue and flush the dump state directly from the release\nhandler. Note that further cleanup is possible in -next, for instance\nwe now always call .done before releasing the main module reference,\nso dump doesn\u0027t have to take a reference of its own.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53140",
"url": "https://www.suse.com/security/cve/CVE-2024-53140"
},
{
"category": "external",
"summary": "SUSE Bug 1234222 for CVE-2024-53140",
"url": "https://bugzilla.suse.com/1234222"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-53140"
},
{
"cve": "CVE-2024-53147",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53147"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nexfat: fix out-of-bounds access of directory entries\n\nIn the case of the directory size is greater than or equal to\nthe cluster size, if start_clu becomes an EOF cluster(an invalid\ncluster) due to file system corruption, then the directory entry\nwhere ei-\u003ehint_femp.eidx hint is outside the directory, resulting\nin an out-of-bounds access, which may cause further file system\ncorruption.\n\nThis commit adds a check for start_clu, if it is an invalid cluster,\nthe file or directory will be treated as empty.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53147",
"url": "https://www.suse.com/security/cve/CVE-2024-53147"
},
{
"category": "external",
"summary": "SUSE Bug 1234857 for CVE-2024-53147",
"url": "https://bugzilla.suse.com/1234857"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-53147"
},
{
"cve": "CVE-2024-53163",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53163"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: qat/qat_420xx - fix off by one in uof_get_name()\n\nThis is called from uof_get_name_420xx() where \"num_objs\" is the\nARRAY_SIZE() of fw_objs[]. The \u003e needs to be \u003e= to prevent an out of\nbounds access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53163",
"url": "https://www.suse.com/security/cve/CVE-2024-53163"
},
{
"category": "external",
"summary": "SUSE Bug 1234828 for CVE-2024-53163",
"url": "https://bugzilla.suse.com/1234828"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-53163"
},
{
"cve": "CVE-2024-53173",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53173"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSv4.0: Fix a use-after-free problem in the asynchronous open()\n\nYang Erkun reports that when two threads are opening files at the same\ntime, and are forced to abort before a reply is seen, then the call to\nnfs_release_seqid() in nfs4_opendata_free() can result in a\nuse-after-free of the pointer to the defunct rpc task of the other\nthread.\nThe fix is to ensure that if the RPC call is aborted before the call to\nnfs_wait_on_sequence() is complete, then we must call nfs_release_seqid()\nin nfs4_open_release() before the rpc_task is freed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53173",
"url": "https://www.suse.com/security/cve/CVE-2024-53173"
},
{
"category": "external",
"summary": "SUSE Bug 1234853 for CVE-2024-53173",
"url": "https://bugzilla.suse.com/1234853"
},
{
"category": "external",
"summary": "SUSE Bug 1234891 for CVE-2024-53173",
"url": "https://bugzilla.suse.com/1234891"
},
{
"category": "external",
"summary": "SUSE Bug 1234892 for CVE-2024-53173",
"url": "https://bugzilla.suse.com/1234892"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2024-53173"
},
{
"cve": "CVE-2024-53176",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53176"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: During unmount, ensure all cached dir instances drop their dentry\n\nThe unmount process (cifs_kill_sb() calling close_all_cached_dirs()) can\nrace with various cached directory operations, which ultimately results\nin dentries not being dropped and these kernel BUGs:\n\nBUG: Dentry ffff88814f37e358{i=1000000000080,n=/} still in use (2) [unmount of cifs cifs]\nVFS: Busy inodes after unmount of cifs (cifs)\n------------[ cut here ]------------\nkernel BUG at fs/super.c:661!\n\nThis happens when a cfid is in the process of being cleaned up when, and\nhas been removed from the cfids-\u003eentries list, including:\n\n- Receiving a lease break from the server\n- Server reconnection triggers invalidate_all_cached_dirs(), which\n removes all the cfids from the list\n- The laundromat thread decides to expire an old cfid.\n\nTo solve these problems, dropping the dentry is done in queued work done\nin a newly-added cfid_put_wq workqueue, and close_all_cached_dirs()\nflushes that workqueue after it drops all the dentries of which it\u0027s\naware. This is a global workqueue (rather than scoped to a mount), but\nthe queued work is minimal.\n\nThe final cleanup work for cleaning up a cfid is performed via work\nqueued in the serverclose_wq workqueue; this is done separate from\ndropping the dentries so that close_all_cached_dirs() doesn\u0027t block on\nany server operations.\n\nBoth of these queued works expect to invoked with a cfid reference and\na tcon reference to avoid those objects from being freed while the work\nis ongoing.\n\nWhile we\u0027re here, add proper locking to close_all_cached_dirs(), and\nlocking around the freeing of cfid-\u003edentry.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53176",
"url": "https://www.suse.com/security/cve/CVE-2024-53176"
},
{
"category": "external",
"summary": "SUSE Bug 1234894 for CVE-2024-53176",
"url": "https://bugzilla.suse.com/1234894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-53176"
},
{
"cve": "CVE-2024-53177",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53177"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: prevent use-after-free due to open_cached_dir error paths\n\nIf open_cached_dir() encounters an error parsing the lease from the\nserver, the error handling may race with receiving a lease break,\nresulting in open_cached_dir() freeing the cfid while the queued work is\npending.\n\nUpdate open_cached_dir() to drop refs rather than directly freeing the\ncfid.\n\nHave cached_dir_lease_break(), cfids_laundromat_worker(), and\ninvalidate_all_cached_dirs() clear has_lease immediately while still\nholding cfids-\u003ecfid_list_lock, and then use this to also simplify the\nreference counting in cfids_laundromat_worker() and\ninvalidate_all_cached_dirs().\n\nFixes this KASAN splat (which manually injects an error and lease break\nin open_cached_dir()):\n\n==================================================================\nBUG: KASAN: slab-use-after-free in smb2_cached_lease_break+0x27/0xb0\nRead of size 8 at addr ffff88811cc24c10 by task kworker/3:1/65\n\nCPU: 3 UID: 0 PID: 65 Comm: kworker/3:1 Not tainted 6.12.0-rc6-g255cf264e6e5-dirty #87\nHardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 11/12/2020\nWorkqueue: cifsiod smb2_cached_lease_break\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x77/0xb0\n print_report+0xce/0x660\n kasan_report+0xd3/0x110\n smb2_cached_lease_break+0x27/0xb0\n process_one_work+0x50a/0xc50\n worker_thread+0x2ba/0x530\n kthread+0x17c/0x1c0\n ret_from_fork+0x34/0x60\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n\nAllocated by task 2464:\n kasan_save_stack+0x33/0x60\n kasan_save_track+0x14/0x30\n __kasan_kmalloc+0xaa/0xb0\n open_cached_dir+0xa7d/0x1fb0\n smb2_query_path_info+0x43c/0x6e0\n cifs_get_fattr+0x346/0xf10\n cifs_get_inode_info+0x157/0x210\n cifs_revalidate_dentry_attr+0x2d1/0x460\n cifs_getattr+0x173/0x470\n vfs_statx_path+0x10f/0x160\n vfs_statx+0xe9/0x150\n vfs_fstatat+0x5e/0xc0\n __do_sys_newfstatat+0x91/0xf0\n do_syscall_64+0x95/0x1a0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nFreed by task 2464:\n kasan_save_stack+0x33/0x60\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3b/0x60\n __kasan_slab_free+0x51/0x70\n kfree+0x174/0x520\n open_cached_dir+0x97f/0x1fb0\n smb2_query_path_info+0x43c/0x6e0\n cifs_get_fattr+0x346/0xf10\n cifs_get_inode_info+0x157/0x210\n cifs_revalidate_dentry_attr+0x2d1/0x460\n cifs_getattr+0x173/0x470\n vfs_statx_path+0x10f/0x160\n vfs_statx+0xe9/0x150\n vfs_fstatat+0x5e/0xc0\n __do_sys_newfstatat+0x91/0xf0\n do_syscall_64+0x95/0x1a0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nLast potentially related work creation:\n kasan_save_stack+0x33/0x60\n __kasan_record_aux_stack+0xad/0xc0\n insert_work+0x32/0x100\n __queue_work+0x5c9/0x870\n queue_work_on+0x82/0x90\n open_cached_dir+0x1369/0x1fb0\n smb2_query_path_info+0x43c/0x6e0\n cifs_get_fattr+0x346/0xf10\n cifs_get_inode_info+0x157/0x210\n cifs_revalidate_dentry_attr+0x2d1/0x460\n cifs_getattr+0x173/0x470\n vfs_statx_path+0x10f/0x160\n vfs_statx+0xe9/0x150\n vfs_fstatat+0x5e/0xc0\n __do_sys_newfstatat+0x91/0xf0\n do_syscall_64+0x95/0x1a0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nThe buggy address belongs to the object at ffff88811cc24c00\n which belongs to the cache kmalloc-1k of size 1024\nThe buggy address is located 16 bytes inside of\n freed 1024-byte region [ffff88811cc24c00, ffff88811cc25000)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53177",
"url": "https://www.suse.com/security/cve/CVE-2024-53177"
},
{
"category": "external",
"summary": "SUSE Bug 1234896 for CVE-2024-53177",
"url": "https://bugzilla.suse.com/1234896"
},
{
"category": "external",
"summary": "SUSE Bug 1235103 for CVE-2024-53177",
"url": "https://bugzilla.suse.com/1235103"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2024-53177"
},
{
"cve": "CVE-2024-53178",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53178"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: Don\u0027t leak cfid when reconnect races with open_cached_dir\n\nopen_cached_dir() may either race with the tcon reconnection even before\ncompound_send_recv() or directly trigger a reconnection via\nSMB2_open_init() or SMB_query_info_init().\n\nThe reconnection process invokes invalidate_all_cached_dirs() via\ncifs_mark_open_files_invalid(), which removes all cfids from the\ncfids-\u003eentries list but doesn\u0027t drop a ref if has_lease isn\u0027t true. This\nresults in the currently-being-constructed cfid not being on the list,\nbut still having a refcount of 2. It leaks if returned from\nopen_cached_dir().\n\nFix this by setting cfid-\u003ehas_lease when the ref is actually taken; the\ncfid will not be used by other threads until it has a valid time.\n\nAddresses these kmemleaks:\n\nunreferenced object 0xffff8881090c4000 (size 1024):\n comm \"bash\", pid 1860, jiffies 4295126592\n hex dump (first 32 bytes):\n 00 01 00 00 00 00 ad de 22 01 00 00 00 00 ad de ........\".......\n 00 ca 45 22 81 88 ff ff f8 dc 4f 04 81 88 ff ff ..E\"......O.....\n backtrace (crc 6f58c20f):\n [\u003cffffffff8b895a1e\u003e] __kmalloc_cache_noprof+0x2be/0x350\n [\u003cffffffff8bda06e3\u003e] open_cached_dir+0x993/0x1fb0\n [\u003cffffffff8bdaa750\u003e] cifs_readdir+0x15a0/0x1d50\n [\u003cffffffff8b9a853f\u003e] iterate_dir+0x28f/0x4b0\n [\u003cffffffff8b9a9aed\u003e] __x64_sys_getdents64+0xfd/0x200\n [\u003cffffffff8cf6da05\u003e] do_syscall_64+0x95/0x1a0\n [\u003cffffffff8d00012f\u003e] entry_SYSCALL_64_after_hwframe+0x76/0x7e\nunreferenced object 0xffff8881044fdcf8 (size 8):\n comm \"bash\", pid 1860, jiffies 4295126592\n hex dump (first 8 bytes):\n 00 cc cc cc cc cc cc cc ........\n backtrace (crc 10c106a9):\n [\u003cffffffff8b89a3d3\u003e] __kmalloc_node_track_caller_noprof+0x363/0x480\n [\u003cffffffff8b7d7256\u003e] kstrdup+0x36/0x60\n [\u003cffffffff8bda0700\u003e] open_cached_dir+0x9b0/0x1fb0\n [\u003cffffffff8bdaa750\u003e] cifs_readdir+0x15a0/0x1d50\n [\u003cffffffff8b9a853f\u003e] iterate_dir+0x28f/0x4b0\n [\u003cffffffff8b9a9aed\u003e] __x64_sys_getdents64+0xfd/0x200\n [\u003cffffffff8cf6da05\u003e] do_syscall_64+0x95/0x1a0\n [\u003cffffffff8d00012f\u003e] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nAnd addresses these BUG splats when unmounting the SMB filesystem:\n\nBUG: Dentry ffff888140590ba0{i=1000000000080,n=/} still in use (2) [unmount of cifs cifs]\nWARNING: CPU: 3 PID: 3433 at fs/dcache.c:1536 umount_check+0xd0/0x100\nModules linked in:\nCPU: 3 UID: 0 PID: 3433 Comm: bash Not tainted 6.12.0-rc4-g850925a8133c-dirty #49\nHardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 11/12/2020\nRIP: 0010:umount_check+0xd0/0x100\nCode: 8d 7c 24 40 e8 31 5a f4 ff 49 8b 54 24 40 41 56 49 89 e9 45 89 e8 48 89 d9 41 57 48 89 de 48 c7 c7 80 e7 db ac e8 f0 72 9a ff \u003c0f\u003e 0b 58 31 c0 5a 5b 5d 41 5c 41 5d 41 5e 41 5f e9 2b e5 5d 01 41\nRSP: 0018:ffff88811cc27978 EFLAGS: 00010286\nRAX: 0000000000000000 RBX: ffff888140590ba0 RCX: ffffffffaaf20bae\nRDX: dffffc0000000000 RSI: 0000000000000008 RDI: ffff8881f6fb6f40\nRBP: ffff8881462ec000 R08: 0000000000000001 R09: ffffed1023984ee3\nR10: ffff88811cc2771f R11: 00000000016cfcc0 R12: ffff888134383e08\nR13: 0000000000000002 R14: ffff8881462ec668 R15: ffffffffaceab4c0\nFS: 00007f23bfa98740(0000) GS:ffff8881f6f80000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000556de4a6f808 CR3: 0000000123c80000 CR4: 0000000000350ef0\nCall Trace:\n \u003cTASK\u003e\n d_walk+0x6a/0x530\n shrink_dcache_for_umount+0x6a/0x200\n generic_shutdown_super+0x52/0x2a0\n kill_anon_super+0x22/0x40\n cifs_kill_sb+0x159/0x1e0\n deactivate_locked_super+0x66/0xe0\n cleanup_mnt+0x140/0x210\n task_work_run+0xfb/0x170\n syscall_exit_to_user_mode+0x29f/0x2b0\n do_syscall_64+0xa1/0x1a0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\nRIP: 0033:0x7f23bfb93ae7\nCode: ff ff ff ff c3 66 0f 1f 44 00 00 48 8b 0d 11 93 0d 00 f7 d8 64 89 01 b8 ff ff ff ff eb bf 0f 1f 44 00 00 b8 50 00 00 00 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 0d e9 92 0d 00 f7 d8 64 89 \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53178",
"url": "https://www.suse.com/security/cve/CVE-2024-53178"
},
{
"category": "external",
"summary": "SUSE Bug 1234895 for CVE-2024-53178",
"url": "https://bugzilla.suse.com/1234895"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-53178"
},
{
"cve": "CVE-2024-53226",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53226"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/hns: Fix NULL pointer derefernce in hns_roce_map_mr_sg()\n\nib_map_mr_sg() allows ULPs to specify NULL as the sg_offset argument.\nThe driver needs to check whether it is a NULL pointer before\ndereferencing it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53226",
"url": "https://www.suse.com/security/cve/CVE-2024-53226"
},
{
"category": "external",
"summary": "SUSE Bug 1236576 for CVE-2024-53226",
"url": "https://bugzilla.suse.com/1236576"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-53226"
},
{
"cve": "CVE-2024-53239",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53239"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: 6fire: Release resources at card release\n\nThe current 6fire code tries to release the resources right after the\ncall of usb6fire_chip_abort(). But at this moment, the card object\nmight be still in use (as we\u0027re calling snd_card_free_when_closed()).\n\nFor avoid potential UAFs, move the release of resources to the card\u0027s\nprivate_free instead of the manual call of usb6fire_chip_destroy() at\nthe USB disconnect callback.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53239",
"url": "https://www.suse.com/security/cve/CVE-2024-53239"
},
{
"category": "external",
"summary": "SUSE Bug 1234853 for CVE-2024-53239",
"url": "https://bugzilla.suse.com/1234853"
},
{
"category": "external",
"summary": "SUSE Bug 1235054 for CVE-2024-53239",
"url": "https://bugzilla.suse.com/1235054"
},
{
"category": "external",
"summary": "SUSE Bug 1235055 for CVE-2024-53239",
"url": "https://bugzilla.suse.com/1235055"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2024-53239"
},
{
"cve": "CVE-2024-53680",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53680"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init()\n\nUnder certain kernel configurations when building with Clang/LLVM, the\ncompiler does not generate a return or jump as the terminator\ninstruction for ip_vs_protocol_init(), triggering the following objtool\nwarning during build time:\n\n vmlinux.o: warning: objtool: ip_vs_protocol_init() falls through to next function __initstub__kmod_ip_vs_rr__935_123_ip_vs_rr_init6()\n\nAt runtime, this either causes an oops when trying to load the ipvs\nmodule or a boot-time panic if ipvs is built-in. This same issue has\nbeen reported by the Intel kernel test robot previously.\n\nDigging deeper into both LLVM and the kernel code reveals this to be a\nundefined behavior problem. ip_vs_protocol_init() uses a on-stack buffer\nof 64 chars to store the registered protocol names and leaves it\nuninitialized after definition. The function calls strnlen() when\nconcatenating protocol names into the buffer. With CONFIG_FORTIFY_SOURCE\nstrnlen() performs an extra step to check whether the last byte of the\ninput char buffer is a null character (commit 3009f891bb9f (\"fortify:\nAllow strlen() and strnlen() to pass compile-time known lengths\")).\nThis, together with possibly other configurations, cause the following\nIR to be generated:\n\n define hidden i32 @ip_vs_protocol_init() local_unnamed_addr #5 section \".init.text\" align 16 !kcfi_type !29 {\n %1 = alloca [64 x i8], align 16\n ...\n\n 14: ; preds = %11\n %15 = getelementptr inbounds i8, ptr %1, i64 63\n %16 = load i8, ptr %15, align 1\n %17 = tail call i1 @llvm.is.constant.i8(i8 %16)\n %18 = icmp eq i8 %16, 0\n %19 = select i1 %17, i1 %18, i1 false\n br i1 %19, label %20, label %23\n\n 20: ; preds = %14\n %21 = call i64 @strlen(ptr noundef nonnull dereferenceable(1) %1) #23\n ...\n\n 23: ; preds = %14, %11, %20\n %24 = call i64 @strnlen(ptr noundef nonnull dereferenceable(1) %1, i64 noundef 64) #24\n ...\n }\n\nThe above code calculates the address of the last char in the buffer\n(value %15) and then loads from it (value %16). Because the buffer is\nnever initialized, the LLVM GVN pass marks value %16 as undefined:\n\n %13 = getelementptr inbounds i8, ptr %1, i64 63\n br i1 undef, label %14, label %17\n\nThis gives later passes (SCCP, in particular) more DCE opportunities by\npropagating the undef value further, and eventually removes everything\nafter the load on the uninitialized stack location:\n\n define hidden i32 @ip_vs_protocol_init() local_unnamed_addr #0 section \".init.text\" align 16 !kcfi_type !11 {\n %1 = alloca [64 x i8], align 16\n ...\n\n 12: ; preds = %11\n %13 = getelementptr inbounds i8, ptr %1, i64 63\n unreachable\n }\n\nIn this way, the generated native code will just fall through to the\nnext function, as LLVM does not generate any code for the unreachable IR\ninstruction and leaves the function without a terminator.\n\nZero the on-stack buffer to avoid this possible UB.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53680",
"url": "https://www.suse.com/security/cve/CVE-2024-53680"
},
{
"category": "external",
"summary": "SUSE Bug 1235715 for CVE-2024-53680",
"url": "https://bugzilla.suse.com/1235715"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-53680"
},
{
"cve": "CVE-2024-54683",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-54683"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: IDLETIMER: Fix for possible ABBA deadlock\n\nDeletion of the last rule referencing a given idletimer may happen at\nthe same time as a read of its file in sysfs:\n\n| ======================================================\n| WARNING: possible circular locking dependency detected\n| 6.12.0-rc7-01692-g5e9a28f41134-dirty #594 Not tainted\n| ------------------------------------------------------\n| iptables/3303 is trying to acquire lock:\n| ffff8881057e04b8 (kn-\u003eactive#48){++++}-{0:0}, at: __kernfs_remove+0x20\n|\n| but task is already holding lock:\n| ffffffffa0249068 (list_mutex){+.+.}-{3:3}, at: idletimer_tg_destroy_v]\n|\n| which lock already depends on the new lock.\n\nA simple reproducer is:\n\n| #!/bin/bash\n|\n| while true; do\n| iptables -A INPUT -i foo -j IDLETIMER --timeout 10 --label \"testme\"\n| iptables -D INPUT -i foo -j IDLETIMER --timeout 10 --label \"testme\"\n| done \u0026\n| while true; do\n| cat /sys/class/xt_idletimer/timers/testme \u003e/dev/null\n| done\n\nAvoid this by freeing list_mutex right after deleting the element from\nthe list, then continuing with the teardown.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-54683",
"url": "https://www.suse.com/security/cve/CVE-2024-54683"
},
{
"category": "external",
"summary": "SUSE Bug 1235729 for CVE-2024-54683",
"url": "https://bugzilla.suse.com/1235729"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-54683"
},
{
"cve": "CVE-2024-56539",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56539"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan()\n\nReplace one-element array with a flexible-array member in `struct\nmwifiex_ie_types_wildcard_ssid_params` to fix the following warning\non a MT8173 Chromebook (mt8173-elm-hana):\n\n[ 356.775250] ------------[ cut here ]------------\n[ 356.784543] memcpy: detected field-spanning write (size 6) of single field \"wildcard_ssid_tlv-\u003essid\" at drivers/net/wireless/marvell/mwifiex/scan.c:904 (size 1)\n[ 356.813403] WARNING: CPU: 3 PID: 742 at drivers/net/wireless/marvell/mwifiex/scan.c:904 mwifiex_scan_networks+0x4fc/0xf28 [mwifiex]\n\nThe \"(size 6)\" above is exactly the length of the SSID of the network\nthis device was connected to. The source of the warning looks like:\n\n ssid_len = user_scan_in-\u003essid_list[i].ssid_len;\n [...]\n memcpy(wildcard_ssid_tlv-\u003essid,\n user_scan_in-\u003essid_list[i].ssid, ssid_len);\n\nThere is a #define WILDCARD_SSID_TLV_MAX_SIZE that uses sizeof() on this\nstruct, but it already didn\u0027t account for the size of the one-element\narray, so it doesn\u0027t need to be changed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56539",
"url": "https://www.suse.com/security/cve/CVE-2024-56539"
},
{
"category": "external",
"summary": "SUSE Bug 1234853 for CVE-2024-56539",
"url": "https://bugzilla.suse.com/1234853"
},
{
"category": "external",
"summary": "SUSE Bug 1234963 for CVE-2024-56539",
"url": "https://bugzilla.suse.com/1234963"
},
{
"category": "external",
"summary": "SUSE Bug 1234964 for CVE-2024-56539",
"url": "https://bugzilla.suse.com/1234964"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2024-56539"
},
{
"cve": "CVE-2024-56548",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56548"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nhfsplus: don\u0027t query the device logical block size multiple times\n\nDevices block sizes may change. One of these cases is a loop device by\nusing ioctl LOOP_SET_BLOCK_SIZE.\n\nWhile this may cause other issues like IO being rejected, in the case of\nhfsplus, it will allocate a block by using that size and potentially write\nout-of-bounds when hfsplus_read_wrapper calls hfsplus_submit_bio and the\nlatter function reads a different io_size.\n\nUsing a new min_io_size initally set to sb_min_blocksize works for the\npurposes of the original fix, since it will be set to the max between\nHFSPLUS_SECTOR_SIZE and the first seen logical block size. We still use the\nmax between HFSPLUS_SECTOR_SIZE and min_io_size in case the latter is not\ninitialized.\n\nTested by mounting an hfsplus filesystem with loop block sizes 512, 1024\nand 4096.\n\nThe produced KASAN report before the fix looks like this:\n\n[ 419.944641] ==================================================================\n[ 419.945655] BUG: KASAN: slab-use-after-free in hfsplus_read_wrapper+0x659/0xa0a\n[ 419.946703] Read of size 2 at addr ffff88800721fc00 by task repro/10678\n[ 419.947612]\n[ 419.947846] CPU: 0 UID: 0 PID: 10678 Comm: repro Not tainted 6.12.0-rc5-00008-gdf56e0f2f3ca #84\n[ 419.949007] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014\n[ 419.950035] Call Trace:\n[ 419.950384] \u003cTASK\u003e\n[ 419.950676] dump_stack_lvl+0x57/0x78\n[ 419.951212] ? hfsplus_read_wrapper+0x659/0xa0a\n[ 419.951830] print_report+0x14c/0x49e\n[ 419.952361] ? __virt_addr_valid+0x267/0x278\n[ 419.952979] ? kmem_cache_debug_flags+0xc/0x1d\n[ 419.953561] ? hfsplus_read_wrapper+0x659/0xa0a\n[ 419.954231] kasan_report+0x89/0xb0\n[ 419.954748] ? hfsplus_read_wrapper+0x659/0xa0a\n[ 419.955367] hfsplus_read_wrapper+0x659/0xa0a\n[ 419.955948] ? __pfx_hfsplus_read_wrapper+0x10/0x10\n[ 419.956618] ? do_raw_spin_unlock+0x59/0x1a9\n[ 419.957214] ? _raw_spin_unlock+0x1a/0x2e\n[ 419.957772] hfsplus_fill_super+0x348/0x1590\n[ 419.958355] ? hlock_class+0x4c/0x109\n[ 419.958867] ? __pfx_hfsplus_fill_super+0x10/0x10\n[ 419.959499] ? __pfx_string+0x10/0x10\n[ 419.960006] ? lock_acquire+0x3e2/0x454\n[ 419.960532] ? bdev_name.constprop.0+0xce/0x243\n[ 419.961129] ? __pfx_bdev_name.constprop.0+0x10/0x10\n[ 419.961799] ? pointer+0x3f0/0x62f\n[ 419.962277] ? __pfx_pointer+0x10/0x10\n[ 419.962761] ? vsnprintf+0x6c4/0xfba\n[ 419.963178] ? __pfx_vsnprintf+0x10/0x10\n[ 419.963621] ? setup_bdev_super+0x376/0x3b3\n[ 419.964029] ? snprintf+0x9d/0xd2\n[ 419.964344] ? __pfx_snprintf+0x10/0x10\n[ 419.964675] ? lock_acquired+0x45c/0x5e9\n[ 419.965016] ? set_blocksize+0x139/0x1c1\n[ 419.965381] ? sb_set_blocksize+0x6d/0xae\n[ 419.965742] ? __pfx_hfsplus_fill_super+0x10/0x10\n[ 419.966179] mount_bdev+0x12f/0x1bf\n[ 419.966512] ? __pfx_mount_bdev+0x10/0x10\n[ 419.966886] ? vfs_parse_fs_string+0xce/0x111\n[ 419.967293] ? __pfx_vfs_parse_fs_string+0x10/0x10\n[ 419.967702] ? __pfx_hfsplus_mount+0x10/0x10\n[ 419.968073] legacy_get_tree+0x104/0x178\n[ 419.968414] vfs_get_tree+0x86/0x296\n[ 419.968751] path_mount+0xba3/0xd0b\n[ 419.969157] ? __pfx_path_mount+0x10/0x10\n[ 419.969594] ? kmem_cache_free+0x1e2/0x260\n[ 419.970311] do_mount+0x99/0xe0\n[ 419.970630] ? __pfx_do_mount+0x10/0x10\n[ 419.971008] __do_sys_mount+0x199/0x1c9\n[ 419.971397] do_syscall_64+0xd0/0x135\n[ 419.971761] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n[ 419.972233] RIP: 0033:0x7c3cb812972e\n[ 419.972564] Code: 48 8b 0d f5 46 0d 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 49 89 ca b8 a5 00 00 00 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 0d c2 46 0d 00 f7 d8 64 89 01 48\n[ 419.974371] RSP: 002b:00007ffe30632548 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5\n[ 419.975048] RAX: ffffffffffffffda RBX: 00007ffe306328d8 RCX: 00007c3cb812972e\n[ 419.975701] RDX: 0000000020000000 RSI: 0000000020000c80 RDI:\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56548",
"url": "https://www.suse.com/security/cve/CVE-2024-56548"
},
{
"category": "external",
"summary": "SUSE Bug 1234853 for CVE-2024-56548",
"url": "https://bugzilla.suse.com/1234853"
},
{
"category": "external",
"summary": "SUSE Bug 1235073 for CVE-2024-56548",
"url": "https://bugzilla.suse.com/1235073"
},
{
"category": "external",
"summary": "SUSE Bug 1235074 for CVE-2024-56548",
"url": "https://bugzilla.suse.com/1235074"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2024-56548"
},
{
"cve": "CVE-2024-56579",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56579"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: amphion: Set video drvdata before register video device\n\nThe video drvdata should be set before the video device is registered,\notherwise video_drvdata() may return NULL in the open() file ops, and led\nto oops.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56579",
"url": "https://www.suse.com/security/cve/CVE-2024-56579"
},
{
"category": "external",
"summary": "SUSE Bug 1236575 for CVE-2024-56579",
"url": "https://bugzilla.suse.com/1236575"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-56579"
},
{
"cve": "CVE-2024-56592",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56592"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Call free_htab_elem() after htab_unlock_bucket()\n\nFor htab of maps, when the map is removed from the htab, it may hold the\nlast reference of the map. bpf_map_fd_put_ptr() will invoke\nbpf_map_free_id() to free the id of the removed map element. However,\nbpf_map_fd_put_ptr() is invoked while holding a bucket lock\n(raw_spin_lock_t), and bpf_map_free_id() attempts to acquire map_idr_lock\n(spinlock_t), triggering the following lockdep warning:\n\n =============================\n [ BUG: Invalid wait context ]\n 6.11.0-rc4+ #49 Not tainted\n -----------------------------\n test_maps/4881 is trying to lock:\n ffffffff84884578 (map_idr_lock){+...}-{3:3}, at: bpf_map_free_id.part.0+0x21/0x70\n other info that might help us debug this:\n context-{5:5}\n 2 locks held by test_maps/4881:\n #0: ffffffff846caf60 (rcu_read_lock){....}-{1:3}, at: bpf_fd_htab_map_update_elem+0xf9/0x270\n #1: ffff888149ced148 (\u0026htab-\u003elockdep_key#2){....}-{2:2}, at: htab_map_update_elem+0x178/0xa80\n stack backtrace:\n CPU: 0 UID: 0 PID: 4881 Comm: test_maps Not tainted 6.11.0-rc4+ #49\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), ...\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x6e/0xb0\n dump_stack+0x10/0x20\n __lock_acquire+0x73e/0x36c0\n lock_acquire+0x182/0x450\n _raw_spin_lock_irqsave+0x43/0x70\n bpf_map_free_id.part.0+0x21/0x70\n bpf_map_put+0xcf/0x110\n bpf_map_fd_put_ptr+0x9a/0xb0\n free_htab_elem+0x69/0xe0\n htab_map_update_elem+0x50f/0xa80\n bpf_fd_htab_map_update_elem+0x131/0x270\n htab_map_update_elem+0x50f/0xa80\n bpf_fd_htab_map_update_elem+0x131/0x270\n bpf_map_update_value+0x266/0x380\n __sys_bpf+0x21bb/0x36b0\n __x64_sys_bpf+0x45/0x60\n x64_sys_call+0x1b2a/0x20d0\n do_syscall_64+0x5d/0x100\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nOne way to fix the lockdep warning is using raw_spinlock_t for\nmap_idr_lock as well. However, bpf_map_alloc_id() invokes\nidr_alloc_cyclic() after acquiring map_idr_lock, it will trigger a\nsimilar lockdep warning because the slab\u0027s lock (s-\u003ecpu_slab-\u003elock) is\nstill a spinlock.\n\nInstead of changing map_idr_lock\u0027s type, fix the issue by invoking\nhtab_put_fd_value() after htab_unlock_bucket(). However, only deferring\nthe invocation of htab_put_fd_value() is not enough, because the old map\npointers in htab of maps can not be saved during batched deletion.\nTherefore, also defer the invocation of free_htab_elem(), so these\nto-be-freed elements could be linked together similar to lru map.\n\nThere are four callers for -\u003emap_fd_put_ptr:\n\n(1) alloc_htab_elem() (through htab_put_fd_value())\nIt invokes -\u003emap_fd_put_ptr() under a raw_spinlock_t. The invocation of\nhtab_put_fd_value() can not simply move after htab_unlock_bucket(),\nbecause the old element has already been stashed in htab-\u003eextra_elems.\nIt may be reused immediately after htab_unlock_bucket() and the\ninvocation of htab_put_fd_value() after htab_unlock_bucket() may release\nthe newly-added element incorrectly. Therefore, saving the map pointer\nof the old element for htab of maps before unlocking the bucket and\nreleasing the map_ptr after unlock. Beside the map pointer in the old\nelement, should do the same thing for the special fields in the old\nelement as well.\n\n(2) free_htab_elem() (through htab_put_fd_value())\nIts caller includes __htab_map_lookup_and_delete_elem(),\nhtab_map_delete_elem() and __htab_map_lookup_and_delete_batch().\n\nFor htab_map_delete_elem(), simply invoke free_htab_elem() after\nhtab_unlock_bucket(). For __htab_map_lookup_and_delete_batch(), just\nlike lru map, linking the to-be-freed element into node_to_free list\nand invoking free_htab_elem() for these element after unlock. It is safe\nto reuse batch_flink as the link for node_to_free, because these\nelements have been removed from the hash llist.\n\nBecause htab of maps doesn\u0027t support lookup_and_delete operation,\n__htab_map_lookup_and_delete_elem() doesn\u0027t have the problem, so kept\nit as\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56592",
"url": "https://www.suse.com/security/cve/CVE-2024-56592"
},
{
"category": "external",
"summary": "SUSE Bug 1235244 for CVE-2024-56592",
"url": "https://bugzilla.suse.com/1235244"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-56592"
},
{
"cve": "CVE-2024-56605",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56605"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create()\n\nbt_sock_alloc() allocates the sk object and attaches it to the provided\nsock object. On error l2cap_sock_alloc() frees the sk object, but the\ndangling pointer is still attached to the sock object, which may create\nuse-after-free in other code.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56605",
"url": "https://www.suse.com/security/cve/CVE-2024-56605"
},
{
"category": "external",
"summary": "SUSE Bug 1234853 for CVE-2024-56605",
"url": "https://bugzilla.suse.com/1234853"
},
{
"category": "external",
"summary": "SUSE Bug 1235061 for CVE-2024-56605",
"url": "https://bugzilla.suse.com/1235061"
},
{
"category": "external",
"summary": "SUSE Bug 1235062 for CVE-2024-56605",
"url": "https://bugzilla.suse.com/1235062"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2024-56605"
},
{
"cve": "CVE-2024-56633",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56633"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp_bpf: Fix the sk_mem_uncharge logic in tcp_bpf_sendmsg\n\nThe current sk memory accounting logic in __SK_REDIRECT is pre-uncharging\ntosend bytes, which is either msg-\u003esg.size or a smaller value apply_bytes.\n\nPotential problems with this strategy are as follows:\n\n- If the actual sent bytes are smaller than tosend, we need to charge some\n bytes back, as in line 487, which is okay but seems not clean.\n\n- When tosend is set to apply_bytes, as in line 417, and (ret \u003c 0), we may\n miss uncharging (msg-\u003esg.size - apply_bytes) bytes.\n\n[...]\n415 tosend = msg-\u003esg.size;\n416 if (psock-\u003eapply_bytes \u0026\u0026 psock-\u003eapply_bytes \u003c tosend)\n417 tosend = psock-\u003eapply_bytes;\n[...]\n443 sk_msg_return(sk, msg, tosend);\n444 release_sock(sk);\n446 origsize = msg-\u003esg.size;\n447 ret = tcp_bpf_sendmsg_redir(sk_redir, redir_ingress,\n448 msg, tosend, flags);\n449 sent = origsize - msg-\u003esg.size;\n[...]\n454 lock_sock(sk);\n455 if (unlikely(ret \u003c 0)) {\n456 int free = sk_msg_free_nocharge(sk, msg);\n458 if (!cork)\n459 *copied -= free;\n460 }\n[...]\n487 if (eval == __SK_REDIRECT)\n488 sk_mem_charge(sk, tosend - sent);\n[...]\n\nWhen running the selftest test_txmsg_redir_wait_sndmem with txmsg_apply,\nthe following warning will be reported:\n\n------------[ cut here ]------------\nWARNING: CPU: 6 PID: 57 at net/ipv4/af_inet.c:156 inet_sock_destruct+0x190/0x1a0\nModules linked in:\nCPU: 6 UID: 0 PID: 57 Comm: kworker/6:0 Not tainted 6.12.0-rc1.bm.1-amd64+ #43\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014\nWorkqueue: events sk_psock_destroy\nRIP: 0010:inet_sock_destruct+0x190/0x1a0\nRSP: 0018:ffffad0a8021fe08 EFLAGS: 00010206\nRAX: 0000000000000011 RBX: ffff9aab4475b900 RCX: ffff9aab481a0800\nRDX: 0000000000000303 RSI: 0000000000000011 RDI: ffff9aab4475b900\nRBP: ffff9aab4475b990 R08: 0000000000000000 R09: ffff9aab40050ec0\nR10: 0000000000000000 R11: ffff9aae6fdb1d01 R12: ffff9aab49c60400\nR13: ffff9aab49c60598 R14: ffff9aab49c60598 R15: dead000000000100\nFS: 0000000000000000(0000) GS:ffff9aae6fd80000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007ffec7e47bd8 CR3: 00000001a1a1c004 CR4: 0000000000770ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n\u003cTASK\u003e\n? __warn+0x89/0x130\n? inet_sock_destruct+0x190/0x1a0\n? report_bug+0xfc/0x1e0\n? handle_bug+0x5c/0xa0\n? exc_invalid_op+0x17/0x70\n? asm_exc_invalid_op+0x1a/0x20\n? inet_sock_destruct+0x190/0x1a0\n__sk_destruct+0x25/0x220\nsk_psock_destroy+0x2b2/0x310\nprocess_scheduled_works+0xa3/0x3e0\nworker_thread+0x117/0x240\n? __pfx_worker_thread+0x10/0x10\nkthread+0xcf/0x100\n? __pfx_kthread+0x10/0x10\nret_from_fork+0x31/0x40\n? __pfx_kthread+0x10/0x10\nret_from_fork_asm+0x1a/0x30\n\u003c/TASK\u003e\n---[ end trace 0000000000000000 ]---\n\nIn __SK_REDIRECT, a more concise way is delaying the uncharging after sent\nbytes are finalized, and uncharge this value. When (ret \u003c 0), we shall\ninvoke sk_msg_free.\n\nSame thing happens in case __SK_DROP, when tosend is set to apply_bytes,\nwe may miss uncharging (msg-\u003esg.size - apply_bytes) bytes. The same\nwarning will be reported in selftest.\n\n[...]\n468 case __SK_DROP:\n469 default:\n470 sk_msg_free_partial(sk, msg, tosend);\n471 sk_msg_apply_bytes(psock, tosend);\n472 *copied -= (tosend + delta);\n473 return -EACCES;\n[...]\n\nSo instead of sk_msg_free_partial we can do sk_msg_free here.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56633",
"url": "https://www.suse.com/security/cve/CVE-2024-56633"
},
{
"category": "external",
"summary": "SUSE Bug 1235485 for CVE-2024-56633",
"url": "https://bugzilla.suse.com/1235485"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-56633"
},
{
"cve": "CVE-2024-56638",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56638"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_inner: incorrect percpu area handling under softirq\n\nSoftirq can interrupt ongoing packet from process context that is\nwalking over the percpu area that contains inner header offsets.\n\nDisable bh and perform three checks before restoring the percpu inner\nheader offsets to validate that the percpu area is valid for this\nskbuff:\n\n1) If the NFT_PKTINFO_INNER_FULL flag is set on, then this skbuff\n has already been parsed before for inner header fetching to\n register.\n\n2) Validate that the percpu area refers to this skbuff using the\n skbuff pointer as a cookie. If there is a cookie mismatch, then\n this skbuff needs to be parsed again.\n\n3) Finally, validate if the percpu area refers to this tunnel type.\n\nOnly after these three checks the percpu area is restored to a on-stack\ncopy and bh is enabled again.\n\nAfter inner header fetching, the on-stack copy is stored back to the\npercpu area.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56638",
"url": "https://www.suse.com/security/cve/CVE-2024-56638"
},
{
"category": "external",
"summary": "SUSE Bug 1235524 for CVE-2024-56638",
"url": "https://bugzilla.suse.com/1235524"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-56638"
},
{
"cve": "CVE-2024-56640",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56640"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: fix LGR and link use-after-free issue\n\nWe encountered a LGR/link use-after-free issue, which manifested as\nthe LGR/link refcnt reaching 0 early and entering the clear process,\nmaking resource access unsafe.\n\n refcount_t: addition on 0; use-after-free.\n WARNING: CPU: 14 PID: 107447 at lib/refcount.c:25 refcount_warn_saturate+0x9c/0x140\n Workqueue: events smc_lgr_terminate_work [smc]\n Call trace:\n refcount_warn_saturate+0x9c/0x140\n __smc_lgr_terminate.part.45+0x2a8/0x370 [smc]\n smc_lgr_terminate_work+0x28/0x30 [smc]\n process_one_work+0x1b8/0x420\n worker_thread+0x158/0x510\n kthread+0x114/0x118\n\nor\n\n refcount_t: underflow; use-after-free.\n WARNING: CPU: 6 PID: 93140 at lib/refcount.c:28 refcount_warn_saturate+0xf0/0x140\n Workqueue: smc_hs_wq smc_listen_work [smc]\n Call trace:\n refcount_warn_saturate+0xf0/0x140\n smcr_link_put+0x1cc/0x1d8 [smc]\n smc_conn_free+0x110/0x1b0 [smc]\n smc_conn_abort+0x50/0x60 [smc]\n smc_listen_find_device+0x75c/0x790 [smc]\n smc_listen_work+0x368/0x8a0 [smc]\n process_one_work+0x1b8/0x420\n worker_thread+0x158/0x510\n kthread+0x114/0x118\n\nIt is caused by repeated release of LGR/link refcnt. One suspect is that\nsmc_conn_free() is called repeatedly because some smc_conn_free() from\nserver listening path are not protected by sock lock.\n\ne.g.\n\nCalls under socklock | smc_listen_work\n-------------------------------------------------------\nlock_sock(sk) | smc_conn_abort\nsmc_conn_free | \\- smc_conn_free\n\\- smcr_link_put | \\- smcr_link_put (duplicated)\nrelease_sock(sk)\n\nSo here add sock lock protection in smc_listen_work() path, making it\nexclusive with other connection operations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56640",
"url": "https://www.suse.com/security/cve/CVE-2024-56640"
},
{
"category": "external",
"summary": "SUSE Bug 1235436 for CVE-2024-56640",
"url": "https://bugzilla.suse.com/1235436"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-56640"
},
{
"cve": "CVE-2024-56647",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56647"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: Fix icmp host relookup triggering ip_rt_bug\n\narp link failure may trigger ip_rt_bug while xfrm enabled, call trace is:\n\nWARNING: CPU: 0 PID: 0 at net/ipv4/route.c:1241 ip_rt_bug+0x14/0x20\nModules linked in:\nCPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.12.0-rc6-00077-g2e1b3cc9d7f7\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996),\nBIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\nRIP: 0010:ip_rt_bug+0x14/0x20\nCall Trace:\n \u003cIRQ\u003e\n ip_send_skb+0x14/0x40\n __icmp_send+0x42d/0x6a0\n ipv4_link_failure+0xe2/0x1d0\n arp_error_report+0x3c/0x50\n neigh_invalidate+0x8d/0x100\n neigh_timer_handler+0x2e1/0x330\n call_timer_fn+0x21/0x120\n __run_timer_base.part.0+0x1c9/0x270\n run_timer_softirq+0x4c/0x80\n handle_softirqs+0xac/0x280\n irq_exit_rcu+0x62/0x80\n sysvec_apic_timer_interrupt+0x77/0x90\n\nThe script below reproduces this scenario:\nip xfrm policy add src 0.0.0.0/0 dst 0.0.0.0/0 \\\n\tdir out priority 0 ptype main flag localok icmp\nip l a veth1 type veth\nip a a 192.168.141.111/24 dev veth0\nip l s veth0 up\nping 192.168.141.155 -c 1\n\nicmp_route_lookup() create input routes for locally generated packets\nwhile xfrm relookup ICMP traffic.Then it will set input route\n(dst-\u003eout = ip_rt_bug) to skb for DESTUNREACH.\n\nFor ICMP err triggered by locally generated packets, dst-\u003edev of output\nroute is loopback. Generally, xfrm relookup verification is not required\non loopback interfaces (net.ipv4.conf.lo.disable_xfrm = 1).\n\nSkip icmp relookup for locally generated packets to fix it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56647",
"url": "https://www.suse.com/security/cve/CVE-2024-56647"
},
{
"category": "external",
"summary": "SUSE Bug 1235435 for CVE-2024-56647",
"url": "https://bugzilla.suse.com/1235435"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-56647"
},
{
"cve": "CVE-2024-56658",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56658"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: defer final \u0027struct net\u0027 free in netns dismantle\n\nIlya reported a slab-use-after-free in dst_destroy [1]\n\nIssue is in xfrm6_net_init() and xfrm4_net_init() :\n\nThey copy xfrm[46]_dst_ops_template into net-\u003exfrm.xfrm[46]_dst_ops.\n\nBut net structure might be freed before all the dst callbacks are\ncalled. So when dst_destroy() calls later :\n\nif (dst-\u003eops-\u003edestroy)\n dst-\u003eops-\u003edestroy(dst);\n\ndst-\u003eops points to the old net-\u003exfrm.xfrm[46]_dst_ops, which has been freed.\n\nSee a relevant issue fixed in :\n\nac888d58869b (\"net: do not delay dst_entries_add() in dst_release()\")\n\nA fix is to queue the \u0027struct net\u0027 to be freed after one\nanother cleanup_net() round (and existing rcu_barrier())\n\n[1]\n\nBUG: KASAN: slab-use-after-free in dst_destroy (net/core/dst.c:112)\nRead of size 8 at addr ffff8882137ccab0 by task swapper/37/0\nDec 03 05:46:18 kernel:\nCPU: 37 UID: 0 PID: 0 Comm: swapper/37 Kdump: loaded Not tainted 6.12.0 #67\nHardware name: Red Hat KVM/RHEL, BIOS 1.16.1-1.el9 04/01/2014\nCall Trace:\n \u003cIRQ\u003e\ndump_stack_lvl (lib/dump_stack.c:124)\nprint_address_description.constprop.0 (mm/kasan/report.c:378)\n? dst_destroy (net/core/dst.c:112)\nprint_report (mm/kasan/report.c:489)\n? dst_destroy (net/core/dst.c:112)\n? kasan_addr_to_slab (mm/kasan/common.c:37)\nkasan_report (mm/kasan/report.c:603)\n? dst_destroy (net/core/dst.c:112)\n? rcu_do_batch (kernel/rcu/tree.c:2567)\ndst_destroy (net/core/dst.c:112)\nrcu_do_batch (kernel/rcu/tree.c:2567)\n? __pfx_rcu_do_batch (kernel/rcu/tree.c:2491)\n? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4339 kernel/locking/lockdep.c:4406)\nrcu_core (kernel/rcu/tree.c:2825)\nhandle_softirqs (kernel/softirq.c:554)\n__irq_exit_rcu (kernel/softirq.c:589 kernel/softirq.c:428 kernel/softirq.c:637)\nirq_exit_rcu (kernel/softirq.c:651)\nsysvec_apic_timer_interrupt (arch/x86/kernel/apic/apic.c:1049 arch/x86/kernel/apic/apic.c:1049)\n \u003c/IRQ\u003e\n \u003cTASK\u003e\nasm_sysvec_apic_timer_interrupt (./arch/x86/include/asm/idtentry.h:702)\nRIP: 0010:default_idle (./arch/x86/include/asm/irqflags.h:37 ./arch/x86/include/asm/irqflags.h:92 arch/x86/kernel/process.c:743)\nCode: 00 4d 29 c8 4c 01 c7 4c 29 c2 e9 6e ff ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 90 0f 00 2d c7 c9 27 00 fb f4 \u003cfa\u003e c3 cc cc cc cc 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 90\nRSP: 0018:ffff888100d2fe00 EFLAGS: 00000246\nRAX: 00000000001870ed RBX: 1ffff110201a5fc2 RCX: ffffffffb61a3e46\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffffb3d4d123\nRBP: 0000000000000000 R08: 0000000000000001 R09: ffffed11c7e1835d\nR10: ffff888e3f0c1aeb R11: 0000000000000000 R12: 0000000000000000\nR13: ffff888100d20000 R14: dffffc0000000000 R15: 0000000000000000\n? ct_kernel_exit.constprop.0 (kernel/context_tracking.c:148)\n? cpuidle_idle_call (kernel/sched/idle.c:186)\ndefault_idle_call (./include/linux/cpuidle.h:143 kernel/sched/idle.c:118)\ncpuidle_idle_call (kernel/sched/idle.c:186)\n? __pfx_cpuidle_idle_call (kernel/sched/idle.c:168)\n? lock_release (kernel/locking/lockdep.c:467 kernel/locking/lockdep.c:5848)\n? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4347 kernel/locking/lockdep.c:4406)\n? tsc_verify_tsc_adjust (arch/x86/kernel/tsc_sync.c:59)\ndo_idle (kernel/sched/idle.c:326)\ncpu_startup_entry (kernel/sched/idle.c:423 (discriminator 1))\nstart_secondary (arch/x86/kernel/smpboot.c:202 arch/x86/kernel/smpboot.c:282)\n? __pfx_start_secondary (arch/x86/kernel/smpboot.c:232)\n? soft_restart_cpu (arch/x86/kernel/head_64.S:452)\ncommon_startup_64 (arch/x86/kernel/head_64.S:414)\n \u003c/TASK\u003e\nDec 03 05:46:18 kernel:\nAllocated by task 12184:\nkasan_save_stack (mm/kasan/common.c:48)\nkasan_save_track (./arch/x86/include/asm/current.h:49 mm/kasan/common.c:60 mm/kasan/common.c:69)\n__kasan_slab_alloc (mm/kasan/common.c:319 mm/kasan/common.c:345)\nkmem_cache_alloc_noprof (mm/slub.c:4085 mm/slub.c:4134 mm/slub.c:4141)\ncopy_net_ns (net/core/net_namespace.c:421 net/core/net_namespace.c:480)\ncreate_new_namespaces\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56658",
"url": "https://www.suse.com/security/cve/CVE-2024-56658"
},
{
"category": "external",
"summary": "SUSE Bug 1235441 for CVE-2024-56658",
"url": "https://bugzilla.suse.com/1235441"
},
{
"category": "external",
"summary": "SUSE Bug 1235442 for CVE-2024-56658",
"url": "https://bugzilla.suse.com/1235442"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2024-56658"
},
{
"cve": "CVE-2024-56702",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56702"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Mark raw_tp arguments with PTR_MAYBE_NULL\n\nArguments to a raw tracepoint are tagged as trusted, which carries the\nsemantics that the pointer will be non-NULL. However, in certain cases,\na raw tracepoint argument may end up being NULL. More context about this\nissue is available in [0].\n\nThus, there is a discrepancy between the reality, that raw_tp arguments\ncan actually be NULL, and the verifier\u0027s knowledge, that they are never\nNULL, causing explicit NULL checks to be deleted, and accesses to such\npointers potentially crashing the kernel.\n\nTo fix this, mark raw_tp arguments as PTR_MAYBE_NULL, and then special\ncase the dereference and pointer arithmetic to permit it, and allow\npassing them into helpers/kfuncs; these exceptions are made for raw_tp\nprograms only. Ensure that we don\u0027t do this when ref_obj_id \u003e 0, as in\nthat case this is an acquired object and doesn\u0027t need such adjustment.\n\nThe reason we do mask_raw_tp_trusted_reg logic is because other will\nrecheck in places whether the register is a trusted_reg, and then\nconsider our register as untrusted when detecting the presence of the\nPTR_MAYBE_NULL flag.\n\nTo allow safe dereference, we enable PROBE_MEM marking when we see loads\ninto trusted pointers with PTR_MAYBE_NULL.\n\nWhile trusted raw_tp arguments can also be passed into helpers or kfuncs\nwhere such broken assumption may cause issues, a future patch set will\ntackle their case separately, as PTR_TO_BTF_ID (without PTR_TRUSTED) can\nalready be passed into helpers and causes similar problems. Thus, they\nare left alone for now.\n\nIt is possible that these checks also permit passing non-raw_tp args\nthat are trusted PTR_TO_BTF_ID with null marking. In such a case,\nallowing dereference when pointer is NULL expands allowed behavior, so\nwon\u0027t regress existing programs, and the case of passing these into\nhelpers is the same as above and will be dealt with later.\n\nAlso update the failure case in tp_btf_nullable selftest to capture the\nnew behavior, as the verifier will no longer cause an error when\ndirectly dereference a raw tracepoint argument marked as __nullable.\n\n [0]: https://lore.kernel.org/bpf/ZrCZS6nisraEqehw@jlelli-thinkpadt14gen4.remote.csb",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56702",
"url": "https://www.suse.com/security/cve/CVE-2024-56702"
},
{
"category": "external",
"summary": "SUSE Bug 1235501 for CVE-2024-56702",
"url": "https://bugzilla.suse.com/1235501"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-56702"
},
{
"cve": "CVE-2024-56703",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56703"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: Fix soft lockups in fib6_select_path under high next hop churn\n\nSoft lockups have been observed on a cluster of Linux-based edge routers\nlocated in a highly dynamic environment. Using the `bird` service, these\nrouters continuously update BGP-advertised routes due to frequently\nchanging nexthop destinations, while also managing significant IPv6\ntraffic. The lockups occur during the traversal of the multipath\ncircular linked-list in the `fib6_select_path` function, particularly\nwhile iterating through the siblings in the list. The issue typically\narises when the nodes of the linked list are unexpectedly deleted\nconcurrently on a different core-indicated by their \u0027next\u0027 and\n\u0027previous\u0027 elements pointing back to the node itself and their reference\ncount dropping to zero. This results in an infinite loop, leading to a\nsoft lockup that triggers a system panic via the watchdog timer.\n\nApply RCU primitives in the problematic code sections to resolve the\nissue. Where necessary, update the references to fib6_siblings to\nannotate or use the RCU APIs.\n\nInclude a test script that reproduces the issue. The script\nperiodically updates the routing table while generating a heavy load\nof outgoing IPv6 traffic through multiple iperf3 clients. It\nconsistently induces infinite soft lockups within a couple of minutes.\n\nKernel log:\n\n 0 [ffffbd13003e8d30] machine_kexec at ffffffff8ceaf3eb\n 1 [ffffbd13003e8d90] __crash_kexec at ffffffff8d0120e3\n 2 [ffffbd13003e8e58] panic at ffffffff8cef65d4\n 3 [ffffbd13003e8ed8] watchdog_timer_fn at ffffffff8d05cb03\n 4 [ffffbd13003e8f08] __hrtimer_run_queues at ffffffff8cfec62f\n 5 [ffffbd13003e8f70] hrtimer_interrupt at ffffffff8cfed756\n 6 [ffffbd13003e8fd0] __sysvec_apic_timer_interrupt at ffffffff8cea01af\n 7 [ffffbd13003e8ff0] sysvec_apic_timer_interrupt at ffffffff8df1b83d\n-- \u003cIRQ stack\u003e --\n 8 [ffffbd13003d3708] asm_sysvec_apic_timer_interrupt at ffffffff8e000ecb\n [exception RIP: fib6_select_path+299]\n RIP: ffffffff8ddafe7b RSP: ffffbd13003d37b8 RFLAGS: 00000287\n RAX: ffff975850b43600 RBX: ffff975850b40200 RCX: 0000000000000000\n RDX: 000000003fffffff RSI: 0000000051d383e4 RDI: ffff975850b43618\n RBP: ffffbd13003d3800 R8: 0000000000000000 R9: ffff975850b40200\n R10: 0000000000000000 R11: 0000000000000000 R12: ffffbd13003d3830\n R13: ffff975850b436a8 R14: ffff975850b43600 R15: 0000000000000007\n ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018\n 9 [ffffbd13003d3808] ip6_pol_route at ffffffff8ddb030c\n10 [ffffbd13003d3888] ip6_pol_route_input at ffffffff8ddb068c\n11 [ffffbd13003d3898] fib6_rule_lookup at ffffffff8ddf02b5\n12 [ffffbd13003d3928] ip6_route_input at ffffffff8ddb0f47\n13 [ffffbd13003d3a18] ip6_rcv_finish_core.constprop.0 at ffffffff8dd950d0\n14 [ffffbd13003d3a30] ip6_list_rcv_finish.constprop.0 at ffffffff8dd96274\n15 [ffffbd13003d3a98] ip6_sublist_rcv at ffffffff8dd96474\n16 [ffffbd13003d3af8] ipv6_list_rcv at ffffffff8dd96615\n17 [ffffbd13003d3b60] __netif_receive_skb_list_core at ffffffff8dc16fec\n18 [ffffbd13003d3be0] netif_receive_skb_list_internal at ffffffff8dc176b3\n19 [ffffbd13003d3c50] napi_gro_receive at ffffffff8dc565b9\n20 [ffffbd13003d3c80] ice_receive_skb at ffffffffc087e4f5 [ice]\n21 [ffffbd13003d3c90] ice_clean_rx_irq at ffffffffc0881b80 [ice]\n22 [ffffbd13003d3d20] ice_napi_poll at ffffffffc088232f [ice]\n23 [ffffbd13003d3d80] __napi_poll at ffffffff8dc18000\n24 [ffffbd13003d3db8] net_rx_action at ffffffff8dc18581\n25 [ffffbd13003d3e40] __do_softirq at ffffffff8df352e9\n26 [ffffbd13003d3eb0] run_ksoftirqd at ffffffff8ceffe47\n27 [ffffbd13003d3ec0] smpboot_thread_fn at ffffffff8cf36a30\n28 [ffffbd13003d3ee8] kthread at ffffffff8cf2b39f\n29 [ffffbd13003d3f28] ret_from_fork at ffffffff8ce5fa64\n30 [ffffbd13003d3f50] ret_from_fork_asm at ffffffff8ce03cbb",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56703",
"url": "https://www.suse.com/security/cve/CVE-2024-56703"
},
{
"category": "external",
"summary": "SUSE Bug 1235455 for CVE-2024-56703",
"url": "https://bugzilla.suse.com/1235455"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-56703"
},
{
"cve": "CVE-2024-56718",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56718"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: protect link down work from execute after lgr freed\n\nlink down work may be scheduled before lgr freed but execute\nafter lgr freed, which may result in crash. So it is need to\nhold a reference before shedule link down work, and put the\nreference after work executed or canceled.\n\nThe relevant crash call stack as follows:\n list_del corruption. prev-\u003enext should be ffffb638c9c0fe20,\n but was 0000000000000000\n ------------[ cut here ]------------\n kernel BUG at lib/list_debug.c:51!\n invalid opcode: 0000 [#1] SMP NOPTI\n CPU: 6 PID: 978112 Comm: kworker/6:119 Kdump: loaded Tainted: G #1\n Hardware name: Alibaba Cloud Alibaba Cloud ECS, BIOS 2221b89 04/01/2014\n Workqueue: events smc_link_down_work [smc]\n RIP: 0010:__list_del_entry_valid.cold+0x31/0x47\n RSP: 0018:ffffb638c9c0fdd8 EFLAGS: 00010086\n RAX: 0000000000000054 RBX: ffff942fb75e5128 RCX: 0000000000000000\n RDX: ffff943520930aa0 RSI: ffff94352091fc80 RDI: ffff94352091fc80\n RBP: 0000000000000000 R08: 0000000000000000 R09: ffffb638c9c0fc38\n R10: ffffb638c9c0fc30 R11: ffffffffa015eb28 R12: 0000000000000002\n R13: ffffb638c9c0fe20 R14: 0000000000000001 R15: ffff942f9cd051c0\n FS: 0000000000000000(0000) GS:ffff943520900000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f4f25214000 CR3: 000000025fbae004 CR4: 00000000007706e0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n PKRU: 55555554\n Call Trace:\n rwsem_down_write_slowpath+0x17e/0x470\n smc_link_down_work+0x3c/0x60 [smc]\n process_one_work+0x1ac/0x350\n worker_thread+0x49/0x2f0\n ? rescuer_thread+0x360/0x360\n kthread+0x118/0x140\n ? __kthread_bind_mask+0x60/0x60\n ret_from_fork+0x1f/0x30",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56718",
"url": "https://www.suse.com/security/cve/CVE-2024-56718"
},
{
"category": "external",
"summary": "SUSE Bug 1235589 for CVE-2024-56718",
"url": "https://bugzilla.suse.com/1235589"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-56718"
},
{
"cve": "CVE-2024-56719",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56719"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: stmmac: fix TSO DMA API usage causing oops\n\nCommit 66600fac7a98 (\"net: stmmac: TSO: Fix unbalanced DMA map/unmap\nfor non-paged SKB data\") moved the assignment of tx_skbuff_dma[]\u0027s\nmembers to be later in stmmac_tso_xmit().\n\nThe buf (dma cookie) and len stored in this structure are passed to\ndma_unmap_single() by stmmac_tx_clean(). The DMA API requires that\nthe dma cookie passed to dma_unmap_single() is the same as the value\nreturned from dma_map_single(). However, by moving the assignment\nlater, this is not the case when priv-\u003edma_cap.addr64 \u003e 32 as \"des\"\nis offset by proto_hdr_len.\n\nThis causes problems such as:\n\n dwc-eth-dwmac 2490000.ethernet eth0: Tx DMA map failed\n\nand with DMA_API_DEBUG enabled:\n\n DMA-API: dwc-eth-dwmac 2490000.ethernet: device driver tries to +free DMA memory it has not allocated [device address=0x000000ffffcf65c0] [size=66 bytes]\n\nFix this by maintaining \"des\" as the original DMA cookie, and use\ntso_des to pass the offset DMA cookie to stmmac_tso_allocator().\n\nFull details of the crashes can be found at:\nhttps://lore.kernel.org/all/d8112193-0386-4e14-b516-37c2d838171a@nvidia.com/\nhttps://lore.kernel.org/all/klkzp5yn5kq5efgtrow6wbvnc46bcqfxs65nz3qy77ujr5turc@bwwhelz2l4dw/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56719",
"url": "https://www.suse.com/security/cve/CVE-2024-56719"
},
{
"category": "external",
"summary": "SUSE Bug 1235591 for CVE-2024-56719",
"url": "https://bugzilla.suse.com/1235591"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-56719"
},
{
"cve": "CVE-2024-56720",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56720"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, sockmap: Several fixes to bpf_msg_pop_data\n\nSeveral fixes to bpf_msg_pop_data,\n1. In sk_msg_shift_left, we should put_page\n2. if (len == 0), return early is better\n3. pop the entire sk_msg (last == msg-\u003esg.size) should be supported\n4. Fix for the value of variable \"a\"\n5. In sk_msg_shift_left, after shifting, i has already pointed to the next\nelement. Addtional sk_msg_iter_var_next may result in BUG.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56720",
"url": "https://www.suse.com/security/cve/CVE-2024-56720"
},
{
"category": "external",
"summary": "SUSE Bug 1235592 for CVE-2024-56720",
"url": "https://bugzilla.suse.com/1235592"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-56720"
},
{
"cve": "CVE-2024-56751",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56751"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: release nexthop on device removal\n\nThe CI is hitting some aperiodic hangup at device removal time in the\npmtu.sh self-test:\n\nunregister_netdevice: waiting for veth_A-R1 to become free. Usage count = 6\nref_tracker: veth_A-R1@ffff888013df15d8 has 1/5 users at\n\tdst_init+0x84/0x4a0\n\tdst_alloc+0x97/0x150\n\tip6_dst_alloc+0x23/0x90\n\tip6_rt_pcpu_alloc+0x1e6/0x520\n\tip6_pol_route+0x56f/0x840\n\tfib6_rule_lookup+0x334/0x630\n\tip6_route_output_flags+0x259/0x480\n\tip6_dst_lookup_tail.constprop.0+0x5c2/0x940\n\tip6_dst_lookup_flow+0x88/0x190\n\tudp_tunnel6_dst_lookup+0x2a7/0x4c0\n\tvxlan_xmit_one+0xbde/0x4a50 [vxlan]\n\tvxlan_xmit+0x9ad/0xf20 [vxlan]\n\tdev_hard_start_xmit+0x10e/0x360\n\t__dev_queue_xmit+0xf95/0x18c0\n\tarp_solicit+0x4a2/0xe00\n\tneigh_probe+0xaa/0xf0\n\nWhile the first suspect is the dst_cache, explicitly tracking the dst\nowing the last device reference via probes proved such dst is held by\nthe nexthop in the originating fib6_info.\n\nSimilar to commit f5b51fe804ec (\"ipv6: route: purge exception on\nremoval\"), we need to explicitly release the originating fib info when\ndisconnecting a to-be-removed device from a live ipv6 dst: move the\nfib6_info cleanup into ip6_dst_ifdown().\n\nTested running:\n\n./pmtu.sh cleanup_ipv6_exception\n\nin a tight loop for more than 400 iterations with no spat, running an\nunpatched kernel I observed a splat every ~10 iterations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56751",
"url": "https://www.suse.com/security/cve/CVE-2024-56751"
},
{
"category": "external",
"summary": "SUSE Bug 1234936 for CVE-2024-56751",
"url": "https://bugzilla.suse.com/1234936"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-56751"
},
{
"cve": "CVE-2024-56758",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56758"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: check folio mapping after unlock in relocate_one_folio()\n\nWhen we call btrfs_read_folio() to bring a folio uptodate, we unlock the\nfolio. The result of that is that a different thread can modify the\nmapping (like remove it with invalidate) before we call folio_lock().\nThis results in an invalid page and we need to try again.\n\nIn particular, if we are relocating concurrently with aborting a\ntransaction, this can result in a crash like the following:\n\n BUG: kernel NULL pointer dereference, address: 0000000000000000\n PGD 0 P4D 0\n Oops: 0000 [#1] SMP\n CPU: 76 PID: 1411631 Comm: kworker/u322:5\n Workqueue: events_unbound btrfs_reclaim_bgs_work\n RIP: 0010:set_page_extent_mapped+0x20/0xb0\n RSP: 0018:ffffc900516a7be8 EFLAGS: 00010246\n RAX: ffffea009e851d08 RBX: ffffea009e0b1880 RCX: 0000000000000000\n RDX: 0000000000000000 RSI: ffffc900516a7b90 RDI: ffffea009e0b1880\n RBP: 0000000003573000 R08: 0000000000000001 R09: ffff88c07fd2f3f0\n R10: 0000000000000000 R11: 0000194754b575be R12: 0000000003572000\n R13: 0000000003572fff R14: 0000000000100cca R15: 0000000005582fff\n FS: 0000000000000000(0000) GS:ffff88c07fd00000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000000000000000 CR3: 000000407d00f002 CR4: 00000000007706f0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n PKRU: 55555554\n Call Trace:\n \u003cTASK\u003e\n ? __die+0x78/0xc0\n ? page_fault_oops+0x2a8/0x3a0\n ? __switch_to+0x133/0x530\n ? wq_worker_running+0xa/0x40\n ? exc_page_fault+0x63/0x130\n ? asm_exc_page_fault+0x22/0x30\n ? set_page_extent_mapped+0x20/0xb0\n relocate_file_extent_cluster+0x1a7/0x940\n relocate_data_extent+0xaf/0x120\n relocate_block_group+0x20f/0x480\n btrfs_relocate_block_group+0x152/0x320\n btrfs_relocate_chunk+0x3d/0x120\n btrfs_reclaim_bgs_work+0x2ae/0x4e0\n process_scheduled_works+0x184/0x370\n worker_thread+0xc6/0x3e0\n ? blk_add_timer+0xb0/0xb0\n kthread+0xae/0xe0\n ? flush_tlb_kernel_range+0x90/0x90\n ret_from_fork+0x2f/0x40\n ? flush_tlb_kernel_range+0x90/0x90\n ret_from_fork_asm+0x11/0x20\n \u003c/TASK\u003e\n\nThis occurs because cleanup_one_transaction() calls\ndestroy_delalloc_inodes() which calls invalidate_inode_pages2() which\ntakes the folio_lock before setting mapping to NULL. We fail to check\nthis, and subsequently call set_extent_mapping(), which assumes that\nmapping != NULL (in fact it asserts that in debug mode)\n\nNote that the \"fixes\" patch here is not the one that introduced the\nrace (the very first iteration of this code from 2009) but a more recent\nchange that made this particular crash happen in practice.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56758",
"url": "https://www.suse.com/security/cve/CVE-2024-56758"
},
{
"category": "external",
"summary": "SUSE Bug 1235621 for CVE-2024-56758",
"url": "https://bugzilla.suse.com/1235621"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-56758"
},
{
"cve": "CVE-2024-56770",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56770"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: netem: account for backlog updates from child qdisc\n\nIn general, \u0027qlen\u0027 of any classful qdisc should keep track of the\nnumber of packets that the qdisc itself and all of its children holds.\nIn case of netem, \u0027qlen\u0027 only accounts for the packets in its internal\ntfifo. When netem is used with a child qdisc, the child qdisc can use\n\u0027qdisc_tree_reduce_backlog\u0027 to inform its parent, netem, about created\nor dropped SKBs. This function updates \u0027qlen\u0027 and the backlog statistics\nof netem, but netem does not account for changes made by a child qdisc.\n\u0027qlen\u0027 then indicates the wrong number of packets in the tfifo.\nIf a child qdisc creates new SKBs during enqueue and informs its parent\nabout this, netem\u0027s \u0027qlen\u0027 value is increased. When netem dequeues the\nnewly created SKBs from the child, the \u0027qlen\u0027 in netem is not updated.\nIf \u0027qlen\u0027 reaches the configured sch-\u003elimit, the enqueue function stops\nworking, even though the tfifo is not full.\n\nReproduce the bug:\nEnsure that the sender machine has GSO enabled. Configure netem as root\nqdisc and tbf as its child on the outgoing interface of the machine\nas follows:\n$ tc qdisc add dev \u003coif\u003e root handle 1: netem delay 100ms limit 100\n$ tc qdisc add dev \u003coif\u003e parent 1:0 tbf rate 50Mbit burst 1542 latency 50ms\n\nSend bulk TCP traffic out via this interface, e.g., by running an iPerf3\nclient on the machine. Check the qdisc statistics:\n$ tc -s qdisc show dev \u003coif\u003e\n\nStatistics after 10s of iPerf3 TCP test before the fix (note that\nnetem\u0027s backlog \u003e limit, netem stopped accepting packets):\nqdisc netem 1: root refcnt 2 limit 1000 delay 100ms\n Sent 2767766 bytes 1848 pkt (dropped 652, overlimits 0 requeues 0)\n backlog 4294528236b 1155p requeues 0\nqdisc tbf 10: parent 1:1 rate 50Mbit burst 1537b lat 50ms\n Sent 2767766 bytes 1848 pkt (dropped 327, overlimits 7601 requeues 0)\n backlog 0b 0p requeues 0\n\nStatistics after the fix:\nqdisc netem 1: root refcnt 2 limit 1000 delay 100ms\n Sent 37766372 bytes 24974 pkt (dropped 9, overlimits 0 requeues 0)\n backlog 0b 0p requeues 0\nqdisc tbf 10: parent 1:1 rate 50Mbit burst 1537b lat 50ms\n Sent 37766372 bytes 24974 pkt (dropped 327, overlimits 96017 requeues 0)\n backlog 0b 0p requeues 0\n\ntbf segments the GSO SKBs (tbf_segment) and updates the netem\u0027s \u0027qlen\u0027.\nThe interface fully stops transferring packets and \"locks\". In this case,\nthe child qdisc and tfifo are empty, but \u0027qlen\u0027 indicates the tfifo is at\nits limit and no more packets are accepted.\n\nThis patch adds a counter for the entries in the tfifo. Netem\u0027s \u0027qlen\u0027 is\nonly decreased when a packet is returned by its dequeue function, and not\nduring enqueuing into the child qdisc. External updates to \u0027qlen\u0027 are thus\naccounted for and only the behavior of the backlog statistics changes. As\nin other qdiscs, \u0027qlen\u0027 then keeps track of how many packets are held in\nnetem and all of its children. As before, sch-\u003elimit remains as the\nmaximum number of packets in the tfifo. The same applies to netem\u0027s\nbacklog statistics.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56770",
"url": "https://www.suse.com/security/cve/CVE-2024-56770"
},
{
"category": "external",
"summary": "SUSE Bug 1235637 for CVE-2024-56770",
"url": "https://bugzilla.suse.com/1235637"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-56770"
},
{
"cve": "CVE-2024-57807",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57807"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: megaraid_sas: Fix for a potential deadlock\n\nThis fixes a \u0027possible circular locking dependency detected\u0027 warning\n CPU0 CPU1\n ---- ----\n lock(\u0026instance-\u003ereset_mutex);\n lock(\u0026shost-\u003escan_mutex);\n lock(\u0026instance-\u003ereset_mutex);\n lock(\u0026shost-\u003escan_mutex);\n\nFix this by temporarily releasing the reset_mutex.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57807",
"url": "https://www.suse.com/security/cve/CVE-2024-57807"
},
{
"category": "external",
"summary": "SUSE Bug 1235761 for CVE-2024-57807",
"url": "https://bugzilla.suse.com/1235761"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-57807"
},
{
"cve": "CVE-2024-57834",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57834"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: vidtv: Fix a null-ptr-deref in vidtv_mux_stop_thread\n\nsyzbot report a null-ptr-deref in vidtv_mux_stop_thread. [1]\n\nIf dvb-\u003emux is not initialized successfully by vidtv_mux_init() in the\nvidtv_start_streaming(), it will trigger null pointer dereference about mux\nin vidtv_mux_stop_thread().\n\nAdjust the timing of streaming initialization and check it before\nstopping it.\n\n[1]\nKASAN: null-ptr-deref in range [0x0000000000000128-0x000000000000012f]\nCPU: 0 UID: 0 PID: 5842 Comm: syz-executor248 Not tainted 6.13.0-rc4-syzkaller-00012-g9b2ffa6148b1 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nRIP: 0010:vidtv_mux_stop_thread+0x26/0x80 drivers/media/test-drivers/vidtv/vidtv_mux.c:471\nCode: 90 90 90 90 66 0f 1f 00 55 53 48 89 fb e8 82 2e c8 f9 48 8d bb 28 01 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 \u003c0f\u003e b6 04 02 84 c0 74 02 7e 3b 0f b6 ab 28 01 00 00 31 ff 89 ee e8\nRSP: 0018:ffffc90003f2faa8 EFLAGS: 00010202\nRAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffff87cfb125\nRDX: 0000000000000025 RSI: ffffffff87d120ce RDI: 0000000000000128\nRBP: ffff888029b8d220 R08: 0000000000000005 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000003 R12: ffff888029b8d188\nR13: ffffffff8f590aa0 R14: ffffc9000581c5c8 R15: ffff888029a17710\nFS: 00007f7eef5156c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f7eef5e635c CR3: 0000000076ca6000 CR4: 00000000003526f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n vidtv_stop_streaming drivers/media/test-drivers/vidtv/vidtv_bridge.c:209 [inline]\n vidtv_stop_feed+0x151/0x250 drivers/media/test-drivers/vidtv/vidtv_bridge.c:252\n dmx_section_feed_stop_filtering+0x90/0x160 drivers/media/dvb-core/dvb_demux.c:1000\n dvb_dmxdev_feed_stop.isra.0+0x1ee/0x270 drivers/media/dvb-core/dmxdev.c:486\n dvb_dmxdev_filter_stop+0x22a/0x3a0 drivers/media/dvb-core/dmxdev.c:559\n dvb_dmxdev_filter_free drivers/media/dvb-core/dmxdev.c:840 [inline]\n dvb_demux_release+0x92/0x550 drivers/media/dvb-core/dmxdev.c:1246\n __fput+0x3f8/0xb60 fs/file_table.c:450\n task_work_run+0x14e/0x250 kernel/task_work.c:239\n get_signal+0x1d3/0x2610 kernel/signal.c:2790\n arch_do_signal_or_restart+0x90/0x7e0 arch/x86/kernel/signal.c:337\n exit_to_user_mode_loop kernel/entry/common.c:111 [inline]\n exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline]\n __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]\n syscall_exit_to_user_mode+0x150/0x2a0 kernel/entry/common.c:218\n do_syscall_64+0xda/0x250 arch/x86/entry/common.c:89\n entry_SYSCALL_64_after_hwframe+0x77/0x7f",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57834",
"url": "https://www.suse.com/security/cve/CVE-2024-57834"
},
{
"category": "external",
"summary": "SUSE Bug 1238993 for CVE-2024-57834",
"url": "https://bugzilla.suse.com/1238993"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-57834"
},
{
"cve": "CVE-2024-57882",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57882"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: fix TCP options overflow.\n\nSyzbot reported the following splat:\n\nOops: general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN PTI\nKASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]\nCPU: 1 UID: 0 PID: 5836 Comm: sshd Not tainted 6.13.0-rc3-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024\nRIP: 0010:_compound_head include/linux/page-flags.h:242 [inline]\nRIP: 0010:put_page+0x23/0x260 include/linux/mm.h:1552\nCode: 90 90 90 90 90 90 90 55 41 57 41 56 53 49 89 fe 48 bd 00 00 00 00 00 fc ff df e8 f8 5e 12 f8 49 8d 5e 08 48 89 d8 48 c1 e8 03 \u003c80\u003e 3c 28 00 74 08 48 89 df e8 8f c7 78 f8 48 8b 1b 48 89 de 48 83\nRSP: 0000:ffffc90003916c90 EFLAGS: 00010202\nRAX: 0000000000000001 RBX: 0000000000000008 RCX: ffff888030458000\nRDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000\nRBP: dffffc0000000000 R08: ffffffff898ca81d R09: 1ffff110054414ac\nR10: dffffc0000000000 R11: ffffed10054414ad R12: 0000000000000007\nR13: ffff88802a20a542 R14: 0000000000000000 R15: 0000000000000000\nFS: 00007f34f496e800(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f9d6ec9ec28 CR3: 000000004d260000 CR4: 00000000003526f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n skb_page_unref include/linux/skbuff_ref.h:43 [inline]\n __skb_frag_unref include/linux/skbuff_ref.h:56 [inline]\n skb_release_data+0x483/0x8a0 net/core/skbuff.c:1119\n skb_release_all net/core/skbuff.c:1190 [inline]\n __kfree_skb+0x55/0x70 net/core/skbuff.c:1204\n tcp_clean_rtx_queue net/ipv4/tcp_input.c:3436 [inline]\n tcp_ack+0x2442/0x6bc0 net/ipv4/tcp_input.c:4032\n tcp_rcv_state_process+0x8eb/0x44e0 net/ipv4/tcp_input.c:6805\n tcp_v4_do_rcv+0x77d/0xc70 net/ipv4/tcp_ipv4.c:1939\n tcp_v4_rcv+0x2dc0/0x37f0 net/ipv4/tcp_ipv4.c:2351\n ip_protocol_deliver_rcu+0x22e/0x440 net/ipv4/ip_input.c:205\n ip_local_deliver_finish+0x341/0x5f0 net/ipv4/ip_input.c:233\n NF_HOOK+0x3a4/0x450 include/linux/netfilter.h:314\n NF_HOOK+0x3a4/0x450 include/linux/netfilter.h:314\n __netif_receive_skb_one_core net/core/dev.c:5672 [inline]\n __netif_receive_skb+0x2bf/0x650 net/core/dev.c:5785\n process_backlog+0x662/0x15b0 net/core/dev.c:6117\n __napi_poll+0xcb/0x490 net/core/dev.c:6883\n napi_poll net/core/dev.c:6952 [inline]\n net_rx_action+0x89b/0x1240 net/core/dev.c:7074\n handle_softirqs+0x2d4/0x9b0 kernel/softirq.c:561\n __do_softirq kernel/softirq.c:595 [inline]\n invoke_softirq kernel/softirq.c:435 [inline]\n __irq_exit_rcu+0xf7/0x220 kernel/softirq.c:662\n irq_exit_rcu+0x9/0x30 kernel/softirq.c:678\n instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline]\n sysvec_apic_timer_interrupt+0x57/0xc0 arch/x86/kernel/apic/apic.c:1049\n asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702\nRIP: 0033:0x7f34f4519ad5\nCode: 85 d2 74 0d 0f 10 02 48 8d 54 24 20 0f 11 44 24 20 64 8b 04 25 18 00 00 00 85 c0 75 27 41 b8 08 00 00 00 b8 0f 01 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 76 75 48 8b 15 24 73 0d 00 f7 d8 64 89 02 48 83\nRSP: 002b:00007ffec5b32ce0 EFLAGS: 00000246\nRAX: 0000000000000001 RBX: 00000000000668a0 RCX: 00007f34f4519ad5\nRDX: 00007ffec5b32d00 RSI: 0000000000000004 RDI: 0000564f4bc6cae0\nRBP: 0000564f4bc6b5a0 R08: 0000000000000008 R09: 0000000000000000\nR10: 00007ffec5b32de8 R11: 0000000000000246 R12: 0000564f48ea8aa4\nR13: 0000000000000001 R14: 0000564f48ea93e8 R15: 00007ffec5b32d68\n \u003c/TASK\u003e\n\nEric noted a probable shinfo-\u003enr_frags corruption, which indeed\noccurs.\n\nThe root cause is a buggy MPTCP option len computation in some\ncircumstances: the ADD_ADDR option should be mutually exclusive\nwith DSS since the blamed commit.\n\nStill, mptcp_established_options_add_addr() tries to set the\nrelevant info in mptcp_out_options, if \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57882",
"url": "https://www.suse.com/security/cve/CVE-2024-57882"
},
{
"category": "external",
"summary": "SUSE Bug 1235914 for CVE-2024-57882",
"url": "https://bugzilla.suse.com/1235914"
},
{
"category": "external",
"summary": "SUSE Bug 1235916 for CVE-2024-57882",
"url": "https://bugzilla.suse.com/1235916"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2024-57882"
},
{
"cve": "CVE-2024-57889",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57889"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npinctrl: mcp23s08: Fix sleeping in atomic context due to regmap locking\n\nIf a device uses MCP23xxx IO expander to receive IRQs, the following\nbug can happen:\n\n BUG: sleeping function called from invalid context\n at kernel/locking/mutex.c:283\n in_atomic(): 1, irqs_disabled(): 1, non_block: 0, ...\n preempt_count: 1, expected: 0\n ...\n Call Trace:\n ...\n __might_resched+0x104/0x10e\n __might_sleep+0x3e/0x62\n mutex_lock+0x20/0x4c\n regmap_lock_mutex+0x10/0x18\n regmap_update_bits_base+0x2c/0x66\n mcp23s08_irq_set_type+0x1ae/0x1d6\n __irq_set_trigger+0x56/0x172\n __setup_irq+0x1e6/0x646\n request_threaded_irq+0xb6/0x160\n ...\n\nWe observed the problem while experimenting with a touchscreen driver which\nused MCP23017 IO expander (I2C).\n\nThe regmap in the pinctrl-mcp23s08 driver uses a mutex for protection from\nconcurrent accesses, which is the default for regmaps without .fast_io,\n.disable_locking, etc.\n\nmcp23s08_irq_set_type() calls regmap_update_bits_base(), and the latter\nlocks the mutex.\n\nHowever, __setup_irq() locks desc-\u003elock spinlock before calling these\nfunctions. As a result, the system tries to lock the mutex whole holding\nthe spinlock.\n\nIt seems, the internal regmap locks are not needed in this driver at all.\nmcp-\u003elock seems to protect the regmap from concurrent accesses already,\nexcept, probably, in mcp_pinconf_get/set.\n\nmcp23s08_irq_set_type() and mcp23s08_irq_mask/unmask() are called under\nchip_bus_lock(), which calls mcp23s08_irq_bus_lock(). The latter takes\nmcp-\u003elock and enables regmap caching, so that the potentially slow I2C\naccesses are deferred until chip_bus_unlock().\n\nThe accesses to the regmap from mcp23s08_probe_one() do not need additional\nlocking.\n\nIn all remaining places where the regmap is accessed, except\nmcp_pinconf_get/set(), the driver already takes mcp-\u003elock.\n\nThis patch adds locking in mcp_pinconf_get/set() and disables internal\nlocking in the regmap config. Among other things, it fixes the sleeping\nin atomic context described above.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57889",
"url": "https://www.suse.com/security/cve/CVE-2024-57889"
},
{
"category": "external",
"summary": "SUSE Bug 1236573 for CVE-2024-57889",
"url": "https://bugzilla.suse.com/1236573"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-57889"
},
{
"cve": "CVE-2024-57900",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57900"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nila: serialize calls to nf_register_net_hooks()\n\nsyzbot found a race in ila_add_mapping() [1]\n\ncommit 031ae72825ce (\"ila: call nf_unregister_net_hooks() sooner\")\nattempted to fix a similar issue.\n\nLooking at the syzbot repro, we have concurrent ILA_CMD_ADD commands.\n\nAdd a mutex to make sure at most one thread is calling nf_register_net_hooks().\n\n[1]\n BUG: KASAN: slab-use-after-free in rht_key_hashfn include/linux/rhashtable.h:159 [inline]\n BUG: KASAN: slab-use-after-free in __rhashtable_lookup.constprop.0+0x426/0x550 include/linux/rhashtable.h:604\nRead of size 4 at addr ffff888028f40008 by task dhcpcd/5501\n\nCPU: 1 UID: 0 PID: 5501 Comm: dhcpcd Not tainted 6.13.0-rc4-syzkaller-00054-gd6ef8b40d075 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nCall Trace:\n \u003cIRQ\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0xc3/0x620 mm/kasan/report.c:489\n kasan_report+0xd9/0x110 mm/kasan/report.c:602\n rht_key_hashfn include/linux/rhashtable.h:159 [inline]\n __rhashtable_lookup.constprop.0+0x426/0x550 include/linux/rhashtable.h:604\n rhashtable_lookup include/linux/rhashtable.h:646 [inline]\n rhashtable_lookup_fast include/linux/rhashtable.h:672 [inline]\n ila_lookup_wildcards net/ipv6/ila/ila_xlat.c:127 [inline]\n ila_xlat_addr net/ipv6/ila/ila_xlat.c:652 [inline]\n ila_nf_input+0x1ee/0x620 net/ipv6/ila/ila_xlat.c:185\n nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]\n nf_hook_slow+0xbb/0x200 net/netfilter/core.c:626\n nf_hook.constprop.0+0x42e/0x750 include/linux/netfilter.h:269\n NF_HOOK include/linux/netfilter.h:312 [inline]\n ipv6_rcv+0xa4/0x680 net/ipv6/ip6_input.c:309\n __netif_receive_skb_one_core+0x12e/0x1e0 net/core/dev.c:5672\n __netif_receive_skb+0x1d/0x160 net/core/dev.c:5785\n process_backlog+0x443/0x15f0 net/core/dev.c:6117\n __napi_poll.constprop.0+0xb7/0x550 net/core/dev.c:6883\n napi_poll net/core/dev.c:6952 [inline]\n net_rx_action+0xa94/0x1010 net/core/dev.c:7074\n handle_softirqs+0x213/0x8f0 kernel/softirq.c:561\n __do_softirq kernel/softirq.c:595 [inline]\n invoke_softirq kernel/softirq.c:435 [inline]\n __irq_exit_rcu+0x109/0x170 kernel/softirq.c:662\n irq_exit_rcu+0x9/0x30 kernel/softirq.c:678\n instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline]\n sysvec_apic_timer_interrupt+0xa4/0xc0 arch/x86/kernel/apic/apic.c:1049",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57900",
"url": "https://www.suse.com/security/cve/CVE-2024-57900"
},
{
"category": "external",
"summary": "SUSE Bug 1235973 for CVE-2024-57900",
"url": "https://bugzilla.suse.com/1235973"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-57900"
},
{
"cve": "CVE-2024-57947",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57947"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_set_pipapo: fix initial map fill\n\nThe initial buffer has to be inited to all-ones, but it must restrict\nit to the size of the first field, not the total field size.\n\nAfter each round in the map search step, the result and the fill map\nare swapped, so if we have a set where f-\u003ebsize of the first element\nis smaller than m-\u003ebsize_max, those one-bits are leaked into future\nrounds result map.\n\nThis makes pipapo find an incorrect matching results for sets where\nfirst field size is not the largest.\n\nFollowup patch adds a test case to nft_concat_range.sh selftest script.\n\nThanks to Stefano Brivio for pointing out that we need to zero out\nthe remainder explicitly, only correcting memset() argument isn\u0027t enough.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57947",
"url": "https://www.suse.com/security/cve/CVE-2024-57947"
},
{
"category": "external",
"summary": "SUSE Bug 1236333 for CVE-2024-57947",
"url": "https://bugzilla.suse.com/1236333"
},
{
"category": "external",
"summary": "SUSE Bug 1245799 for CVE-2024-57947",
"url": "https://bugzilla.suse.com/1245799"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2024-57947"
},
{
"cve": "CVE-2024-57948",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57948"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmac802154: check local interfaces before deleting sdata list\n\nsyzkaller reported a corrupted list in ieee802154_if_remove. [1]\n\nRemove an IEEE 802.15.4 network interface after unregister an IEEE 802.15.4\nhardware device from the system.\n\nCPU0\t\t\t\t\tCPU1\n====\t\t\t\t\t====\ngenl_family_rcv_msg_doit\t\tieee802154_unregister_hw\nieee802154_del_iface\t\t\tieee802154_remove_interfaces\nrdev_del_virtual_intf_deprecated\tlist_del(\u0026sdata-\u003elist)\nieee802154_if_remove\nlist_del_rcu\n\nThe net device has been unregistered, since the rcu grace period,\nunregistration must be run before ieee802154_if_remove.\n\nTo avoid this issue, add a check for local-\u003einterfaces before deleting\nsdata list.\n\n[1]\nkernel BUG at lib/list_debug.c:58!\nOops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI\nCPU: 0 UID: 0 PID: 6277 Comm: syz-executor157 Not tainted 6.12.0-rc6-syzkaller-00005-g557329bcecc2 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nRIP: 0010:__list_del_entry_valid_or_report+0xf4/0x140 lib/list_debug.c:56\nCode: e8 a1 7e 00 07 90 0f 0b 48 c7 c7 e0 37 60 8c 4c 89 fe e8 8f 7e 00 07 90 0f 0b 48 c7 c7 40 38 60 8c 4c 89 fe e8 7d 7e 00 07 90 \u003c0f\u003e 0b 48 c7 c7 a0 38 60 8c 4c 89 fe e8 6b 7e 00 07 90 0f 0b 48 c7\nRSP: 0018:ffffc9000490f3d0 EFLAGS: 00010246\nRAX: 000000000000004e RBX: dead000000000122 RCX: d211eee56bb28d00\nRDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000\nRBP: ffff88805b278dd8 R08: ffffffff8174a12c R09: 1ffffffff2852f0d\nR10: dffffc0000000000 R11: fffffbfff2852f0e R12: dffffc0000000000\nR13: dffffc0000000000 R14: dead000000000100 R15: ffff88805b278cc0\nFS: 0000555572f94380(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 000056262e4a3000 CR3: 0000000078496000 CR4: 00000000003526f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n __list_del_entry_valid include/linux/list.h:124 [inline]\n __list_del_entry include/linux/list.h:215 [inline]\n list_del_rcu include/linux/rculist.h:157 [inline]\n ieee802154_if_remove+0x86/0x1e0 net/mac802154/iface.c:687\n rdev_del_virtual_intf_deprecated net/ieee802154/rdev-ops.h:24 [inline]\n ieee802154_del_iface+0x2c0/0x5c0 net/ieee802154/nl-phy.c:323\n genl_family_rcv_msg_doit net/netlink/genetlink.c:1115 [inline]\n genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]\n genl_rcv_msg+0xb14/0xec0 net/netlink/genetlink.c:1210\n netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2551\n genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219\n netlink_unicast_kernel net/netlink/af_netlink.c:1331 [inline]\n netlink_unicast+0x7f6/0x990 net/netlink/af_netlink.c:1357\n netlink_sendmsg+0x8e4/0xcb0 net/netlink/af_netlink.c:1901\n sock_sendmsg_nosec net/socket.c:729 [inline]\n __sock_sendmsg+0x221/0x270 net/socket.c:744\n ____sys_sendmsg+0x52a/0x7e0 net/socket.c:2607\n ___sys_sendmsg net/socket.c:2661 [inline]\n __sys_sendmsg+0x292/0x380 net/socket.c:2690\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57948",
"url": "https://www.suse.com/security/cve/CVE-2024-57948"
},
{
"category": "external",
"summary": "SUSE Bug 1236677 for CVE-2024-57948",
"url": "https://bugzilla.suse.com/1236677"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-57948"
},
{
"cve": "CVE-2024-57973",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57973"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nrdma/cxgb4: Prevent potential integer overflow on 32bit\n\nThe \"gl-\u003etot_len\" variable is controlled by the user. It comes from\nprocess_responses(). On 32bit systems, the \"gl-\u003etot_len + sizeof(struct\ncpl_pass_accept_req) + sizeof(struct rss_header)\" addition could have an\ninteger wrapping bug. Use size_add() to prevent this.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57973",
"url": "https://www.suse.com/security/cve/CVE-2024-57973"
},
{
"category": "external",
"summary": "SUSE Bug 1238531 for CVE-2024-57973",
"url": "https://bugzilla.suse.com/1238531"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-57973"
},
{
"cve": "CVE-2024-57974",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57974"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nudp: Deal with race between UDP socket address change and rehash\n\nIf a UDP socket changes its local address while it\u0027s receiving\ndatagrams, as a result of connect(), there is a period during which\na lookup operation might fail to find it, after the address is changed\nbut before the secondary hash (port and address) and the four-tuple\nhash (local and remote ports and addresses) are updated.\n\nSecondary hash chains were introduced by commit 30fff9231fad (\"udp:\nbind() optimisation\") and, as a result, a rehash operation became\nneeded to make a bound socket reachable again after a connect().\n\nThis operation was introduced by commit 719f835853a9 (\"udp: add\nrehash on connect()\") which isn\u0027t however a complete fix: the\nsocket will be found once the rehashing completes, but not while\nit\u0027s pending.\n\nThis is noticeable with a socat(1) server in UDP4-LISTEN mode, and a\nclient sending datagrams to it. After the server receives the first\ndatagram (cf. _xioopen_ipdgram_listen()), it issues a connect() to\nthe address of the sender, in order to set up a directed flow.\n\nNow, if the client, running on a different CPU thread, happens to\nsend a (subsequent) datagram while the server\u0027s socket changes its\naddress, but is not rehashed yet, this will result in a failed\nlookup and a port unreachable error delivered to the client, as\napparent from the following reproducer:\n\n LEN=$(($(cat /proc/sys/net/core/wmem_default) / 4))\n dd if=/dev/urandom bs=1 count=${LEN} of=tmp.in\n\n while :; do\n \ttaskset -c 1 socat UDP4-LISTEN:1337,null-eof OPEN:tmp.out,create,trunc \u0026\n \tsleep 0.1 || sleep 1\n \ttaskset -c 2 socat OPEN:tmp.in UDP4:localhost:1337,shut-null\n \twait\n done\n\nwhere the client will eventually get ECONNREFUSED on a write()\n(typically the second or third one of a given iteration):\n\n 2024/11/13 21:28:23 socat[46901] E write(6, 0x556db2e3c000, 8192): Connection refused\n\nThis issue was first observed as a seldom failure in Podman\u0027s tests\nchecking UDP functionality while using pasta(1) to connect the\ncontainer\u0027s network namespace, which leads us to a reproducer with\nthe lookup error resulting in an ICMP packet on a tap device:\n\n LOCAL_ADDR=\"$(ip -j -4 addr show|jq -rM \u0027.[] | .addr_info[0] | select(.scope == \"global\").local\u0027)\"\n\n while :; do\n \t./pasta --config-net -p pasta.pcap -u 1337 socat UDP4-LISTEN:1337,null-eof OPEN:tmp.out,create,trunc \u0026\n \tsleep 0.2 || sleep 1\n \tsocat OPEN:tmp.in UDP4:${LOCAL_ADDR}:1337,shut-null\n \twait\n \tcmp tmp.in tmp.out\n done\n\nOnce this fails:\n\n tmp.in tmp.out differ: char 8193, line 29\n\nwe can finally have a look at what\u0027s going on:\n\n $ tshark -r pasta.pcap\n 1 0.000000 :: ? ff02::16 ICMPv6 110 Multicast Listener Report Message v2\n 2 0.168690 88.198.0.161 ? 88.198.0.164 UDP 8234 60260 ? 1337 Len=8192\n 3 0.168767 88.198.0.161 ? 88.198.0.164 UDP 8234 60260 ? 1337 Len=8192\n 4 0.168806 88.198.0.161 ? 88.198.0.164 UDP 8234 60260 ? 1337 Len=8192\n 5 0.168827 c6:47:05:8d:dc:04 ? Broadcast ARP 42 Who has 88.198.0.161? Tell 88.198.0.164\n 6 0.168851 9a:55:9a:55:9a:55 ? c6:47:05:8d:dc:04 ARP 42 88.198.0.161 is at 9a:55:9a:55:9a:55\n 7 0.168875 88.198.0.161 ? 88.198.0.164 UDP 8234 60260 ? 1337 Len=8192\n 8 0.168896 88.198.0.164 ? 88.198.0.161 ICMP 590 Destination unreachable (Port unreachable)\n 9 0.168926 88.198.0.161 ? 88.198.0.164 UDP 8234 60260 ? 1337 Len=8192\n 10 0.168959 88.198.0.161 ? 88.198.0.164 UDP 8234 60260 ? 1337 Len=8192\n 11 0.168989 88.198.0.161 ? 88.198.0.164 UDP 4138 60260 ? 1337 Len=4096\n 12 0.169010 88.198.0.161 ? 88.198.0.164 UDP 42 60260 ? 1337 Len=0\n\nOn the third datagram received, the network namespace of the container\ninitiates an ARP lookup to deliver the ICMP message.\n\nIn another variant of this reproducer, starting the client with:\n\n strace -f pasta --config-net -u 1337 socat UDP4-LISTEN:1337,null-eof OPEN:tmp.out,create,tru\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57974",
"url": "https://www.suse.com/security/cve/CVE-2024-57974"
},
{
"category": "external",
"summary": "SUSE Bug 1238532 for CVE-2024-57974",
"url": "https://bugzilla.suse.com/1238532"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-57974"
},
{
"cve": "CVE-2024-57978",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57978"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: imx-jpeg: Fix potential error pointer dereference in detach_pm()\n\nThe proble is on the first line:\n\n\tif (jpeg-\u003epd_dev[i] \u0026\u0026 !pm_runtime_suspended(jpeg-\u003epd_dev[i]))\n\nIf jpeg-\u003epd_dev[i] is an error pointer, then passing it to\npm_runtime_suspended() will lead to an Oops. The other conditions\ncheck for both error pointers and NULL, but it would be more clear to\nuse the IS_ERR_OR_NULL() check for that.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57978",
"url": "https://www.suse.com/security/cve/CVE-2024-57978"
},
{
"category": "external",
"summary": "SUSE Bug 1238523 for CVE-2024-57978",
"url": "https://bugzilla.suse.com/1238523"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-57978"
},
{
"cve": "CVE-2024-57979",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57979"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npps: Fix a use-after-free\n\nOn a board running ntpd and gpsd, I\u0027m seeing a consistent use-after-free\nin sys_exit() from gpsd when rebooting:\n\n pps pps1: removed\n ------------[ cut here ]------------\n kobject: \u0027(null)\u0027 (00000000db4bec24): is not initialized, yet kobject_put() is being called.\n WARNING: CPU: 2 PID: 440 at lib/kobject.c:734 kobject_put+0x120/0x150\n CPU: 2 UID: 299 PID: 440 Comm: gpsd Not tainted 6.11.0-rc6-00308-gb31c44928842 #1\n Hardware name: Raspberry Pi 4 Model B Rev 1.1 (DT)\n pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : kobject_put+0x120/0x150\n lr : kobject_put+0x120/0x150\n sp : ffffffc0803d3ae0\n x29: ffffffc0803d3ae0 x28: ffffff8042dc9738 x27: 0000000000000001\n x26: 0000000000000000 x25: ffffff8042dc9040 x24: ffffff8042dc9440\n x23: ffffff80402a4620 x22: ffffff8042ef4bd0 x21: ffffff80405cb600\n x20: 000000000008001b x19: ffffff8040b3b6e0 x18: 0000000000000000\n x17: 0000000000000000 x16: 0000000000000000 x15: 696e6920746f6e20\n x14: 7369203a29343263 x13: 205d303434542020 x12: 0000000000000000\n x11: 0000000000000000 x10: 0000000000000000 x9 : 0000000000000000\n x8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000000000\n x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000000\n x2 : 0000000000000000 x1 : 0000000000000000 x0 : 0000000000000000\n Call trace:\n kobject_put+0x120/0x150\n cdev_put+0x20/0x3c\n __fput+0x2c4/0x2d8\n ____fput+0x1c/0x38\n task_work_run+0x70/0xfc\n do_exit+0x2a0/0x924\n do_group_exit+0x34/0x90\n get_signal+0x7fc/0x8c0\n do_signal+0x128/0x13b4\n do_notify_resume+0xdc/0x160\n el0_svc+0xd4/0xf8\n el0t_64_sync_handler+0x140/0x14c\n el0t_64_sync+0x190/0x194\n ---[ end trace 0000000000000000 ]---\n\n...followed by more symptoms of corruption, with similar stacks:\n\n refcount_t: underflow; use-after-free.\n kernel BUG at lib/list_debug.c:62!\n Kernel panic - not syncing: Oops - BUG: Fatal exception\n\nThis happens because pps_device_destruct() frees the pps_device with the\nembedded cdev immediately after calling cdev_del(), but, as the comment\nabove cdev_del() notes, fops for previously opened cdevs are still\ncallable even after cdev_del() returns. I think this bug has always\nbeen there: I can\u0027t explain why it suddenly started happening every time\nI reboot this particular board.\n\nIn commit d953e0e837e6 (\"pps: Fix a use-after free bug when\nunregistering a source.\"), George Spelvin suggested removing the\nembedded cdev. That seems like the simplest way to fix this, so I\u0027ve\nimplemented his suggestion, using __register_chrdev() with pps_idr\nbecoming the source of truth for which minor corresponds to which\ndevice.\n\nBut now that pps_idr defines userspace visibility instead of cdev_add(),\nwe need to be sure the pps-\u003edev refcount can\u0027t reach zero while\nuserspace can still find it again. So, the idr_remove() call moves to\npps_unregister_cdev(), and pps_idr now holds a reference to pps-\u003edev.\n\n pps_core: source serial1 got cdev (251:1)\n \u003c...\u003e\n pps pps1: removed\n pps_core: unregistering pps1\n pps_core: deallocating pps1",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57979",
"url": "https://www.suse.com/security/cve/CVE-2024-57979"
},
{
"category": "external",
"summary": "SUSE Bug 1238521 for CVE-2024-57979",
"url": "https://bugzilla.suse.com/1238521"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-57979"
},
{
"cve": "CVE-2024-57980",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57980"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: uvcvideo: Fix double free in error path\n\nIf the uvc_status_init() function fails to allocate the int_urb, it will\nfree the dev-\u003estatus pointer but doesn\u0027t reset the pointer to NULL. This\nresults in the kfree() call in uvc_status_cleanup() trying to\ndouble-free the memory. Fix it by resetting the dev-\u003estatus pointer to\nNULL after freeing it.\n\nReviewed by: Ricardo Ribalda \u003cribalda@chromium.org\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57980",
"url": "https://www.suse.com/security/cve/CVE-2024-57980"
},
{
"category": "external",
"summary": "SUSE Bug 1237911 for CVE-2024-57980",
"url": "https://bugzilla.suse.com/1237911"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-57980"
},
{
"cve": "CVE-2024-57981",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57981"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: xhci: Fix NULL pointer dereference on certain command aborts\n\nIf a command is queued to the final usable TRB of a ring segment, the\nenqueue pointer is advanced to the subsequent link TRB and no further.\nIf the command is later aborted, when the abort completion is handled\nthe dequeue pointer is advanced to the first TRB of the next segment.\n\nIf no further commands are queued, xhci_handle_stopped_cmd_ring() sees\nthe ring pointers unequal and assumes that there is a pending command,\nso it calls xhci_mod_cmd_timer() which crashes if cur_cmd was NULL.\n\nDon\u0027t attempt timer setup if cur_cmd is NULL. The subsequent doorbell\nring likely is unnecessary too, but it\u0027s harmless. Leave it alone.\n\nThis is probably Bug 219532, but no confirmation has been received.\n\nThe issue has been independently reproduced and confirmed fixed using\na USB MCU programmed to NAK the Status stage of SET_ADDRESS forever.\nEverything continued working normally after several prevented crashes.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57981",
"url": "https://www.suse.com/security/cve/CVE-2024-57981"
},
{
"category": "external",
"summary": "SUSE Bug 1237912 for CVE-2024-57981",
"url": "https://bugzilla.suse.com/1237912"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-57981"
},
{
"cve": "CVE-2024-57986",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57986"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: core: Fix assumption that Resolution Multipliers must be in Logical Collections\n\nA report in 2019 by the syzbot fuzzer was found to be connected to two\nerrors in the HID core associated with Resolution Multipliers. One of\nthe errors was fixed by commit ea427a222d8b (\"HID: core: Fix deadloop\nin hid_apply_multiplier.\"), but the other has not been fixed.\n\nThis error arises because hid_apply_multipler() assumes that every\nResolution Multiplier control is contained in a Logical Collection,\ni.e., there\u0027s no way the routine can ever set multiplier_collection to\nNULL. This is in spite of the fact that the function starts with a\nbig comment saying:\n\n\t * \"The Resolution Multiplier control must be contained in the same\n\t * Logical Collection as the control(s) to which it is to be applied.\n\t ...\n\t * If no Logical Collection is\n\t * defined, the Resolution Multiplier is associated with all\n\t * controls in the report.\"\n\t * HID Usage Table, v1.12, Section 4.3.1, p30\n\t *\n\t * Thus, search from the current collection upwards until we find a\n\t * logical collection...\n\nThe comment and the code overlook the possibility that none of the\ncollections found may be a Logical Collection.\n\nThe fix is to set the multiplier_collection pointer to NULL if the\ncollection found isn\u0027t a Logical Collection.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57986",
"url": "https://www.suse.com/security/cve/CVE-2024-57986"
},
{
"category": "external",
"summary": "SUSE Bug 1237907 for CVE-2024-57986",
"url": "https://bugzilla.suse.com/1237907"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-57986"
},
{
"cve": "CVE-2024-57990",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57990"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: mt7925: fix off by one in mt7925_load_clc()\n\nThis comparison should be \u003e= instead of \u003e to prevent an out of bounds\nread and write.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57990",
"url": "https://www.suse.com/security/cve/CVE-2024-57990"
},
{
"category": "external",
"summary": "SUSE Bug 1237900 for CVE-2024-57990",
"url": "https://bugzilla.suse.com/1237900"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-57990"
},
{
"cve": "CVE-2024-57993",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57993"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: hid-thrustmaster: Fix warning in thrustmaster_probe by adding endpoint check\n\nsyzbot has found a type mismatch between a USB pipe and the transfer\nendpoint, which is triggered by the hid-thrustmaster driver[1].\nThere is a number of similar, already fixed issues [2].\nIn this case as in others, implementing check for endpoint type fixes the issue.\n\n[1] https://syzkaller.appspot.com/bug?extid=040e8b3db6a96908d470\n[2] https://syzkaller.appspot.com/bug?extid=348331f63b034f89b622",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57993",
"url": "https://www.suse.com/security/cve/CVE-2024-57993"
},
{
"category": "external",
"summary": "SUSE Bug 1237894 for CVE-2024-57993",
"url": "https://bugzilla.suse.com/1237894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-57993"
},
{
"cve": "CVE-2024-57994",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57994"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nptr_ring: do not block hard interrupts in ptr_ring_resize_multiple()\n\nJakub added a lockdep_assert_no_hardirq() check in __page_pool_put_page()\nto increase test coverage.\n\nsyzbot found a splat caused by hard irq blocking in\nptr_ring_resize_multiple() [1]\n\nAs current users of ptr_ring_resize_multiple() do not require\nhard irqs being masked, replace it to only block BH.\n\nRename helpers to better reflect they are safe against BH only.\n\n- ptr_ring_resize_multiple() to ptr_ring_resize_multiple_bh()\n- skb_array_resize_multiple() to skb_array_resize_multiple_bh()\n\n[1]\n\nWARNING: CPU: 1 PID: 9150 at net/core/page_pool.c:709 __page_pool_put_page net/core/page_pool.c:709 [inline]\nWARNING: CPU: 1 PID: 9150 at net/core/page_pool.c:709 page_pool_put_unrefed_netmem+0x157/0xa40 net/core/page_pool.c:780\nModules linked in:\nCPU: 1 UID: 0 PID: 9150 Comm: syz.1.1052 Not tainted 6.11.0-rc3-syzkaller-00202-gf8669d7b5f5d #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024\nRIP: 0010:__page_pool_put_page net/core/page_pool.c:709 [inline]\nRIP: 0010:page_pool_put_unrefed_netmem+0x157/0xa40 net/core/page_pool.c:780\nCode: 74 0e e8 7c aa fb f7 eb 43 e8 75 aa fb f7 eb 3c 65 8b 1d 38 a8 6a 76 31 ff 89 de e8 a3 ae fb f7 85 db 74 0b e8 5a aa fb f7 90 \u003c0f\u003e 0b 90 eb 1d 65 8b 1d 15 a8 6a 76 31 ff 89 de e8 84 ae fb f7 85\nRSP: 0018:ffffc9000bda6b58 EFLAGS: 00010083\nRAX: ffffffff8997e523 RBX: 0000000000000000 RCX: 0000000000040000\nRDX: ffffc9000fbd0000 RSI: 0000000000001842 RDI: 0000000000001843\nRBP: 0000000000000000 R08: ffffffff8997df2c R09: 1ffffd40003a000d\nR10: dffffc0000000000 R11: fffff940003a000e R12: ffffea0001d00040\nR13: ffff88802e8a4000 R14: dffffc0000000000 R15: 00000000ffffffff\nFS: 00007fb7aaf716c0(0000) GS:ffff8880b9300000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007fa15a0d4b72 CR3: 00000000561b0000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n tun_ptr_free drivers/net/tun.c:617 [inline]\n __ptr_ring_swap_queue include/linux/ptr_ring.h:571 [inline]\n ptr_ring_resize_multiple_noprof include/linux/ptr_ring.h:643 [inline]\n tun_queue_resize drivers/net/tun.c:3694 [inline]\n tun_device_event+0xaaf/0x1080 drivers/net/tun.c:3714\n notifier_call_chain+0x19f/0x3e0 kernel/notifier.c:93\n call_netdevice_notifiers_extack net/core/dev.c:2032 [inline]\n call_netdevice_notifiers net/core/dev.c:2046 [inline]\n dev_change_tx_queue_len+0x158/0x2a0 net/core/dev.c:9024\n do_setlink+0xff6/0x41f0 net/core/rtnetlink.c:2923\n rtnl_setlink+0x40d/0x5a0 net/core/rtnetlink.c:3201\n rtnetlink_rcv_msg+0x73f/0xcf0 net/core/rtnetlink.c:6647\n netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2550",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57994",
"url": "https://www.suse.com/security/cve/CVE-2024-57994"
},
{
"category": "external",
"summary": "SUSE Bug 1237901 for CVE-2024-57994",
"url": "https://bugzilla.suse.com/1237901"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-57994"
},
{
"cve": "CVE-2024-57996",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57996"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: sch_sfq: don\u0027t allow 1 packet limit\n\nThe current implementation does not work correctly with a limit of\n1. iproute2 actually checks for this and this patch adds the check in\nkernel as well.\n\nThis fixes the following syzkaller reported crash:\n\nUBSAN: array-index-out-of-bounds in net/sched/sch_sfq.c:210:6\nindex 65535 is out of range for type \u0027struct sfq_head[128]\u0027\nCPU: 0 PID: 2569 Comm: syz-executor101 Not tainted 5.10.0-smp-DEV #1\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nCall Trace:\n __dump_stack lib/dump_stack.c:79 [inline]\n dump_stack+0x125/0x19f lib/dump_stack.c:120\n ubsan_epilogue lib/ubsan.c:148 [inline]\n __ubsan_handle_out_of_bounds+0xed/0x120 lib/ubsan.c:347\n sfq_link net/sched/sch_sfq.c:210 [inline]\n sfq_dec+0x528/0x600 net/sched/sch_sfq.c:238\n sfq_dequeue+0x39b/0x9d0 net/sched/sch_sfq.c:500\n sfq_reset+0x13/0x50 net/sched/sch_sfq.c:525\n qdisc_reset+0xfe/0x510 net/sched/sch_generic.c:1026\n tbf_reset+0x3d/0x100 net/sched/sch_tbf.c:319\n qdisc_reset+0xfe/0x510 net/sched/sch_generic.c:1026\n dev_reset_queue+0x8c/0x140 net/sched/sch_generic.c:1296\n netdev_for_each_tx_queue include/linux/netdevice.h:2350 [inline]\n dev_deactivate_many+0x6dc/0xc20 net/sched/sch_generic.c:1362\n __dev_close_many+0x214/0x350 net/core/dev.c:1468\n dev_close_many+0x207/0x510 net/core/dev.c:1506\n unregister_netdevice_many+0x40f/0x16b0 net/core/dev.c:10738\n unregister_netdevice_queue+0x2be/0x310 net/core/dev.c:10695\n unregister_netdevice include/linux/netdevice.h:2893 [inline]\n __tun_detach+0x6b6/0x1600 drivers/net/tun.c:689\n tun_detach drivers/net/tun.c:705 [inline]\n tun_chr_close+0x104/0x1b0 drivers/net/tun.c:3640\n __fput+0x203/0x840 fs/file_table.c:280\n task_work_run+0x129/0x1b0 kernel/task_work.c:185\n exit_task_work include/linux/task_work.h:33 [inline]\n do_exit+0x5ce/0x2200 kernel/exit.c:931\n do_group_exit+0x144/0x310 kernel/exit.c:1046\n __do_sys_exit_group kernel/exit.c:1057 [inline]\n __se_sys_exit_group kernel/exit.c:1055 [inline]\n __x64_sys_exit_group+0x3b/0x40 kernel/exit.c:1055\n do_syscall_64+0x6c/0xd0\n entry_SYSCALL_64_after_hwframe+0x61/0xcb\nRIP: 0033:0x7fe5e7b52479\nCode: Unable to access opcode bytes at RIP 0x7fe5e7b5244f.\nRSP: 002b:00007ffd3c800398 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7\nRAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fe5e7b52479\nRDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000\nRBP: 00007fe5e7bcd2d0 R08: ffffffffffffffb8 R09: 0000000000000014\nR10: 0000000000000000 R11: 0000000000000246 R12: 00007fe5e7bcd2d0\nR13: 0000000000000000 R14: 00007fe5e7bcdd20 R15: 00007fe5e7b24270\n\nThe crash can be also be reproduced with the following (with a tc\nrecompiled to allow for sfq limits of 1):\n\ntc qdisc add dev dummy0 handle 1: root tbf rate 1Kbit burst 100b lat 1s\n../iproute2-6.9.0/tc/tc qdisc add dev dummy0 handle 2: parent 1:10 sfq limit 1\nifconfig dummy0 up\nping -I dummy0 -f -c2 -W0.1 8.8.8.8\nsleep 1\n\nScenario that triggers the crash:\n\n* the first packet is sent and queued in TBF and SFQ; qdisc qlen is 1\n\n* TBF dequeues: it peeks from SFQ which moves the packet to the\n gso_skb list and keeps qdisc qlen set to 1. TBF is out of tokens so\n it schedules itself for later.\n\n* the second packet is sent and TBF tries to queues it to SFQ. qdisc\n qlen is now 2 and because the SFQ limit is 1 the packet is dropped\n by SFQ. At this point qlen is 1, and all of the SFQ slots are empty,\n however q-\u003etail is not NULL.\n\nAt this point, assuming no more packets are queued, when sch_dequeue\nruns again it will decrement the qlen for the current empty slot\ncausing an underflow and the subsequent out of bounds access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57996",
"url": "https://www.suse.com/security/cve/CVE-2024-57996"
},
{
"category": "external",
"summary": "SUSE Bug 1239076 for CVE-2024-57996",
"url": "https://bugzilla.suse.com/1239076"
},
{
"category": "external",
"summary": "SUSE Bug 1239077 for CVE-2024-57996",
"url": "https://bugzilla.suse.com/1239077"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2024-57996"
},
{
"cve": "CVE-2024-57997",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57997"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: wcn36xx: fix channel survey memory allocation size\n\nKASAN reported a memory allocation issue in wcn-\u003echan_survey\ndue to incorrect size calculation.\nThis commit uses kcalloc to allocate memory for wcn-\u003echan_survey,\nensuring proper initialization and preventing the use of uninitialized\nvalues when there are no frames on the channel.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57997",
"url": "https://www.suse.com/security/cve/CVE-2024-57997"
},
{
"category": "external",
"summary": "SUSE Bug 1238529 for CVE-2024-57997",
"url": "https://bugzilla.suse.com/1238529"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-57997"
},
{
"cve": "CVE-2024-57999",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57999"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/pseries/iommu: IOMMU incorrectly marks MMIO range in DDW\n\nPower Hypervisor can possibily allocate MMIO window intersecting with\nDynamic DMA Window (DDW) range, which is over 32-bit addressing.\n\nThese MMIO pages needs to be marked as reserved so that IOMMU doesn\u0027t map\nDMA buffers in this range.\n\nThe current code is not marking these pages correctly which is resulting\nin LPAR to OOPS while booting. The stack is at below\n\nBUG: Unable to handle kernel data access on read at 0xc00800005cd40000\nFaulting instruction address: 0xc00000000005cdac\nOops: Kernel access of bad area, sig: 11 [#1]\nLE PAGE_SIZE=64K MMU=Hash SMP NR_CPUS=2048 NUMA pSeries\nModules linked in: af_packet rfkill ibmveth(X) lpfc(+) nvmet_fc nvmet nvme_keyring crct10dif_vpmsum nvme_fc nvme_fabrics nvme_core be2net(+) nvme_auth rtc_generic nfsd auth_rpcgss nfs_acl lockd grace sunrpc fuse configfs ip_tables x_tables xfs libcrc32c dm_service_time ibmvfc(X) scsi_transport_fc vmx_crypto gf128mul crc32c_vpmsum dm_mirror dm_region_hash dm_log dm_multipath dm_mod sd_mod scsi_dh_emc scsi_dh_rdac scsi_dh_alua t10_pi crc64_rocksoft_generic crc64_rocksoft sg crc64 scsi_mod\nSupported: Yes, External\nCPU: 8 PID: 241 Comm: kworker/8:1 Kdump: loaded Not tainted 6.4.0-150600.23.14-default #1 SLE15-SP6 b44ee71c81261b9e4bab5e0cde1f2ed891d5359b\nHardware name: IBM,9080-M9S POWER9 (raw) 0x4e2103 0xf000005 of:IBM,FW950.B0 (VH950_149) hv:phyp pSeries\nWorkqueue: events work_for_cpu_fn\nNIP: c00000000005cdac LR: c00000000005e830 CTR: 0000000000000000\nREGS: c00001400c9ff770 TRAP: 0300 Not tainted (6.4.0-150600.23.14-default)\nMSR: 800000000280b033 \u003cSF,VEC,VSX,EE,FP,ME,IR,DR,RI,LE\u003e CR: 24228448 XER: 00000001\nCFAR: c00000000005cdd4 DAR: c00800005cd40000 DSISR: 40000000 IRQMASK: 0\nGPR00: c00000000005e830 c00001400c9ffa10 c000000001987d00 c00001400c4fe800\nGPR04: 0000080000000000 0000000000000001 0000000004000000 0000000000800000\nGPR08: 0000000004000000 0000000000000001 c00800005cd40000 ffffffffffffffff\nGPR12: 0000000084228882 c00000000a4c4f00 0000000000000010 0000080000000000\nGPR16: c00001400c4fe800 0000000004000000 0800000000000000 c00000006088b800\nGPR20: c00001401a7be980 c00001400eff3800 c000000002a2da68 000000000000002b\nGPR24: c0000000026793a8 c000000002679368 000000000000002a c0000000026793c8\nGPR28: 000008007effffff 0000080000000000 0000000000800000 c00001400c4fe800\nNIP [c00000000005cdac] iommu_table_reserve_pages+0xac/0x100\nLR [c00000000005e830] iommu_init_table+0x80/0x1e0\nCall Trace:\n[c00001400c9ffa10] [c00000000005e810] iommu_init_table+0x60/0x1e0 (unreliable)\n[c00001400c9ffa90] [c00000000010356c] iommu_bypass_supported_pSeriesLP+0x9cc/0xe40\n[c00001400c9ffc30] [c00000000005c300] dma_iommu_dma_supported+0xf0/0x230\n[c00001400c9ffcb0] [c00000000024b0c4] dma_supported+0x44/0x90\n[c00001400c9ffcd0] [c00000000024b14c] dma_set_mask+0x3c/0x80\n[c00001400c9ffd00] [c0080000555b715c] be_probe+0xc4/0xb90 [be2net]\n[c00001400c9ffdc0] [c000000000986f3c] local_pci_probe+0x6c/0x110\n[c00001400c9ffe40] [c000000000188f28] work_for_cpu_fn+0x38/0x60\n[c00001400c9ffe70] [c00000000018e454] process_one_work+0x314/0x620\n[c00001400c9fff10] [c00000000018f280] worker_thread+0x2b0/0x620\n[c00001400c9fff90] [c00000000019bb18] kthread+0x148/0x150\n[c00001400c9fffe0] [c00000000000ded8] start_kernel_thread+0x14/0x18\n\nThere are 2 issues in the code\n\n1. The index is \"int\" while the address is \"unsigned long\". This results in\n negative value when setting the bitmap.\n\n2. The DMA offset is page shifted but the MMIO range is used as-is (64-bit\n address). MMIO address needs to be page shifted as well.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57999",
"url": "https://www.suse.com/security/cve/CVE-2024-57999"
},
{
"category": "external",
"summary": "SUSE Bug 1238526 for CVE-2024-57999",
"url": "https://bugzilla.suse.com/1238526"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-57999"
},
{
"cve": "CVE-2024-58002",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58002"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: uvcvideo: Remove dangling pointers\n\nWhen an async control is written, we copy a pointer to the file handle\nthat started the operation. That pointer will be used when the device is\ndone. Which could be anytime in the future.\n\nIf the user closes that file descriptor, its structure will be freed,\nand there will be one dangling pointer per pending async control, that\nthe driver will try to use.\n\nClean all the dangling pointers during release().\n\nTo avoid adding a performance penalty in the most common case (no async\noperation), a counter has been introduced with some logic to make sure\nthat it is properly handled.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58002",
"url": "https://www.suse.com/security/cve/CVE-2024-58002"
},
{
"category": "external",
"summary": "SUSE Bug 1238503 for CVE-2024-58002",
"url": "https://bugzilla.suse.com/1238503"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58002"
},
{
"cve": "CVE-2024-58005",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58005"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntpm: Change to kvalloc() in eventlog/acpi.c\n\nThe following failure was reported on HPE ProLiant D320:\n\n[ 10.693310][ T1] tpm_tis STM0925:00: 2.0 TPM (device-id 0x3, rev-id 0)\n[ 10.848132][ T1] ------------[ cut here ]------------\n[ 10.853559][ T1] WARNING: CPU: 59 PID: 1 at mm/page_alloc.c:4727 __alloc_pages_noprof+0x2ca/0x330\n[ 10.862827][ T1] Modules linked in:\n[ 10.866671][ T1] CPU: 59 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.12.0-lp155.2.g52785e2-default #1 openSUSE Tumbleweed (unreleased) 588cd98293a7c9eba9013378d807364c088c9375\n[ 10.882741][ T1] Hardware name: HPE ProLiant DL320 Gen12/ProLiant DL320 Gen12, BIOS 1.20 10/28/2024\n[ 10.892170][ T1] RIP: 0010:__alloc_pages_noprof+0x2ca/0x330\n[ 10.898103][ T1] Code: 24 08 e9 4a fe ff ff e8 34 36 fa ff e9 88 fe ff ff 83 fe 0a 0f 86 b3 fd ff ff 80 3d 01 e7 ce 01 00 75 09 c6 05 f8 e6 ce 01 01 \u003c0f\u003e 0b 45 31 ff e9 e5 fe ff ff f7 c2 00 00 08 00 75 42 89 d9 80 e1\n[ 10.917750][ T1] RSP: 0000:ffffb7cf40077980 EFLAGS: 00010246\n[ 10.923777][ T1] RAX: 0000000000000000 RBX: 0000000000040cc0 RCX: 0000000000000000\n[ 10.931727][ T1] RDX: 0000000000000000 RSI: 000000000000000c RDI: 0000000000040cc0\n\nThe above transcript shows that ACPI pointed a 16 MiB buffer for the log\nevents because RSI maps to the \u0027order\u0027 parameter of __alloc_pages_noprof().\nAddress the bug by moving from devm_kmalloc() to devm_add_action() and\nkvmalloc() and devm_add_action().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58005",
"url": "https://www.suse.com/security/cve/CVE-2024-58005"
},
{
"category": "external",
"summary": "SUSE Bug 1237873 for CVE-2024-58005",
"url": "https://bugzilla.suse.com/1237873"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58005"
},
{
"cve": "CVE-2024-58006",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58006"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: dwc: ep: Prevent changing BAR size/flags in pci_epc_set_bar()\n\nIn commit 4284c88fff0e (\"PCI: designware-ep: Allow pci_epc_set_bar() update\ninbound map address\") set_bar() was modified to support dynamically\nchanging the backing physical address of a BAR that was already configured.\n\nThis means that set_bar() can be called twice, without ever calling\nclear_bar() (as calling clear_bar() would clear the BAR\u0027s PCI address\nassigned by the host).\n\nThis can only be done if the new BAR size/flags does not differ from the\nexisting BAR configuration. Add these missing checks.\n\nIf we allow set_bar() to set e.g. a new BAR size that differs from the\nexisting BAR size, the new address translation range will be smaller than\nthe BAR size already determined by the host, which would mean that a read\npast the new BAR size would pass the iATU untranslated, which could allow\nthe host to read memory not belonging to the new struct pci_epf_bar.\n\nWhile at it, add comments which clarifies the support for dynamically\nchanging the physical address of a BAR. (Which was also missing.)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58006",
"url": "https://www.suse.com/security/cve/CVE-2024-58006"
},
{
"category": "external",
"summary": "SUSE Bug 1238772 for CVE-2024-58006",
"url": "https://bugzilla.suse.com/1238772"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58006"
},
{
"cve": "CVE-2024-58007",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58007"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: qcom: socinfo: Avoid out of bounds read of serial number\n\nOn MSM8916 devices, the serial number exposed in sysfs is constant and does\nnot change across individual devices. It\u0027s always:\n\n db410c:/sys/devices/soc0$ cat serial_number\n 2644893864\n\nThe firmware used on MSM8916 exposes SOCINFO_VERSION(0, 8), which does not\nhave support for the serial_num field in the socinfo struct. There is an\nexisting check to avoid exposing the serial number in that case, but it\u0027s\nnot correct: When checking the item_size returned by SMEM, we need to make\nsure the *end* of the serial_num is within bounds, instead of comparing\nwith the *start* offset. The serial_number currently exposed on MSM8916\ndevices is just an out of bounds read of whatever comes after the socinfo\nstruct in SMEM.\n\nFix this by changing offsetof() to offsetofend(), so that the size of the\nfield is also taken into account.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58007",
"url": "https://www.suse.com/security/cve/CVE-2024-58007"
},
{
"category": "external",
"summary": "SUSE Bug 1238511 for CVE-2024-58007",
"url": "https://bugzilla.suse.com/1238511"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58007"
},
{
"cve": "CVE-2024-58009",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58009"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: handle NULL sock pointer in l2cap_sock_alloc\n\nA NULL sock pointer is passed into l2cap_sock_alloc() when it is called\nfrom l2cap_sock_new_connection_cb() and the error handling paths should\nalso be aware of it.\n\nSeemingly a more elegant solution would be to swap bt_sock_alloc() and\nl2cap_chan_create() calls since they are not interdependent to that moment\nbut then l2cap_chan_create() adds the soon to be deallocated and still\ndummy-initialized channel to the global list accessible by many L2CAP\npaths. The channel would be removed from the list in short period of time\nbut be a bit more straight-forward here and just check for NULL instead of\nchanging the order of function calls.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE static\nanalysis tool.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58009",
"url": "https://www.suse.com/security/cve/CVE-2024-58009"
},
{
"category": "external",
"summary": "SUSE Bug 1238760 for CVE-2024-58009",
"url": "https://bugzilla.suse.com/1238760"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58009"
},
{
"cve": "CVE-2024-58011",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58011"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: int3472: Check for adev == NULL\n\nNot all devices have an ACPI companion fwnode, so adev might be NULL. This\ncan e.g. (theoretically) happen when a user manually binds one of\nthe int3472 drivers to another i2c/platform device through sysfs.\n\nAdd a check for adev not being set and return -ENODEV in that case to\navoid a possible NULL pointer deref in skl_int3472_get_acpi_buffer().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58011",
"url": "https://www.suse.com/security/cve/CVE-2024-58011"
},
{
"category": "external",
"summary": "SUSE Bug 1239080 for CVE-2024-58011",
"url": "https://bugzilla.suse.com/1239080"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58011"
},
{
"cve": "CVE-2024-58012",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58012"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: SOF: Intel: hda-dai: Ensure DAI widget is valid during params\n\nEach cpu DAI should associate with a widget. However, the topology might\nnot create the right number of DAI widgets for aggregated amps. And it\nwill cause NULL pointer deference.\nCheck that the DAI widget associated with the CPU DAI is valid to prevent\nNULL pointer deference due to missing DAI widgets in topologies with\naggregated amps.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58012",
"url": "https://www.suse.com/security/cve/CVE-2024-58012"
},
{
"category": "external",
"summary": "SUSE Bug 1239104 for CVE-2024-58012",
"url": "https://bugzilla.suse.com/1239104"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58012"
},
{
"cve": "CVE-2024-58013",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58013"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync\n\nThis fixes the following crash:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in mgmt_remove_adv_monitor_sync+0x3a/0xd0 net/bluetooth/mgmt.c:5543\nRead of size 8 at addr ffff88814128f898 by task kworker/u9:4/5961\n\nCPU: 1 UID: 0 PID: 5961 Comm: kworker/u9:4 Not tainted 6.12.0-syzkaller-10684-gf1cd565ce577 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nWorkqueue: hci0 hci_cmd_sync_work\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:489\n kasan_report+0x143/0x180 mm/kasan/report.c:602\n mgmt_remove_adv_monitor_sync+0x3a/0xd0 net/bluetooth/mgmt.c:5543\n hci_cmd_sync_work+0x22b/0x400 net/bluetooth/hci_sync.c:332\n process_one_work kernel/workqueue.c:3229 [inline]\n process_scheduled_works+0xa63/0x1850 kernel/workqueue.c:3310\n worker_thread+0x870/0xd30 kernel/workqueue.c:3391\n kthread+0x2f0/0x390 kernel/kthread.c:389\n ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n \u003c/TASK\u003e\n\nAllocated by task 16026:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0x98/0xb0 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __kmalloc_cache_noprof+0x243/0x390 mm/slub.c:4314\n kmalloc_noprof include/linux/slab.h:901 [inline]\n kzalloc_noprof include/linux/slab.h:1037 [inline]\n mgmt_pending_new+0x65/0x250 net/bluetooth/mgmt_util.c:269\n mgmt_pending_add+0x36/0x120 net/bluetooth/mgmt_util.c:296\n remove_adv_monitor+0x102/0x1b0 net/bluetooth/mgmt.c:5568\n hci_mgmt_cmd+0xc47/0x11d0 net/bluetooth/hci_sock.c:1712\n hci_sock_sendmsg+0x7b8/0x11c0 net/bluetooth/hci_sock.c:1832\n sock_sendmsg_nosec net/socket.c:711 [inline]\n __sock_sendmsg+0x221/0x270 net/socket.c:726\n sock_write_iter+0x2d7/0x3f0 net/socket.c:1147\n new_sync_write fs/read_write.c:586 [inline]\n vfs_write+0xaeb/0xd30 fs/read_write.c:679\n ksys_write+0x18f/0x2b0 fs/read_write.c:731\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nFreed by task 16022:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:582\n poison_slab_object mm/kasan/common.c:247 [inline]\n __kasan_slab_free+0x59/0x70 mm/kasan/common.c:264\n kasan_slab_free include/linux/kasan.h:233 [inline]\n slab_free_hook mm/slub.c:2338 [inline]\n slab_free mm/slub.c:4598 [inline]\n kfree+0x196/0x420 mm/slub.c:4746\n mgmt_pending_foreach+0xd1/0x130 net/bluetooth/mgmt_util.c:259\n __mgmt_power_off+0x183/0x430 net/bluetooth/mgmt.c:9550\n hci_dev_close_sync+0x6c4/0x11c0 net/bluetooth/hci_sync.c:5208\n hci_dev_do_close net/bluetooth/hci_core.c:483 [inline]\n hci_dev_close+0x112/0x210 net/bluetooth/hci_core.c:508\n sock_do_ioctl+0x158/0x460 net/socket.c:1209\n sock_ioctl+0x626/0x8e0 net/socket.c:1328\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:906 [inline]\n __se_sys_ioctl+0xf5/0x170 fs/ioctl.c:892\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58013",
"url": "https://www.suse.com/security/cve/CVE-2024-58013"
},
{
"category": "external",
"summary": "SUSE Bug 1239095 for CVE-2024-58013",
"url": "https://bugzilla.suse.com/1239095"
},
{
"category": "external",
"summary": "SUSE Bug 1239096 for CVE-2024-58013",
"url": "https://bugzilla.suse.com/1239096"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2024-58013"
},
{
"cve": "CVE-2024-58014",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58014"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy()\n\nIn \u0027wlc_phy_iqcal_gainparams_nphy()\u0027, add gain range check to WARN()\ninstead of possible out-of-bounds \u0027tbl_iqcal_gainparams_nphy\u0027 access.\nCompile tested only.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58014",
"url": "https://www.suse.com/security/cve/CVE-2024-58014"
},
{
"category": "external",
"summary": "SUSE Bug 1239109 for CVE-2024-58014",
"url": "https://bugzilla.suse.com/1239109"
},
{
"category": "external",
"summary": "SUSE Bug 1239110 for CVE-2024-58014",
"url": "https://bugzilla.suse.com/1239110"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2024-58014"
},
{
"cve": "CVE-2024-58017",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58017"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nprintk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX\n\nShifting 1 \u003c\u003c 31 on a 32-bit int causes signed integer overflow, which\nleads to undefined behavior. To prevent this, cast 1 to u32 before\nperforming the shift, ensuring well-defined behavior.\n\nThis change explicitly avoids any potential overflow by ensuring that\nthe shift occurs on an unsigned 32-bit integer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58017",
"url": "https://www.suse.com/security/cve/CVE-2024-58017"
},
{
"category": "external",
"summary": "SUSE Bug 1239112 for CVE-2024-58017",
"url": "https://bugzilla.suse.com/1239112"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58017"
},
{
"cve": "CVE-2024-58018",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58018"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvkm: correctly calculate the available space of the GSP cmdq buffer\n\nr535_gsp_cmdq_push() waits for the available page in the GSP cmdq\nbuffer when handling a large RPC request. When it sees at least one\navailable page in the cmdq, it quits the waiting with the amount of\nfree buffer pages in the queue.\n\nUnfortunately, it always takes the [write pointer, buf_size) as\navailable buffer pages before rolling back and wrongly calculates the\nsize of the data should be copied. Thus, it can overwrite the RPC\nrequest that GSP is currently reading, which causes GSP hang due\nto corrupted RPC request:\n\n[ 549.209389] ------------[ cut here ]------------\n[ 549.214010] WARNING: CPU: 8 PID: 6314 at drivers/gpu/drm/nouveau/nvkm/subdev/gsp/r535.c:116 r535_gsp_msgq_wait+0xd0/0x190 [nvkm]\n[ 549.225678] Modules linked in: nvkm(E+) gsp_log(E) snd_seq_dummy(E) snd_hrtimer(E) snd_seq(E) snd_timer(E) snd_seq_device(E) snd(E) soundcore(E) rfkill(E) qrtr(E) vfat(E) fat(E) ipmi_ssif(E) amd_atl(E) intel_rapl_msr(E) intel_rapl_common(E) mlx5_ib(E) amd64_edac(E) edac_mce_amd(E) kvm_amd(E) ib_uverbs(E) kvm(E) ib_core(E) acpi_ipmi(E) ipmi_si(E) mxm_wmi(E) ipmi_devintf(E) rapl(E) i2c_piix4(E) wmi_bmof(E) joydev(E) ptdma(E) acpi_cpufreq(E) k10temp(E) pcspkr(E) ipmi_msghandler(E) xfs(E) libcrc32c(E) ast(E) i2c_algo_bit(E) crct10dif_pclmul(E) drm_shmem_helper(E) nvme_tcp(E) crc32_pclmul(E) ahci(E) drm_kms_helper(E) libahci(E) nvme_fabrics(E) crc32c_intel(E) nvme(E) cdc_ether(E) mlx5_core(E) nvme_core(E) usbnet(E) drm(E) libata(E) ccp(E) ghash_clmulni_intel(E) mii(E) t10_pi(E) mlxfw(E) sp5100_tco(E) psample(E) pci_hyperv_intf(E) wmi(E) dm_multipath(E) sunrpc(E) dm_mirror(E) dm_region_hash(E) dm_log(E) dm_mod(E) be2iscsi(E) bnx2i(E) cnic(E) uio(E) cxgb4i(E) cxgb4(E) tls(E) libcxgbi(E) libcxgb(E) qla4xxx(E)\n[ 549.225752] iscsi_boot_sysfs(E) iscsi_tcp(E) libiscsi_tcp(E) libiscsi(E) scsi_transport_iscsi(E) fuse(E) [last unloaded: gsp_log(E)]\n[ 549.326293] CPU: 8 PID: 6314 Comm: insmod Tainted: G E 6.9.0-rc6+ #1\n[ 549.334039] Hardware name: ASRockRack 1U1G-MILAN/N/ROMED8-NL, BIOS L3.12E 09/06/2022\n[ 549.341781] RIP: 0010:r535_gsp_msgq_wait+0xd0/0x190 [nvkm]\n[ 549.347343] Code: 08 00 00 89 da c1 e2 0c 48 8d ac 11 00 10 00 00 48 8b 0c 24 48 85 c9 74 1f c1 e0 0c 4c 8d 6d 30 83 e8 30 89 01 e9 68 ff ff ff \u003c0f\u003e 0b 49 c7 c5 92 ff ff ff e9 5a ff ff ff ba ff ff ff ff be c0 0c\n[ 549.366090] RSP: 0018:ffffacbccaaeb7d0 EFLAGS: 00010246\n[ 549.371315] RAX: 0000000000000000 RBX: 0000000000000012 RCX: 0000000000923e28\n[ 549.378451] RDX: 0000000000000000 RSI: 0000000055555554 RDI: ffffacbccaaeb730\n[ 549.385590] RBP: 0000000000000001 R08: ffff8bd14d235f70 R09: ffff8bd14d235f70\n[ 549.392721] R10: 0000000000000002 R11: ffff8bd14d233864 R12: 0000000000000020\n[ 549.399854] R13: ffffacbccaaeb818 R14: 0000000000000020 R15: ffff8bb298c67000\n[ 549.406988] FS: 00007f5179244740(0000) GS:ffff8bd14d200000(0000) knlGS:0000000000000000\n[ 549.415076] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 549.420829] CR2: 00007fa844000010 CR3: 00000001567dc005 CR4: 0000000000770ef0\n[ 549.427963] PKRU: 55555554\n[ 549.430672] Call Trace:\n[ 549.433126] \u003cTASK\u003e\n[ 549.435233] ? __warn+0x7f/0x130\n[ 549.438473] ? r535_gsp_msgq_wait+0xd0/0x190 [nvkm]\n[ 549.443426] ? report_bug+0x18a/0x1a0\n[ 549.447098] ? handle_bug+0x3c/0x70\n[ 549.450589] ? exc_invalid_op+0x14/0x70\n[ 549.454430] ? asm_exc_invalid_op+0x16/0x20\n[ 549.458619] ? r535_gsp_msgq_wait+0xd0/0x190 [nvkm]\n[ 549.463565] r535_gsp_msg_recv+0x46/0x230 [nvkm]\n[ 549.468257] r535_gsp_rpc_push+0x106/0x160 [nvkm]\n[ 549.473033] r535_gsp_rpc_rm_ctrl_push+0x40/0x130 [nvkm]\n[ 549.478422] nvidia_grid_init_vgpu_types+0xbc/0xe0 [nvkm]\n[ 549.483899] nvidia_grid_init+0xb1/0xd0 [nvkm]\n[ 549.488420] ? srso_alias_return_thunk+0x5/0xfbef5\n[ 549.493213] nvkm_device_pci_probe+0x305/0x420 [nvkm]\n[ 549.498338] local_pci_probe+0x46/\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58018",
"url": "https://www.suse.com/security/cve/CVE-2024-58018"
},
{
"category": "external",
"summary": "SUSE Bug 1238990 for CVE-2024-58018",
"url": "https://bugzilla.suse.com/1238990"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58018"
},
{
"cve": "CVE-2024-58019",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58019"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvkm/gsp: correctly advance the read pointer of GSP message queue\n\nA GSP event message consists three parts: message header, RPC header,\nmessage body. GSP calculates the number of pages to write from the\ntotal size of a GSP message. This behavior can be observed from the\nmovement of the write pointer.\n\nHowever, nvkm takes only the size of RPC header and message body as\nthe message size when advancing the read pointer. When handling a\ntwo-page GSP message in the non rollback case, It wrongly takes the\nmessage body of the previous message as the message header of the next\nmessage. As the \"message length\" tends to be zero, in the calculation of\nsize needs to be copied (0 - size of (message header)), the size needs to\nbe copied will be \"0xffffffxx\". It also triggers a kernel panic due to a\nNULL pointer error.\n\n[ 547.614102] msg: 00000f90: ff ff ff ff ff ff ff ff 40 d7 18 fb 8b 00 00 00 ........@.......\n[ 547.622533] msg: 00000fa0: 00 00 00 00 ff ff ff ff ff ff ff ff 00 00 00 00 ................\n[ 547.630965] msg: 00000fb0: ff ff ff ff ff ff ff ff 00 00 00 00 ff ff ff ff ................\n[ 547.639397] msg: 00000fc0: ff ff ff ff 00 00 00 00 ff ff ff ff ff ff ff ff ................\n[ 547.647832] nvkm 0000:c1:00.0: gsp: peek msg rpc fn:0 len:0x0/0xffffffffffffffe0\n[ 547.655225] nvkm 0000:c1:00.0: gsp: get msg rpc fn:0 len:0x0/0xffffffffffffffe0\n[ 547.662532] BUG: kernel NULL pointer dereference, address: 0000000000000020\n[ 547.669485] #PF: supervisor read access in kernel mode\n[ 547.674624] #PF: error_code(0x0000) - not-present page\n[ 547.679755] PGD 0 P4D 0\n[ 547.682294] Oops: 0000 [#1] PREEMPT SMP NOPTI\n[ 547.686643] CPU: 22 PID: 322 Comm: kworker/22:1 Tainted: G E 6.9.0-rc6+ #1\n[ 547.694893] Hardware name: ASRockRack 1U1G-MILAN/N/ROMED8-NL, BIOS L3.12E 09/06/2022\n[ 547.702626] Workqueue: events r535_gsp_msgq_work [nvkm]\n[ 547.707921] RIP: 0010:r535_gsp_msg_recv+0x87/0x230 [nvkm]\n[ 547.713375] Code: 00 8b 70 08 48 89 e1 31 d2 4c 89 f7 e8 12 f5 ff ff 48 89 c5 48 85 c0 0f 84 cf 00 00 00 48 81 fd 00 f0 ff ff 0f 87 c4 00 00 00 \u003c8b\u003e 55 10 41 8b 46 30 85 d2 0f 85 f6 00 00 00 83 f8 04 76 10 ba 05\n[ 547.732119] RSP: 0018:ffffabe440f87e10 EFLAGS: 00010203\n[ 547.737335] RAX: 0000000000000010 RBX: 0000000000000008 RCX: 000000000000003f\n[ 547.744461] RDX: 0000000000000000 RSI: ffffabe4480a8030 RDI: 0000000000000010\n[ 547.751585] RBP: 0000000000000010 R08: 0000000000000000 R09: ffffabe440f87bb0\n[ 547.758707] R10: ffffabe440f87dc8 R11: 0000000000000010 R12: 0000000000000000\n[ 547.765834] R13: 0000000000000000 R14: ffff9351df1e5000 R15: 0000000000000000\n[ 547.772958] FS: 0000000000000000(0000) GS:ffff93708eb00000(0000) knlGS:0000000000000000\n[ 547.781035] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 547.786771] CR2: 0000000000000020 CR3: 00000003cc220002 CR4: 0000000000770ef0\n[ 547.793896] PKRU: 55555554\n[ 547.796600] Call Trace:\n[ 547.799046] \u003cTASK\u003e\n[ 547.801152] ? __die+0x20/0x70\n[ 547.804211] ? page_fault_oops+0x75/0x170\n[ 547.808221] ? print_hex_dump+0x100/0x160\n[ 547.812226] ? exc_page_fault+0x64/0x150\n[ 547.816152] ? asm_exc_page_fault+0x22/0x30\n[ 547.820341] ? r535_gsp_msg_recv+0x87/0x230 [nvkm]\n[ 547.825184] r535_gsp_msgq_work+0x42/0x50 [nvkm]\n[ 547.829845] process_one_work+0x196/0x3d0\n[ 547.833861] worker_thread+0x2fc/0x410\n[ 547.837613] ? __pfx_worker_thread+0x10/0x10\n[ 547.841885] kthread+0xdf/0x110\n[ 547.845031] ? __pfx_kthread+0x10/0x10\n[ 547.848775] ret_from_fork+0x30/0x50\n[ 547.852354] ? __pfx_kthread+0x10/0x10\n[ 547.856097] ret_from_fork_asm+0x1a/0x30\n[ 547.860019] \u003c/TASK\u003e\n[ 547.862208] Modules linked in: nvkm(E) gsp_log(E) snd_seq_dummy(E) snd_hrtimer(E) snd_seq(E) snd_timer(E) snd_seq_device(E) snd(E) soundcore(E) rfkill(E) qrtr(E) vfat(E) fat(E) ipmi_ssif(E) amd_atl(E) intel_rapl_msr(E) intel_rapl_common(E) amd64_edac(E) mlx5_ib(E) edac_mce_amd(E) kvm_amd\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58019",
"url": "https://www.suse.com/security/cve/CVE-2024-58019"
},
{
"category": "external",
"summary": "SUSE Bug 1238997 for CVE-2024-58019",
"url": "https://bugzilla.suse.com/1238997"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58019"
},
{
"cve": "CVE-2024-58020",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58020"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: multitouch: Add NULL check in mt_input_configured\n\ndevm_kasprintf() can return a NULL pointer on failure,but this\nreturned value in mt_input_configured() is not checked.\nAdd NULL check in mt_input_configured(), to handle kernel NULL\npointer dereference error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58020",
"url": "https://www.suse.com/security/cve/CVE-2024-58020"
},
{
"category": "external",
"summary": "SUSE Bug 1239346 for CVE-2024-58020",
"url": "https://bugzilla.suse.com/1239346"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58020"
},
{
"cve": "CVE-2024-58034",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58034"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmemory: tegra20-emc: fix an OF node reference bug in tegra_emc_find_node_by_ram_code()\n\nAs of_find_node_by_name() release the reference of the argument device\nnode, tegra_emc_find_node_by_ram_code() releases some device nodes while\nstill in use, resulting in possible UAFs. According to the bindings and\nthe in-tree DTS files, the \"emc-tables\" node is always device\u0027s child\nnode with the property \"nvidia,use-ram-code\", and the \"lpddr2\" node is a\nchild of the \"emc-tables\" node. Thus utilize the\nfor_each_child_of_node() macro and of_get_child_by_name() instead of\nof_find_node_by_name() to simplify the code.\n\nThis bug was found by an experimental verification tool that I am\ndeveloping.\n\n[krzysztof: applied v1, adjust the commit msg to incorporate v2 parts]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58034",
"url": "https://www.suse.com/security/cve/CVE-2024-58034"
},
{
"category": "external",
"summary": "SUSE Bug 1238773 for CVE-2024-58034",
"url": "https://bugzilla.suse.com/1238773"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58034"
},
{
"cve": "CVE-2024-58051",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58051"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipmi: ipmb: Add check devm_kasprintf() returned value\n\ndevm_kasprintf() can return a NULL pointer on failure but this\nreturned value is not checked.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58051",
"url": "https://www.suse.com/security/cve/CVE-2024-58051"
},
{
"category": "external",
"summary": "SUSE Bug 1238963 for CVE-2024-58051",
"url": "https://bugzilla.suse.com/1238963"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58051"
},
{
"cve": "CVE-2024-58052",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58052"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix potential NULL pointer dereference in atomctrl_get_smc_sclk_range_table\n\nThe function atomctrl_get_smc_sclk_range_table() does not check the return\nvalue of smu_atom_get_data_table(). If smu_atom_get_data_table() fails to\nretrieve SMU_Info table, it returns NULL which is later dereferenced.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.\n\nIn practice this should never happen as this code only gets called\non polaris chips and the vbios data table will always be present on\nthose chips.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58052",
"url": "https://www.suse.com/security/cve/CVE-2024-58052"
},
{
"category": "external",
"summary": "SUSE Bug 1238986 for CVE-2024-58052",
"url": "https://bugzilla.suse.com/1238986"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58052"
},
{
"cve": "CVE-2024-58054",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58054"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nstaging: media: max96712: fix kernel oops when removing module\n\nThe following kernel oops is thrown when trying to remove the max96712\nmodule:\n\nUnable to handle kernel paging request at virtual address 00007375746174db\nMem abort info:\n ESR = 0x0000000096000004\n EC = 0x25: DABT (current EL), IL = 32 bits\n SET = 0, FnV = 0\n EA = 0, S1PTW = 0\n FSC = 0x04: level 0 translation fault\nData abort info:\n ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000\n CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\nuser pgtable: 4k pages, 48-bit VAs, pgdp=000000010af89000\n[00007375746174db] pgd=0000000000000000, p4d=0000000000000000\nInternal error: Oops: 0000000096000004 [#1] PREEMPT SMP\nModules linked in: crct10dif_ce polyval_ce mxc_jpeg_encdec flexcan\n snd_soc_fsl_sai snd_soc_fsl_asoc_card snd_soc_fsl_micfil dwc_mipi_csi2\n imx_csi_formatter polyval_generic v4l2_jpeg imx_pcm_dma can_dev\n snd_soc_imx_audmux snd_soc_wm8962 snd_soc_imx_card snd_soc_fsl_utils\n max96712(C-) rpmsg_ctrl rpmsg_char pwm_fan fuse\n [last unloaded: imx8_isi]\nCPU: 0 UID: 0 PID: 754 Comm: rmmod\n\t Tainted: G C 6.12.0-rc6-06364-g327fec852c31 #17\nTainted: [C]=CRAP\nHardware name: NXP i.MX95 19X19 board (DT)\npstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : led_put+0x1c/0x40\nlr : v4l2_subdev_put_privacy_led+0x48/0x58\nsp : ffff80008699bbb0\nx29: ffff80008699bbb0 x28: ffff00008ac233c0 x27: 0000000000000000\nx26: 0000000000000000 x25: 0000000000000000 x24: 0000000000000000\nx23: ffff000080cf1170 x22: ffff00008b53bd00 x21: ffff8000822ad1c8\nx20: ffff000080ff5c00 x19: ffff00008b53be40 x18: 0000000000000000\nx17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000\nx14: 0000000000000004 x13: ffff0000800f8010 x12: 0000000000000000\nx11: ffff000082acf5c0 x10: ffff000082acf478 x9 : ffff0000800f8010\nx8 : 0101010101010101 x7 : 7f7f7f7f7f7f7f7f x6 : fefefeff6364626d\nx5 : 8080808000000000 x4 : 0000000000000020 x3 : 00000000553a3dc1\nx2 : ffff00008ac233c0 x1 : ffff00008ac233c0 x0 : ff00737574617473\nCall trace:\n led_put+0x1c/0x40\n v4l2_subdev_put_privacy_led+0x48/0x58\n v4l2_async_unregister_subdev+0x2c/0x1a4\n max96712_remove+0x1c/0x38 [max96712]\n i2c_device_remove+0x2c/0x9c\n device_remove+0x4c/0x80\n device_release_driver_internal+0x1cc/0x228\n driver_detach+0x4c/0x98\n bus_remove_driver+0x6c/0xbc\n driver_unregister+0x30/0x60\n i2c_del_driver+0x54/0x64\n max96712_i2c_driver_exit+0x18/0x1d0 [max96712]\n __arm64_sys_delete_module+0x1a4/0x290\n invoke_syscall+0x48/0x10c\n el0_svc_common.constprop.0+0xc0/0xe0\n do_el0_svc+0x1c/0x28\n el0_svc+0x34/0xd8\n el0t_64_sync_handler+0x120/0x12c\n el0t_64_sync+0x190/0x194\nCode: f9000bf3 aa0003f3 f9402800 f9402000 (f9403400)\n---[ end trace 0000000000000000 ]---\n\nThis happens because in v4l2_i2c_subdev_init(), the i2c_set_cliendata()\nis called again and the data is overwritten to point to sd, instead of\npriv. So, in remove(), the wrong pointer is passed to\nv4l2_async_unregister_subdev(), leading to a crash.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58054",
"url": "https://www.suse.com/security/cve/CVE-2024-58054"
},
{
"category": "external",
"summary": "SUSE Bug 1238975 for CVE-2024-58054",
"url": "https://bugzilla.suse.com/1238975"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58054"
},
{
"cve": "CVE-2024-58055",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58055"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: f_tcm: Don\u0027t free command immediately\n\nDon\u0027t prematurely free the command. Wait for the status completion of\nthe sense status. It can be freed then. Otherwise we will double-free\nthe command.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58055",
"url": "https://www.suse.com/security/cve/CVE-2024-58055"
},
{
"category": "external",
"summary": "SUSE Bug 1238959 for CVE-2024-58055",
"url": "https://bugzilla.suse.com/1238959"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58055"
},
{
"cve": "CVE-2024-58056",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58056"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nremoteproc: core: Fix ida_free call while not allocated\n\nIn the rproc_alloc() function, on error, put_device(\u0026rproc-\u003edev) is\ncalled, leading to the call of the rproc_type_release() function.\nAn error can occurs before ida_alloc is called.\n\nIn such case in rproc_type_release(), the condition (rproc-\u003eindex \u003e= 0) is\ntrue as rproc-\u003eindex has been initialized to 0.\nida_free() is called reporting a warning:\n[ 4.181906] WARNING: CPU: 1 PID: 24 at lib/idr.c:525 ida_free+0x100/0x164\n[ 4.186378] stm32-display-dsi 5a000000.dsi: Fixed dependency cycle(s) with /soc/dsi@5a000000/panel@0\n[ 4.188854] ida_free called for id=0 which is not allocated.\n[ 4.198256] mipi-dsi 5a000000.dsi.0: Fixed dependency cycle(s) with /soc/dsi@5a000000\n[ 4.203556] Modules linked in: panel_orisetech_otm8009a dw_mipi_dsi_stm(+) gpu_sched dw_mipi_dsi stm32_rproc stm32_crc32 stm32_ipcc(+) optee(+)\n[ 4.224307] CPU: 1 UID: 0 PID: 24 Comm: kworker/u10:0 Not tainted 6.12.0 #442\n[ 4.231481] Hardware name: STM32 (Device Tree Support)\n[ 4.236627] Workqueue: events_unbound deferred_probe_work_func\n[ 4.242504] Call trace:\n[ 4.242522] unwind_backtrace from show_stack+0x10/0x14\n[ 4.250218] show_stack from dump_stack_lvl+0x50/0x64\n[ 4.255274] dump_stack_lvl from __warn+0x80/0x12c\n[ 4.260134] __warn from warn_slowpath_fmt+0x114/0x188\n[ 4.265199] warn_slowpath_fmt from ida_free+0x100/0x164\n[ 4.270565] ida_free from rproc_type_release+0x38/0x60\n[ 4.275832] rproc_type_release from device_release+0x30/0xa0\n[ 4.281601] device_release from kobject_put+0xc4/0x294\n[ 4.286762] kobject_put from rproc_alloc.part.0+0x208/0x28c\n[ 4.292430] rproc_alloc.part.0 from devm_rproc_alloc+0x80/0xc4\n[ 4.298393] devm_rproc_alloc from stm32_rproc_probe+0xd0/0x844 [stm32_rproc]\n[ 4.305575] stm32_rproc_probe [stm32_rproc] from platform_probe+0x5c/0xbc\n\nCalling ida_alloc earlier in rproc_alloc ensures that the rproc-\u003eindex is\nproperly set.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58056",
"url": "https://www.suse.com/security/cve/CVE-2024-58056"
},
{
"category": "external",
"summary": "SUSE Bug 1238981 for CVE-2024-58056",
"url": "https://bugzilla.suse.com/1238981"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58056"
},
{
"cve": "CVE-2024-58057",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58057"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nidpf: convert workqueues to unbound\n\nWhen a workqueue is created with `WQ_UNBOUND`, its work items are\nserved by special worker-pools, whose host workers are not bound to\nany specific CPU. In the default configuration (i.e. when\n`queue_delayed_work` and friends do not specify which CPU to run the\nwork item on), `WQ_UNBOUND` allows the work item to be executed on any\nCPU in the same node of the CPU it was enqueued on. While this\nsolution potentially sacrifices locality, it avoids contention with\nother processes that might dominate the CPU time of the processor the\nwork item was scheduled on.\n\nThis is not just a theoretical problem: in a particular scenario\nmisconfigured process was hogging most of the time from CPU0, leaving\nless than 0.5% of its CPU time to the kworker. The IDPF workqueues\nthat were using the kworker on CPU0 suffered large completion delays\nas a result, causing performance degradation, timeouts and eventual\nsystem crash.\n\n\n* I have also run a manual test to gauge the performance\n improvement. The test consists of an antagonist process\n (`./stress --cpu 2`) consuming as much of CPU 0 as possible. This\n process is run under `taskset 01` to bind it to CPU0, and its\n priority is changed with `chrt -pQ 9900 10000 ${pid}` and\n `renice -n -20 ${pid}` after start.\n\n Then, the IDPF driver is forced to prefer CPU0 by editing all calls\n to `queue_delayed_work`, `mod_delayed_work`, etc... to use CPU 0.\n\n Finally, `ktraces` for the workqueue events are collected.\n\n Without the current patch, the antagonist process can force\n arbitrary delays between `workqueue_queue_work` and\n `workqueue_execute_start`, that in my tests were as high as\n `30ms`. With the current patch applied, the workqueue can be\n migrated to another unloaded CPU in the same node, and, keeping\n everything else equal, the maximum delay I could see was `6us`.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58057",
"url": "https://www.suse.com/security/cve/CVE-2024-58057"
},
{
"category": "external",
"summary": "SUSE Bug 1238969 for CVE-2024-58057",
"url": "https://bugzilla.suse.com/1238969"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58057"
},
{
"cve": "CVE-2024-58058",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58058"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nubifs: skip dumping tnc tree when zroot is null\n\nClearing slab cache will free all znode in memory and make\nc-\u003ezroot.znode = NULL, then dumping tnc tree will access\nc-\u003ezroot.znode which cause null pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58058",
"url": "https://www.suse.com/security/cve/CVE-2024-58058"
},
{
"category": "external",
"summary": "SUSE Bug 1238979 for CVE-2024-58058",
"url": "https://bugzilla.suse.com/1238979"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58058"
},
{
"cve": "CVE-2024-58061",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58061"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: prohibit deactivating all links\n\nIn the internal API this calls this is a WARN_ON, but that\nshould remain since internally we want to know about bugs\nthat may cause this. Prevent deactivating all links in the\ndebugfs write directly.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58061",
"url": "https://www.suse.com/security/cve/CVE-2024-58061"
},
{
"category": "external",
"summary": "SUSE Bug 1238973 for CVE-2024-58061",
"url": "https://bugzilla.suse.com/1238973"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58061"
},
{
"cve": "CVE-2024-58063",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58063"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtlwifi: fix memory leaks and invalid access at probe error path\n\nDeinitialize at reverse order when probe fails.\n\nWhen init_sw_vars fails, rtl_deinit_core should not be called, specially\nnow that it destroys the rtl_wq workqueue.\n\nAnd call rtl_pci_deinit and deinit_sw_vars, otherwise, memory will be\nleaked.\n\nRemove pci_set_drvdata call as it will already be cleaned up by the core\ndriver code and could lead to memory leaks too. cf. commit 8d450935ae7f\n(\"wireless: rtlwifi: remove unnecessary pci_set_drvdata()\") and\ncommit 3d86b93064c7 (\"rtlwifi: Fix PCI probe error path orphaned memory\").",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58063",
"url": "https://www.suse.com/security/cve/CVE-2024-58063"
},
{
"category": "external",
"summary": "SUSE Bug 1238984 for CVE-2024-58063",
"url": "https://bugzilla.suse.com/1238984"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58063"
},
{
"cve": "CVE-2024-58069",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58069"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nrtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read\n\nThe nvmem interface supports variable buffer sizes, while the regmap\ninterface operates with fixed-size storage. If an nvmem client uses a\nbuffer size less than 4 bytes, regmap_read will write out of bounds\nas it expects the buffer to point at an unsigned int.\n\nFix this by using an intermediary unsigned int to hold the value.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58069",
"url": "https://www.suse.com/security/cve/CVE-2024-58069"
},
{
"category": "external",
"summary": "SUSE Bug 1238978 for CVE-2024-58069",
"url": "https://bugzilla.suse.com/1238978"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58069"
},
{
"cve": "CVE-2024-58071",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58071"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nteam: prevent adding a device which is already a team device lower\n\nPrevent adding a device which is already a team device lower,\ne.g. adding veth0 if vlan1 was already added and veth0 is a lower of\nvlan1.\n\nThis is not useful in practice and can lead to recursive locking:\n\n$ ip link add veth0 type veth peer name veth1\n$ ip link set veth0 up\n$ ip link set veth1 up\n$ ip link add link veth0 name veth0.1 type vlan protocol 802.1Q id 1\n$ ip link add team0 type team\n$ ip link set veth0.1 down\n$ ip link set veth0.1 master team0\nteam0: Port device veth0.1 added\n$ ip link set veth0 down\n$ ip link set veth0 master team0\n\n============================================\nWARNING: possible recursive locking detected\n6.13.0-rc2-virtme-00441-ga14a429069bb #46 Not tainted\n--------------------------------------------\nip/7684 is trying to acquire lock:\nffff888016848e00 (team-\u003eteam_lock_key){+.+.}-{4:4}, at: team_device_event (drivers/net/team/team_core.c:2928 drivers/net/team/team_core.c:2951 drivers/net/team/team_core.c:2973)\n\nbut task is already holding lock:\nffff888016848e00 (team-\u003eteam_lock_key){+.+.}-{4:4}, at: team_add_slave (drivers/net/team/team_core.c:1147 drivers/net/team/team_core.c:1977)\n\nother info that might help us debug this:\nPossible unsafe locking scenario:\n\nCPU0\n----\nlock(team-\u003eteam_lock_key);\nlock(team-\u003eteam_lock_key);\n\n*** DEADLOCK ***\n\nMay be due to missing lock nesting notation\n\n2 locks held by ip/7684:\n\nstack backtrace:\nCPU: 3 UID: 0 PID: 7684 Comm: ip Not tainted 6.13.0-rc2-virtme-00441-ga14a429069bb #46\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\nCall Trace:\n\u003cTASK\u003e\ndump_stack_lvl (lib/dump_stack.c:122)\nprint_deadlock_bug.cold (kernel/locking/lockdep.c:3040)\n__lock_acquire (kernel/locking/lockdep.c:3893 kernel/locking/lockdep.c:5226)\n? netlink_broadcast_filtered (net/netlink/af_netlink.c:1548)\nlock_acquire.part.0 (kernel/locking/lockdep.c:467 kernel/locking/lockdep.c:5851)\n? team_device_event (drivers/net/team/team_core.c:2928 drivers/net/team/team_core.c:2951 drivers/net/team/team_core.c:2973)\n? trace_lock_acquire (./include/trace/events/lock.h:24 (discriminator 2))\n? team_device_event (drivers/net/team/team_core.c:2928 drivers/net/team/team_core.c:2951 drivers/net/team/team_core.c:2973)\n? lock_acquire (kernel/locking/lockdep.c:5822)\n? team_device_event (drivers/net/team/team_core.c:2928 drivers/net/team/team_core.c:2951 drivers/net/team/team_core.c:2973)\n__mutex_lock (kernel/locking/mutex.c:587 kernel/locking/mutex.c:735)\n? team_device_event (drivers/net/team/team_core.c:2928 drivers/net/team/team_core.c:2951 drivers/net/team/team_core.c:2973)\n? team_device_event (drivers/net/team/team_core.c:2928 drivers/net/team/team_core.c:2951 drivers/net/team/team_core.c:2973)\n? fib_sync_up (net/ipv4/fib_semantics.c:2167)\n? team_device_event (drivers/net/team/team_core.c:2928 drivers/net/team/team_core.c:2951 drivers/net/team/team_core.c:2973)\nteam_device_event (drivers/net/team/team_core.c:2928 drivers/net/team/team_core.c:2951 drivers/net/team/team_core.c:2973)\nnotifier_call_chain (kernel/notifier.c:85)\ncall_netdevice_notifiers_info (net/core/dev.c:1996)\n__dev_notify_flags (net/core/dev.c:8993)\n? __dev_change_flags (net/core/dev.c:8975)\ndev_change_flags (net/core/dev.c:9027)\nvlan_device_event (net/8021q/vlan.c:85 net/8021q/vlan.c:470)\n? br_device_event (net/bridge/br.c:143)\nnotifier_call_chain (kernel/notifier.c:85)\ncall_netdevice_notifiers_info (net/core/dev.c:1996)\ndev_open (net/core/dev.c:1519 net/core/dev.c:1505)\nteam_add_slave (drivers/net/team/team_core.c:1219 drivers/net/team/team_core.c:1977)\n? __pfx_team_add_slave (drivers/net/team/team_core.c:1972)\ndo_set_master (net/core/rtnetlink.c:2917)\ndo_setlink.isra.0 (net/core/rtnetlink.c:3117)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58071",
"url": "https://www.suse.com/security/cve/CVE-2024-58071"
},
{
"category": "external",
"summary": "SUSE Bug 1238970 for CVE-2024-58071",
"url": "https://bugzilla.suse.com/1238970"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58071"
},
{
"cve": "CVE-2024-58072",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58072"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtlwifi: remove unused check_buddy_priv\n\nCommit 2461c7d60f9f (\"rtlwifi: Update header file\") introduced a global\nlist of private data structures.\n\nLater on, commit 26634c4b1868 (\"rtlwifi Modify existing bits to match\nvendor version 2013.02.07\") started adding the private data to that list at\nprobe time and added a hook, check_buddy_priv to find the private data from\na similar device.\n\nHowever, that function was never used.\n\nBesides, though there is a lock for that list, it is never used. And when\nthe probe fails, the private data is never removed from the list. This\nwould cause a second probe to access freed memory.\n\nRemove the unused hook, structures and members, which will prevent the\npotential race condition on the list and its corruption during a second\nprobe when probe fails.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58072",
"url": "https://www.suse.com/security/cve/CVE-2024-58072"
},
{
"category": "external",
"summary": "SUSE Bug 1238964 for CVE-2024-58072",
"url": "https://bugzilla.suse.com/1238964"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58072"
},
{
"cve": "CVE-2024-58076",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58076"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: qcom: gcc-sm6350: Add missing parent_map for two clocks\n\nIf a clk_rcg2 has a parent, it should also have parent_map defined,\notherwise we\u0027ll get a NULL pointer dereference when calling clk_set_rate\nlike the following:\n\n [ 3.388105] Call trace:\n [ 3.390664] qcom_find_src_index+0x3c/0x70 (P)\n [ 3.395301] qcom_find_src_index+0x1c/0x70 (L)\n [ 3.399934] _freq_tbl_determine_rate+0x48/0x100\n [ 3.404753] clk_rcg2_determine_rate+0x1c/0x28\n [ 3.409387] clk_core_determine_round_nolock+0x58/0xe4\n [ 3.421414] clk_core_round_rate_nolock+0x48/0xfc\n [ 3.432974] clk_core_round_rate_nolock+0xd0/0xfc\n [ 3.444483] clk_core_set_rate_nolock+0x8c/0x300\n [ 3.455886] clk_set_rate+0x38/0x14c\n\nAdd the parent_map property for two clocks where it\u0027s missing and also\nun-inline the parent_data as well to keep the matching parent_map and\nparent_data together.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58076",
"url": "https://www.suse.com/security/cve/CVE-2024-58076"
},
{
"category": "external",
"summary": "SUSE Bug 1239037 for CVE-2024-58076",
"url": "https://bugzilla.suse.com/1239037"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58076"
},
{
"cve": "CVE-2024-58078",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58078"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmisc: misc_minor_alloc to use ida for all dynamic/misc dynamic minors\n\nmisc_minor_alloc was allocating id using ida for minor only in case of\nMISC_DYNAMIC_MINOR but misc_minor_free was always freeing ids\nusing ida_free causing a mismatch and following warn:\n\u003e \u003e WARNING: CPU: 0 PID: 159 at lib/idr.c:525 ida_free+0x3e0/0x41f\n\u003e \u003e ida_free called for id=127 which is not allocated.\n\u003e \u003e \u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\n...\n\u003e \u003e [\u003c60941eb4\u003e] ida_free+0x3e0/0x41f\n\u003e \u003e [\u003c605ac993\u003e] misc_minor_free+0x3e/0xbc\n\u003e \u003e [\u003c605acb82\u003e] misc_deregister+0x171/0x1b3\n\nmisc_minor_alloc is changed to allocate id from ida for all minors\nfalling in the range of dynamic/ misc dynamic minors",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58078",
"url": "https://www.suse.com/security/cve/CVE-2024-58078"
},
{
"category": "external",
"summary": "SUSE Bug 1239034 for CVE-2024-58078",
"url": "https://bugzilla.suse.com/1239034"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58078"
},
{
"cve": "CVE-2024-58079",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58079"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: uvcvideo: Fix crash during unbind if gpio unit is in use\n\nWe used the wrong device for the device managed functions. We used the\nusb device, when we should be using the interface device.\n\nIf we unbind the driver from the usb interface, the cleanup functions\nare never called. In our case, the IRQ is never disabled.\n\nIf an IRQ is triggered, it will try to access memory sections that are\nalready free, causing an OOPS.\n\nWe cannot use the function devm_request_threaded_irq here. The devm_*\nclean functions may be called after the main structure is released by\nuvc_delete.\n\nLuckily this bug has small impact, as it is only affected by devices\nwith gpio units and the user has to unbind the device, a disconnect will\nnot trigger this error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58079",
"url": "https://www.suse.com/security/cve/CVE-2024-58079"
},
{
"category": "external",
"summary": "SUSE Bug 1239029 for CVE-2024-58079",
"url": "https://bugzilla.suse.com/1239029"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58079"
},
{
"cve": "CVE-2024-58080",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58080"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: qcom: dispcc-sm6350: Add missing parent_map for a clock\n\nIf a clk_rcg2 has a parent, it should also have parent_map defined,\notherwise we\u0027ll get a NULL pointer dereference when calling clk_set_rate\nlike the following:\n\n [ 3.388105] Call trace:\n [ 3.390664] qcom_find_src_index+0x3c/0x70 (P)\n [ 3.395301] qcom_find_src_index+0x1c/0x70 (L)\n [ 3.399934] _freq_tbl_determine_rate+0x48/0x100\n [ 3.404753] clk_rcg2_determine_rate+0x1c/0x28\n [ 3.409387] clk_core_determine_round_nolock+0x58/0xe4\n [ 3.421414] clk_core_round_rate_nolock+0x48/0xfc\n [ 3.432974] clk_core_round_rate_nolock+0xd0/0xfc\n [ 3.444483] clk_core_set_rate_nolock+0x8c/0x300\n [ 3.455886] clk_set_rate+0x38/0x14c\n\nAdd the parent_map property for the clock where it\u0027s missing and also\nun-inline the parent_data as well to keep the matching parent_map and\nparent_data together.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58080",
"url": "https://www.suse.com/security/cve/CVE-2024-58080"
},
{
"category": "external",
"summary": "SUSE Bug 1239027 for CVE-2024-58080",
"url": "https://bugzilla.suse.com/1239027"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58080"
},
{
"cve": "CVE-2024-58083",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58083"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: Explicitly verify target vCPU is online in kvm_get_vcpu()\n\nExplicitly verify the target vCPU is fully online _prior_ to clamping the\nindex in kvm_get_vcpu(). If the index is \"bad\", the nospec clamping will\ngenerate \u00270\u0027, i.e. KVM will return vCPU0 instead of NULL.\n\nIn practice, the bug is unlikely to cause problems, as it will only come\ninto play if userspace or the guest is buggy or misbehaving, e.g. KVM may\nsend interrupts to vCPU0 instead of dropping them on the floor.\n\nHowever, returning vCPU0 when it shouldn\u0027t exist per online_vcpus is\nproblematic now that KVM uses an xarray for the vCPUs array, as KVM needs\nto insert into the xarray before publishing the vCPU to userspace (see\ncommit c5b077549136 (\"KVM: Convert the kvm-\u003evcpus array to a xarray\")),\ni.e. before vCPU creation is guaranteed to succeed.\n\nAs a result, incorrectly providing access to vCPU0 will trigger a\nuse-after-free if vCPU0 is dereferenced and kvm_vm_ioctl_create_vcpu()\nbails out of vCPU creation due to an error and frees vCPU0. Commit\nafb2acb2e3a3 (\"KVM: Fix vcpu_array[0] races\") papered over that issue, but\nin doing so introduced an unsolvable teardown conundrum. Preventing\naccesses to vCPU0 before it\u0027s fully online will allow reverting commit\nafb2acb2e3a3, without re-introducing the vcpu_array[0] UAF race.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58083",
"url": "https://www.suse.com/security/cve/CVE-2024-58083"
},
{
"category": "external",
"summary": "SUSE Bug 1239036 for CVE-2024-58083",
"url": "https://bugzilla.suse.com/1239036"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58083"
},
{
"cve": "CVE-2024-58085",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58085"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntomoyo: don\u0027t emit warning in tomoyo_write_control()\n\nsyzbot is reporting too large allocation warning at tomoyo_write_control(),\nfor one can write a very very long line without new line character. To fix\nthis warning, I use __GFP_NOWARN rather than checking for KMALLOC_MAX_SIZE,\nfor practically a valid line should be always shorter than 32KB where the\n\"too small to fail\" memory-allocation rule applies.\n\nOne might try to write a valid line that is longer than 32KB, but such\nrequest will likely fail with -ENOMEM. Therefore, I feel that separately\nreturning -EINVAL when a line is longer than KMALLOC_MAX_SIZE is redundant.\nThere is no need to distinguish over-32KB and over-KMALLOC_MAX_SIZE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58085",
"url": "https://www.suse.com/security/cve/CVE-2024-58085"
},
{
"category": "external",
"summary": "SUSE Bug 1239085 for CVE-2024-58085",
"url": "https://bugzilla.suse.com/1239085"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58085"
},
{
"cve": "CVE-2024-58086",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58086"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Stop active perfmon if it is being destroyed\n\nIf the active performance monitor (`v3d-\u003eactive_perfmon`) is being\ndestroyed, stop it first. Currently, the active perfmon is not\nstopped during destruction, leaving the `v3d-\u003eactive_perfmon` pointer\nstale. This can lead to undefined behavior and instability.\n\nThis patch ensures that the active perfmon is stopped before being\ndestroyed, aligning with the behavior introduced in commit\n7d1fd3638ee3 (\"drm/v3d: Stop the active perfmon before being destroyed\").",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58086",
"url": "https://www.suse.com/security/cve/CVE-2024-58086"
},
{
"category": "external",
"summary": "SUSE Bug 1239038 for CVE-2024-58086",
"url": "https://bugzilla.suse.com/1239038"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58086"
},
{
"cve": "CVE-2025-21631",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21631"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock, bfq: fix waker_bfqq UAF after bfq_split_bfqq()\n\nOur syzkaller report a following UAF for v6.6:\n\nBUG: KASAN: slab-use-after-free in bfq_init_rq+0x175d/0x17a0 block/bfq-iosched.c:6958\nRead of size 8 at addr ffff8881b57147d8 by task fsstress/232726\n\nCPU: 2 PID: 232726 Comm: fsstress Not tainted 6.6.0-g3629d1885222 #39\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x91/0xf0 lib/dump_stack.c:106\n print_address_description.constprop.0+0x66/0x300 mm/kasan/report.c:364\n print_report+0x3e/0x70 mm/kasan/report.c:475\n kasan_report+0xb8/0xf0 mm/kasan/report.c:588\n hlist_add_head include/linux/list.h:1023 [inline]\n bfq_init_rq+0x175d/0x17a0 block/bfq-iosched.c:6958\n bfq_insert_request.isra.0+0xe8/0xa20 block/bfq-iosched.c:6271\n bfq_insert_requests+0x27f/0x390 block/bfq-iosched.c:6323\n blk_mq_insert_request+0x290/0x8f0 block/blk-mq.c:2660\n blk_mq_submit_bio+0x1021/0x15e0 block/blk-mq.c:3143\n __submit_bio+0xa0/0x6b0 block/blk-core.c:639\n __submit_bio_noacct_mq block/blk-core.c:718 [inline]\n submit_bio_noacct_nocheck+0x5b7/0x810 block/blk-core.c:747\n submit_bio_noacct+0xca0/0x1990 block/blk-core.c:847\n __ext4_read_bh fs/ext4/super.c:205 [inline]\n ext4_read_bh+0x15e/0x2e0 fs/ext4/super.c:230\n __read_extent_tree_block+0x304/0x6f0 fs/ext4/extents.c:567\n ext4_find_extent+0x479/0xd20 fs/ext4/extents.c:947\n ext4_ext_map_blocks+0x1a3/0x2680 fs/ext4/extents.c:4182\n ext4_map_blocks+0x929/0x15a0 fs/ext4/inode.c:660\n ext4_iomap_begin_report+0x298/0x480 fs/ext4/inode.c:3569\n iomap_iter+0x3dd/0x1010 fs/iomap/iter.c:91\n iomap_fiemap+0x1f4/0x360 fs/iomap/fiemap.c:80\n ext4_fiemap+0x181/0x210 fs/ext4/extents.c:5051\n ioctl_fiemap.isra.0+0x1b4/0x290 fs/ioctl.c:220\n do_vfs_ioctl+0x31c/0x11a0 fs/ioctl.c:811\n __do_sys_ioctl fs/ioctl.c:869 [inline]\n __se_sys_ioctl+0xae/0x190 fs/ioctl.c:857\n do_syscall_x64 arch/x86/entry/common.c:51 [inline]\n do_syscall_64+0x70/0x120 arch/x86/entry/common.c:81\n entry_SYSCALL_64_after_hwframe+0x78/0xe2\n\nAllocated by task 232719:\n kasan_save_stack+0x22/0x50 mm/kasan/common.c:45\n kasan_set_track+0x25/0x30 mm/kasan/common.c:52\n __kasan_slab_alloc+0x87/0x90 mm/kasan/common.c:328\n kasan_slab_alloc include/linux/kasan.h:188 [inline]\n slab_post_alloc_hook mm/slab.h:768 [inline]\n slab_alloc_node mm/slub.c:3492 [inline]\n kmem_cache_alloc_node+0x1b8/0x6f0 mm/slub.c:3537\n bfq_get_queue+0x215/0x1f00 block/bfq-iosched.c:5869\n bfq_get_bfqq_handle_split+0x167/0x5f0 block/bfq-iosched.c:6776\n bfq_init_rq+0x13a4/0x17a0 block/bfq-iosched.c:6938\n bfq_insert_request.isra.0+0xe8/0xa20 block/bfq-iosched.c:6271\n bfq_insert_requests+0x27f/0x390 block/bfq-iosched.c:6323\n blk_mq_insert_request+0x290/0x8f0 block/blk-mq.c:2660\n blk_mq_submit_bio+0x1021/0x15e0 block/blk-mq.c:3143\n __submit_bio+0xa0/0x6b0 block/blk-core.c:639\n __submit_bio_noacct_mq block/blk-core.c:718 [inline]\n submit_bio_noacct_nocheck+0x5b7/0x810 block/blk-core.c:747\n submit_bio_noacct+0xca0/0x1990 block/blk-core.c:847\n __ext4_read_bh fs/ext4/super.c:205 [inline]\n ext4_read_bh_nowait+0x15a/0x240 fs/ext4/super.c:217\n ext4_read_bh_lock+0xac/0xd0 fs/ext4/super.c:242\n ext4_bread_batch+0x268/0x500 fs/ext4/inode.c:958\n __ext4_find_entry+0x448/0x10f0 fs/ext4/namei.c:1671\n ext4_lookup_entry fs/ext4/namei.c:1774 [inline]\n ext4_lookup.part.0+0x359/0x6f0 fs/ext4/namei.c:1842\n ext4_lookup+0x72/0x90 fs/ext4/namei.c:1839\n __lookup_slow+0x257/0x480 fs/namei.c:1696\n lookup_slow fs/namei.c:1713 [inline]\n walk_component+0x454/0x5c0 fs/namei.c:2004\n link_path_walk.part.0+0x773/0xda0 fs/namei.c:2331\n link_path_walk fs/namei.c:3826 [inline]\n path_openat+0x1b9/0x520 fs/namei.c:3826\n do_filp_open+0x1b7/0x400 fs/namei.c:3857\n do_sys_openat2+0x5dc/0x6e0 fs/open.c:1428\n do_sys_open fs/open.c:1443 [inline]\n __do_sys_openat fs/open.c:1459 [inline]\n __se_sys_openat fs/open.c:1454 [inline]\n __x64_sys_openat+0x148/0x200 fs/open.c:1454\n do_syscall_x64 arch/x86/entry/common.c:51 [inline]\n do_syscall_6\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21631",
"url": "https://www.suse.com/security/cve/CVE-2025-21631"
},
{
"category": "external",
"summary": "SUSE Bug 1236099 for CVE-2025-21631",
"url": "https://bugzilla.suse.com/1236099"
},
{
"category": "external",
"summary": "SUSE Bug 1236100 for CVE-2025-21631",
"url": "https://bugzilla.suse.com/1236100"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2025-21631"
},
{
"cve": "CVE-2025-21635",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21635"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nrds: sysctl: rds_tcp_{rcv,snd}buf: avoid using current-\u003ensproxy\n\nAs mentioned in a previous commit of this series, using the \u0027net\u0027\nstructure via \u0027current\u0027 is not recommended for different reasons:\n\n- Inconsistency: getting info from the reader\u0027s/writer\u0027s netns vs only\n from the opener\u0027s netns.\n\n- current-\u003ensproxy can be NULL in some cases, resulting in an \u0027Oops\u0027\n (null-ptr-deref), e.g. when the current task is exiting, as spotted by\n syzbot [1] using acct(2).\n\nThe per-netns structure can be obtained from the table-\u003edata using\ncontainer_of(), then the \u0027net\u0027 one can be retrieved from the listen\nsocket (if available).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21635",
"url": "https://www.suse.com/security/cve/CVE-2025-21635"
},
{
"category": "external",
"summary": "SUSE Bug 1236111 for CVE-2025-21635",
"url": "https://bugzilla.suse.com/1236111"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21635"
},
{
"cve": "CVE-2025-21636",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21636"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: sysctl: plpmtud_probe_interval: avoid using current-\u003ensproxy\n\nAs mentioned in a previous commit of this series, using the \u0027net\u0027\nstructure via \u0027current\u0027 is not recommended for different reasons:\n\n- Inconsistency: getting info from the reader\u0027s/writer\u0027s netns vs only\n from the opener\u0027s netns.\n\n- current-\u003ensproxy can be NULL in some cases, resulting in an \u0027Oops\u0027\n (null-ptr-deref), e.g. when the current task is exiting, as spotted by\n syzbot [1] using acct(2).\n\nThe \u0027net\u0027 structure can be obtained from the table-\u003edata using\ncontainer_of().\n\nNote that table-\u003edata could also be used directly, as this is the only\nmember needed from the \u0027net\u0027 structure, but that would increase the size\nof this fix, to use \u0027*data\u0027 everywhere \u0027net-\u003esctp.probe_interval\u0027 is\nused.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21636",
"url": "https://www.suse.com/security/cve/CVE-2025-21636"
},
{
"category": "external",
"summary": "SUSE Bug 1236113 for CVE-2025-21636",
"url": "https://bugzilla.suse.com/1236113"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21636"
},
{
"cve": "CVE-2025-21637",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21637"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: sysctl: udp_port: avoid using current-\u003ensproxy\n\nAs mentioned in a previous commit of this series, using the \u0027net\u0027\nstructure via \u0027current\u0027 is not recommended for different reasons:\n\n- Inconsistency: getting info from the reader\u0027s/writer\u0027s netns vs only\n from the opener\u0027s netns.\n\n- current-\u003ensproxy can be NULL in some cases, resulting in an \u0027Oops\u0027\n (null-ptr-deref), e.g. when the current task is exiting, as spotted by\n syzbot [1] using acct(2).\n\nThe \u0027net\u0027 structure can be obtained from the table-\u003edata using\ncontainer_of().\n\nNote that table-\u003edata could also be used directly, but that would\nincrease the size of this fix, while \u0027sctp.ctl_sock\u0027 still needs to be\nretrieved from \u0027net\u0027 structure.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21637",
"url": "https://www.suse.com/security/cve/CVE-2025-21637"
},
{
"category": "external",
"summary": "SUSE Bug 1236114 for CVE-2025-21637",
"url": "https://bugzilla.suse.com/1236114"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21637"
},
{
"cve": "CVE-2025-21638",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21638"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: sysctl: auth_enable: avoid using current-\u003ensproxy\n\nAs mentioned in a previous commit of this series, using the \u0027net\u0027\nstructure via \u0027current\u0027 is not recommended for different reasons:\n\n- Inconsistency: getting info from the reader\u0027s/writer\u0027s netns vs only\n from the opener\u0027s netns.\n\n- current-\u003ensproxy can be NULL in some cases, resulting in an \u0027Oops\u0027\n (null-ptr-deref), e.g. when the current task is exiting, as spotted by\n syzbot [1] using acct(2).\n\nThe \u0027net\u0027 structure can be obtained from the table-\u003edata using\ncontainer_of().\n\nNote that table-\u003edata could also be used directly, but that would\nincrease the size of this fix, while \u0027sctp.ctl_sock\u0027 still needs to be\nretrieved from \u0027net\u0027 structure.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21638",
"url": "https://www.suse.com/security/cve/CVE-2025-21638"
},
{
"category": "external",
"summary": "SUSE Bug 1236115 for CVE-2025-21638",
"url": "https://bugzilla.suse.com/1236115"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21638"
},
{
"cve": "CVE-2025-21639",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21639"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: sysctl: rto_min/max: avoid using current-\u003ensproxy\n\nAs mentioned in a previous commit of this series, using the \u0027net\u0027\nstructure via \u0027current\u0027 is not recommended for different reasons:\n\n- Inconsistency: getting info from the reader\u0027s/writer\u0027s netns vs only\n from the opener\u0027s netns.\n\n- current-\u003ensproxy can be NULL in some cases, resulting in an \u0027Oops\u0027\n (null-ptr-deref), e.g. when the current task is exiting, as spotted by\n syzbot [1] using acct(2).\n\nThe \u0027net\u0027 structure can be obtained from the table-\u003edata using\ncontainer_of().\n\nNote that table-\u003edata could also be used directly, as this is the only\nmember needed from the \u0027net\u0027 structure, but that would increase the size\nof this fix, to use \u0027*data\u0027 everywhere \u0027net-\u003esctp.rto_min/max\u0027 is used.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21639",
"url": "https://www.suse.com/security/cve/CVE-2025-21639"
},
{
"category": "external",
"summary": "SUSE Bug 1236122 for CVE-2025-21639",
"url": "https://bugzilla.suse.com/1236122"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21639"
},
{
"cve": "CVE-2025-21640",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21640"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: sysctl: cookie_hmac_alg: avoid using current-\u003ensproxy\n\nAs mentioned in a previous commit of this series, using the \u0027net\u0027\nstructure via \u0027current\u0027 is not recommended for different reasons:\n\n- Inconsistency: getting info from the reader\u0027s/writer\u0027s netns vs only\n from the opener\u0027s netns.\n\n- current-\u003ensproxy can be NULL in some cases, resulting in an \u0027Oops\u0027\n (null-ptr-deref), e.g. when the current task is exiting, as spotted by\n syzbot [1] using acct(2).\n\nThe \u0027net\u0027 structure can be obtained from the table-\u003edata using\ncontainer_of().\n\nNote that table-\u003edata could also be used directly, as this is the only\nmember needed from the \u0027net\u0027 structure, but that would increase the size\nof this fix, to use \u0027*data\u0027 everywhere \u0027net-\u003esctp.sctp_hmac_alg\u0027 is\nused.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21640",
"url": "https://www.suse.com/security/cve/CVE-2025-21640"
},
{
"category": "external",
"summary": "SUSE Bug 1236123 for CVE-2025-21640",
"url": "https://bugzilla.suse.com/1236123"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21640"
},
{
"cve": "CVE-2025-21647",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21647"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched: sch_cake: add bounds checks to host bulk flow fairness counts\n\nEven though we fixed a logic error in the commit cited below, syzbot\nstill managed to trigger an underflow of the per-host bulk flow\ncounters, leading to an out of bounds memory access.\n\nTo avoid any such logic errors causing out of bounds memory accesses,\nthis commit factors out all accesses to the per-host bulk flow counters\nto a series of helpers that perform bounds-checking before any\nincrements and decrements. This also has the benefit of improving\nreadability by moving the conditional checks for the flow mode into\nthese helpers, instead of having them spread out throughout the\ncode (which was the cause of the original logic error).\n\nAs part of this change, the flow quantum calculation is consolidated\ninto a helper function, which means that the dithering applied to the\nost load scaling is now applied both in the DRR rotation and when a\nsparse flow\u0027s quantum is first initiated. The only user-visible effect\nof this is that the maximum packet size that can be sent while a flow\nstays sparse will now vary with +/- one byte in some cases. This should\nnot make a noticeable difference in practice, and thus it\u0027s not worth\ncomplicating the code to preserve the old behaviour.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21647",
"url": "https://www.suse.com/security/cve/CVE-2025-21647"
},
{
"category": "external",
"summary": "SUSE Bug 1236133 for CVE-2025-21647",
"url": "https://bugzilla.suse.com/1236133"
},
{
"category": "external",
"summary": "SUSE Bug 1236134 for CVE-2025-21647",
"url": "https://bugzilla.suse.com/1236134"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2025-21647"
},
{
"cve": "CVE-2025-21659",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21659"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetdev: prevent accessing NAPI instances from another namespace\n\nThe NAPI IDs were not fully exposed to user space prior to the netlink\nAPI, so they were never namespaced. The netlink API must ensure that\nat the very least NAPI instance belongs to the same netns as the owner\nof the genl sock.\n\nnapi_by_id() can become static now, but it needs to move because of\ndev_get_by_napi_id().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21659",
"url": "https://www.suse.com/security/cve/CVE-2025-21659"
},
{
"category": "external",
"summary": "SUSE Bug 1236206 for CVE-2025-21659",
"url": "https://bugzilla.suse.com/1236206"
},
{
"category": "external",
"summary": "SUSE Bug 1236207 for CVE-2025-21659",
"url": "https://bugzilla.suse.com/1236207"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2025-21659"
},
{
"cve": "CVE-2025-21665",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21665"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfilemap: avoid truncating 64-bit offset to 32 bits\n\nOn 32-bit kernels, folio_seek_hole_data() was inadvertently truncating a\n64-bit value to 32 bits, leading to a possible infinite loop when writing\nto an xfs filesystem.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21665",
"url": "https://www.suse.com/security/cve/CVE-2025-21665"
},
{
"category": "external",
"summary": "SUSE Bug 1236684 for CVE-2025-21665",
"url": "https://bugzilla.suse.com/1236684"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21665"
},
{
"cve": "CVE-2025-21666",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21666"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock: prevent null-ptr-deref in vsock_*[has_data|has_space]\n\nRecent reports have shown how we sometimes call vsock_*_has_data()\nwhen a vsock socket has been de-assigned from a transport (see attached\nlinks), but we shouldn\u0027t.\n\nPrevious commits should have solved the real problems, but we may have\nmore in the future, so to avoid null-ptr-deref, we can return 0\n(no space, no data available) but with a warning.\n\nThis way the code should continue to run in a nearly consistent state\nand have a warning that allows us to debug future problems.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21666",
"url": "https://www.suse.com/security/cve/CVE-2025-21666"
},
{
"category": "external",
"summary": "SUSE Bug 1236680 for CVE-2025-21666",
"url": "https://bugzilla.suse.com/1236680"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21666"
},
{
"cve": "CVE-2025-21667",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21667"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niomap: avoid avoid truncating 64-bit offset to 32 bits\n\non 32-bit kernels, iomap_write_delalloc_scan() was inadvertently using a\n32-bit position due to folio_next_index() returning an unsigned long.\nThis could lead to an infinite loop when writing to an xfs filesystem.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21667",
"url": "https://www.suse.com/security/cve/CVE-2025-21667"
},
{
"category": "external",
"summary": "SUSE Bug 1236681 for CVE-2025-21667",
"url": "https://bugzilla.suse.com/1236681"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21667"
},
{
"cve": "CVE-2025-21668",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21668"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npmdomain: imx8mp-blk-ctrl: add missing loop break condition\n\nCurrently imx8mp_blk_ctrl_remove() will continue the for loop\nuntil an out-of-bounds exception occurs.\n\npstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : dev_pm_domain_detach+0x8/0x48\nlr : imx8mp_blk_ctrl_shutdown+0x58/0x90\nsp : ffffffc084f8bbf0\nx29: ffffffc084f8bbf0 x28: ffffff80daf32ac0 x27: 0000000000000000\nx26: ffffffc081658d78 x25: 0000000000000001 x24: ffffffc08201b028\nx23: ffffff80d0db9490 x22: ffffffc082340a78 x21: 00000000000005b0\nx20: ffffff80d19bc180 x19: 000000000000000a x18: ffffffffffffffff\nx17: ffffffc080a39e08 x16: ffffffc080a39c98 x15: 4f435f464f006c72\nx14: 0000000000000004 x13: ffffff80d0172110 x12: 0000000000000000\nx11: ffffff80d0537740 x10: ffffff80d05376c0 x9 : ffffffc0808ed2d8\nx8 : ffffffc084f8bab0 x7 : 0000000000000000 x6 : 0000000000000000\nx5 : ffffff80d19b9420 x4 : fffffffe03466e60 x3 : 0000000080800077\nx2 : 0000000000000000 x1 : 0000000000000001 x0 : 0000000000000000\nCall trace:\n dev_pm_domain_detach+0x8/0x48\n platform_shutdown+0x2c/0x48\n device_shutdown+0x158/0x268\n kernel_restart_prepare+0x40/0x58\n kernel_kexec+0x58/0xe8\n __do_sys_reboot+0x198/0x258\n __arm64_sys_reboot+0x2c/0x40\n invoke_syscall+0x5c/0x138\n el0_svc_common.constprop.0+0x48/0xf0\n do_el0_svc+0x24/0x38\n el0_svc+0x38/0xc8\n el0t_64_sync_handler+0x120/0x130\n el0t_64_sync+0x190/0x198\nCode: 8128c2d0 ffffffc0 aa1e03e9 d503201f",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21668",
"url": "https://www.suse.com/security/cve/CVE-2025-21668"
},
{
"category": "external",
"summary": "SUSE Bug 1236682 for CVE-2025-21668",
"url": "https://bugzilla.suse.com/1236682"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21668"
},
{
"cve": "CVE-2025-21669",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21669"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock/virtio: discard packets if the transport changes\n\nIf the socket has been de-assigned or assigned to another transport,\nwe must discard any packets received because they are not expected\nand would cause issues when we access vsk-\u003etransport.\n\nA possible scenario is described by Hyunwoo Kim in the attached link,\nwhere after a first connect() interrupted by a signal, and a second\nconnect() failed, we can find `vsk-\u003etransport` at NULL, leading to a\nNULL pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21669",
"url": "https://www.suse.com/security/cve/CVE-2025-21669"
},
{
"category": "external",
"summary": "SUSE Bug 1236683 for CVE-2025-21669",
"url": "https://bugzilla.suse.com/1236683"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21669"
},
{
"cve": "CVE-2025-21670",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21670"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock/bpf: return early if transport is not assigned\n\nSome of the core functions can only be called if the transport\nhas been assigned.\n\nAs Michal reported, a socket might have the transport at NULL,\nfor example after a failed connect(), causing the following trace:\n\n BUG: kernel NULL pointer dereference, address: 00000000000000a0\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 12faf8067 P4D 12faf8067 PUD 113670067 PMD 0\n Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI\n CPU: 15 UID: 0 PID: 1198 Comm: a.out Not tainted 6.13.0-rc2+\n RIP: 0010:vsock_connectible_has_data+0x1f/0x40\n Call Trace:\n vsock_bpf_recvmsg+0xca/0x5e0\n sock_recvmsg+0xb9/0xc0\n __sys_recvfrom+0xb3/0x130\n __x64_sys_recvfrom+0x20/0x30\n do_syscall_64+0x93/0x180\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nSo we need to check the `vsk-\u003etransport` in vsock_bpf_recvmsg(),\nespecially for connected sockets (stream/seqpacket) as we already\ndo in __vsock_connectible_recvmsg().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21670",
"url": "https://www.suse.com/security/cve/CVE-2025-21670"
},
{
"category": "external",
"summary": "SUSE Bug 1236685 for CVE-2025-21670",
"url": "https://bugzilla.suse.com/1236685"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21670"
},
{
"cve": "CVE-2025-21671",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21671"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nzram: fix potential UAF of zram table\n\nIf zram_meta_alloc failed early, it frees allocated zram-\u003etable without\nsetting it NULL. Which will potentially cause zram_meta_free to access\nthe table if user reset an failed and uninitialized device.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21671",
"url": "https://www.suse.com/security/cve/CVE-2025-21671"
},
{
"category": "external",
"summary": "SUSE Bug 1236692 for CVE-2025-21671",
"url": "https://bugzilla.suse.com/1236692"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21671"
},
{
"cve": "CVE-2025-21673",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21673"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix double free of TCP_Server_Info::hostname\n\nWhen shutting down the server in cifs_put_tcp_session(), cifsd thread\nmight be reconnecting to multiple DFS targets before it realizes it\nshould exit the loop, so @server-\u003ehostname can\u0027t be freed as long as\ncifsd thread isn\u0027t done. Otherwise the following can happen:\n\n RIP: 0010:__slab_free+0x223/0x3c0\n Code: 5e 41 5f c3 cc cc cc cc 4c 89 de 4c 89 cf 44 89 44 24 08 4c 89\n 1c 24 e8 fb cf 8e 00 44 8b 44 24 08 4c 8b 1c 24 e9 5f fe ff ff \u003c0f\u003e\n 0b 41 f7 45 08 00 0d 21 00 0f 85 2d ff ff ff e9 1f ff ff ff 80\n RSP: 0018:ffffb26180dbfd08 EFLAGS: 00010246\n RAX: ffff8ea34728e510 RBX: ffff8ea34728e500 RCX: 0000000000800068\n RDX: 0000000000800068 RSI: 0000000000000000 RDI: ffff8ea340042400\n RBP: ffffe112041ca380 R08: 0000000000000001 R09: 0000000000000000\n R10: 6170732e31303000 R11: 70726f632e786563 R12: ffff8ea34728e500\n R13: ffff8ea340042400 R14: ffff8ea34728e500 R15: 0000000000800068\n FS: 0000000000000000(0000) GS:ffff8ea66fd80000(0000)\n 000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007ffc25376080 CR3: 000000012a2ba001 CR4:\n PKRU: 55555554\n Call Trace:\n \u003cTASK\u003e\n ? show_trace_log_lvl+0x1c4/0x2df\n ? show_trace_log_lvl+0x1c4/0x2df\n ? __reconnect_target_unlocked+0x3e/0x160 [cifs]\n ? __die_body.cold+0x8/0xd\n ? die+0x2b/0x50\n ? do_trap+0xce/0x120\n ? __slab_free+0x223/0x3c0\n ? do_error_trap+0x65/0x80\n ? __slab_free+0x223/0x3c0\n ? exc_invalid_op+0x4e/0x70\n ? __slab_free+0x223/0x3c0\n ? asm_exc_invalid_op+0x16/0x20\n ? __slab_free+0x223/0x3c0\n ? extract_hostname+0x5c/0xa0 [cifs]\n ? extract_hostname+0x5c/0xa0 [cifs]\n ? __kmalloc+0x4b/0x140\n __reconnect_target_unlocked+0x3e/0x160 [cifs]\n reconnect_dfs_server+0x145/0x430 [cifs]\n cifs_handle_standard+0x1ad/0x1d0 [cifs]\n cifs_demultiplex_thread+0x592/0x730 [cifs]\n ? __pfx_cifs_demultiplex_thread+0x10/0x10 [cifs]\n kthread+0xdd/0x100\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x29/0x50\n \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21673",
"url": "https://www.suse.com/security/cve/CVE-2025-21673"
},
{
"category": "external",
"summary": "SUSE Bug 1236689 for CVE-2025-21673",
"url": "https://bugzilla.suse.com/1236689"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21673"
},
{
"cve": "CVE-2025-21675",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21675"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Clear port select structure when fail to create\n\nClear the port select structure on error so no stale values left after\ndefiners are destroyed. That\u0027s because the mlx5_lag_destroy_definers()\nalways try to destroy all lag definers in the tt_map, so in the flow\nbelow lag definers get double-destroyed and cause kernel crash:\n\n mlx5_lag_port_sel_create()\n mlx5_lag_create_definers()\n mlx5_lag_create_definer() \u003c- Failed on tt 1\n mlx5_lag_destroy_definers() \u003c- definers[tt=0] gets destroyed\n mlx5_lag_port_sel_create()\n mlx5_lag_create_definers()\n mlx5_lag_create_definer() \u003c- Failed on tt 0\n mlx5_lag_destroy_definers() \u003c- definers[tt=0] gets double-destroyed\n\n Unable to handle kernel NULL pointer dereference at virtual address 0000000000000008\n Mem abort info:\n ESR = 0x0000000096000005\n EC = 0x25: DABT (current EL), IL = 32 bits\n SET = 0, FnV = 0\n EA = 0, S1PTW = 0\n FSC = 0x05: level 1 translation fault\n Data abort info:\n ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000\n CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n user pgtable: 64k pages, 48-bit VAs, pgdp=0000000112ce2e00\n [0000000000000008] pgd=0000000000000000, p4d=0000000000000000, pud=0000000000000000\n Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP\n Modules linked in: iptable_raw bonding ip_gre ip6_gre gre ip6_tunnel tunnel6 geneve ip6_udp_tunnel udp_tunnel ipip tunnel4 ip_tunnel rdma_ucm(OE) rdma_cm(OE) iw_cm(OE) ib_ipoib(OE) ib_cm(OE) ib_umad(OE) mlx5_ib(OE) ib_uverbs(OE) mlx5_fwctl(OE) fwctl(OE) mlx5_core(OE) mlxdevm(OE) ib_core(OE) mlxfw(OE) memtrack(OE) mlx_compat(OE) openvswitch nsh nf_conncount psample xt_conntrack xt_MASQUERADE nf_conntrack_netlink nfnetlink xfrm_user xfrm_algo xt_addrtype iptable_filter iptable_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 br_netfilter bridge stp llc netconsole overlay efi_pstore sch_fq_codel zram ip_tables crct10dif_ce qemu_fw_cfg fuse ipv6 crc_ccitt [last unloaded: mlx_compat(OE)]\n CPU: 3 UID: 0 PID: 217 Comm: kworker/u53:2 Tainted: G OE 6.11.0+ #2\n Tainted: [O]=OOT_MODULE, [E]=UNSIGNED_MODULE\n Hardware name: QEMU KVM Virtual Machine, BIOS 0.0.0 02/06/2015\n Workqueue: mlx5_lag mlx5_do_bond_work [mlx5_core]\n pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : mlx5_del_flow_rules+0x24/0x2c0 [mlx5_core]\n lr : mlx5_lag_destroy_definer+0x54/0x100 [mlx5_core]\n sp : ffff800085fafb00\n x29: ffff800085fafb00 x28: ffff0000da0c8000 x27: 0000000000000000\n x26: ffff0000da0c8000 x25: ffff0000da0c8000 x24: ffff0000da0c8000\n x23: ffff0000c31f81a0 x22: 0400000000000000 x21: ffff0000da0c8000\n x20: 0000000000000000 x19: 0000000000000001 x18: 0000000000000000\n x17: 0000000000000000 x16: 0000000000000000 x15: 0000ffff8b0c9350\n x14: 0000000000000000 x13: ffff800081390d18 x12: ffff800081dc3cc0\n x11: 0000000000000001 x10: 0000000000000b10 x9 : ffff80007ab7304c\n x8 : ffff0000d00711f0 x7 : 0000000000000004 x6 : 0000000000000190\n x5 : ffff00027edb3010 x4 : 0000000000000000 x3 : 0000000000000000\n x2 : ffff0000d39b8000 x1 : ffff0000d39b8000 x0 : 0400000000000000\n Call trace:\n mlx5_del_flow_rules+0x24/0x2c0 [mlx5_core]\n mlx5_lag_destroy_definer+0x54/0x100 [mlx5_core]\n mlx5_lag_destroy_definers+0xa0/0x108 [mlx5_core]\n mlx5_lag_port_sel_create+0x2d4/0x6f8 [mlx5_core]\n mlx5_activate_lag+0x60c/0x6f8 [mlx5_core]\n mlx5_do_bond_work+0x284/0x5c8 [mlx5_core]\n process_one_work+0x170/0x3e0\n worker_thread+0x2d8/0x3e0\n kthread+0x11c/0x128\n ret_from_fork+0x10/0x20\n Code: a9025bf5 aa0003f6 a90363f7 f90023f9 (f9400400)\n ---[ end trace 0000000000000000 ]---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21675",
"url": "https://www.suse.com/security/cve/CVE-2025-21675"
},
{
"category": "external",
"summary": "SUSE Bug 1236694 for CVE-2025-21675",
"url": "https://bugzilla.suse.com/1236694"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21675"
},
{
"cve": "CVE-2025-21678",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21678"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngtp: Destroy device along with udp socket\u0027s netns dismantle.\n\ngtp_newlink() links the device to a list in dev_net(dev) instead of\nsrc_net, where a udp tunnel socket is created.\n\nEven when src_net is removed, the device stays alive on dev_net(dev).\nThen, removing src_net triggers the splat below. [0]\n\nIn this example, gtp0 is created in ns2, and the udp socket is created\nin ns1.\n\n ip netns add ns1\n ip netns add ns2\n ip -n ns1 link add netns ns2 name gtp0 type gtp role sgsn\n ip netns del ns1\n\nLet\u0027s link the device to the socket\u0027s netns instead.\n\nNow, gtp_net_exit_batch_rtnl() needs another netdev iteration to remove\nall gtp devices in the netns.\n\n[0]:\nref_tracker: net notrefcnt@000000003d6e7d05 has 1/2 users at\n sk_alloc (./include/net/net_namespace.h:345 net/core/sock.c:2236)\n inet_create (net/ipv4/af_inet.c:326 net/ipv4/af_inet.c:252)\n __sock_create (net/socket.c:1558)\n udp_sock_create4 (net/ipv4/udp_tunnel_core.c:18)\n gtp_create_sock (./include/net/udp_tunnel.h:59 drivers/net/gtp.c:1423)\n gtp_create_sockets (drivers/net/gtp.c:1447)\n gtp_newlink (drivers/net/gtp.c:1507)\n rtnl_newlink (net/core/rtnetlink.c:3786 net/core/rtnetlink.c:3897 net/core/rtnetlink.c:4012)\n rtnetlink_rcv_msg (net/core/rtnetlink.c:6922)\n netlink_rcv_skb (net/netlink/af_netlink.c:2542)\n netlink_unicast (net/netlink/af_netlink.c:1321 net/netlink/af_netlink.c:1347)\n netlink_sendmsg (net/netlink/af_netlink.c:1891)\n ____sys_sendmsg (net/socket.c:711 net/socket.c:726 net/socket.c:2583)\n ___sys_sendmsg (net/socket.c:2639)\n __sys_sendmsg (net/socket.c:2669)\n do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83)\n\nWARNING: CPU: 1 PID: 60 at lib/ref_tracker.c:179 ref_tracker_dir_exit (lib/ref_tracker.c:179)\nModules linked in:\nCPU: 1 UID: 0 PID: 60 Comm: kworker/u16:2 Not tainted 6.13.0-rc5-00147-g4c1224501e9d #5\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014\nWorkqueue: netns cleanup_net\nRIP: 0010:ref_tracker_dir_exit (lib/ref_tracker.c:179)\nCode: 00 00 00 fc ff df 4d 8b 26 49 bd 00 01 00 00 00 00 ad de 4c 39 f5 0f 85 df 00 00 00 48 8b 74 24 08 48 89 df e8 a5 cc 12 02 90 \u003c0f\u003e 0b 90 48 8d 6b 44 be 04 00 00 00 48 89 ef e8 80 de 67 ff 48 89\nRSP: 0018:ff11000009a07b60 EFLAGS: 00010286\nRAX: 0000000000002bd3 RBX: ff1100000f4e1aa0 RCX: 1ffffffff0e40ac6\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff8423ee3c\nRBP: ff1100000f4e1af0 R08: 0000000000000001 R09: fffffbfff0e395ae\nR10: 0000000000000001 R11: 0000000000036001 R12: ff1100000f4e1af0\nR13: dead000000000100 R14: ff1100000f4e1af0 R15: dffffc0000000000\nFS: 0000000000000000(0000) GS:ff1100006ce80000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f9b2464bd98 CR3: 0000000005286005 CR4: 0000000000771ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe07f0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n \u003cTASK\u003e\n ? __warn (kernel/panic.c:748)\n ? ref_tracker_dir_exit (lib/ref_tracker.c:179)\n ? report_bug (lib/bug.c:201 lib/bug.c:219)\n ? handle_bug (arch/x86/kernel/traps.c:285)\n ? exc_invalid_op (arch/x86/kernel/traps.c:309 (discriminator 1))\n ? asm_exc_invalid_op (./arch/x86/include/asm/idtentry.h:621)\n ? _raw_spin_unlock_irqrestore (./arch/x86/include/asm/irqflags.h:42 ./arch/x86/include/asm/irqflags.h:97 ./arch/x86/include/asm/irqflags.h:155 ./include/linux/spinlock_api_smp.h:151 kernel/locking/spinlock.c:194)\n ? ref_tracker_dir_exit (lib/ref_tracker.c:179)\n ? __pfx_ref_tracker_dir_exit (lib/ref_tracker.c:158)\n ? kfree (mm/slub.c:4613 mm/slub.c:4761)\n net_free (net/core/net_namespace.c:476 net/core/net_namespace.c:467)\n cleanup_net (net/core/net_namespace.c:664 (discriminator 3))\n process_one_work (kernel/workqueue.c:3229)\n worker_thread (kernel/workqueue.c:3304 kernel/workqueue.c:3391\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21678",
"url": "https://www.suse.com/security/cve/CVE-2025-21678"
},
{
"category": "external",
"summary": "SUSE Bug 1236698 for CVE-2025-21678",
"url": "https://bugzilla.suse.com/1236698"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21678"
},
{
"cve": "CVE-2025-21680",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21680"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npktgen: Avoid out-of-bounds access in get_imix_entries\n\nPassing a sufficient amount of imix entries leads to invalid access to the\npkt_dev-\u003eimix_entries array because of the incorrect boundary check.\n\nUBSAN: array-index-out-of-bounds in net/core/pktgen.c:874:24\nindex 20 is out of range for type \u0027imix_pkt [20]\u0027\nCPU: 2 PID: 1210 Comm: bash Not tainted 6.10.0-rc1 #121\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996)\nCall Trace:\n\u003cTASK\u003e\ndump_stack_lvl lib/dump_stack.c:117\n__ubsan_handle_out_of_bounds lib/ubsan.c:429\nget_imix_entries net/core/pktgen.c:874\npktgen_if_write net/core/pktgen.c:1063\npde_write fs/proc/inode.c:334\nproc_reg_write fs/proc/inode.c:346\nvfs_write fs/read_write.c:593\nksys_write fs/read_write.c:644\ndo_syscall_64 arch/x86/entry/common.c:83\nentry_SYSCALL_64_after_hwframe arch/x86/entry/entry_64.S:130\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.\n\n[ fp: allow to fill the array completely; minor changelog cleanup ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21680",
"url": "https://www.suse.com/security/cve/CVE-2025-21680"
},
{
"category": "external",
"summary": "SUSE Bug 1236700 for CVE-2025-21680",
"url": "https://bugzilla.suse.com/1236700"
},
{
"category": "external",
"summary": "SUSE Bug 1236701 for CVE-2025-21680",
"url": "https://bugzilla.suse.com/1236701"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2025-21680"
},
{
"cve": "CVE-2025-21681",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21681"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nopenvswitch: fix lockup on tx to unregistering netdev with carrier\n\nCommit in a fixes tag attempted to fix the issue in the following\nsequence of calls:\n\n do_output\n -\u003e ovs_vport_send\n -\u003e dev_queue_xmit\n -\u003e __dev_queue_xmit\n -\u003e netdev_core_pick_tx\n -\u003e skb_tx_hash\n\nWhen device is unregistering, the \u0027dev-\u003ereal_num_tx_queues\u0027 goes to\nzero and the \u0027while (unlikely(hash \u003e= qcount))\u0027 loop inside the\n\u0027skb_tx_hash\u0027 becomes infinite, locking up the core forever.\n\nBut unfortunately, checking just the carrier status is not enough to\nfix the issue, because some devices may still be in unregistering\nstate while reporting carrier status OK.\n\nOne example of such device is a net/dummy. It sets carrier ON\non start, but it doesn\u0027t implement .ndo_stop to set the carrier off.\nAnd it makes sense, because dummy doesn\u0027t really have a carrier.\nTherefore, while this device is unregistering, it\u0027s still easy to hit\nthe infinite loop in the skb_tx_hash() from the OVS datapath. There\nmight be other drivers that do the same, but dummy by itself is\nimportant for the OVS ecosystem, because it is frequently used as a\npacket sink for tcpdump while debugging OVS deployments. And when the\nissue is hit, the only way to recover is to reboot.\n\nFix that by also checking if the device is running. The running\nstate is handled by the net core during unregistering, so it covers\nunregistering case better, and we don\u0027t really need to send packets\nto devices that are not running anyway.\n\nWhile only checking the running state might be enough, the carrier\ncheck is preserved. The running and the carrier states seem disjoined\nthroughout the code and different drivers. And other core functions\nlike __dev_direct_xmit() check both before attempting to transmit\na packet. So, it seems safer to check both flags in OVS as well.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21681",
"url": "https://www.suse.com/security/cve/CVE-2025-21681"
},
{
"category": "external",
"summary": "SUSE Bug 1236702 for CVE-2025-21681",
"url": "https://bugzilla.suse.com/1236702"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21681"
},
{
"cve": "CVE-2025-21684",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21684"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpio: xilinx: Convert gpio_lock to raw spinlock\n\nirq_chip functions may be called in raw spinlock context. Therefore, we\nmust also use a raw spinlock for our own internal locking.\n\nThis fixes the following lockdep splat:\n\n[ 5.349336] =============================\n[ 5.353349] [ BUG: Invalid wait context ]\n[ 5.357361] 6.13.0-rc5+ #69 Tainted: G W\n[ 5.363031] -----------------------------\n[ 5.367045] kworker/u17:1/44 is trying to lock:\n[ 5.371587] ffffff88018b02c0 (\u0026chip-\u003egpio_lock){....}-{3:3}, at: xgpio_irq_unmask (drivers/gpio/gpio-xilinx.c:433 (discriminator 8))\n[ 5.380079] other info that might help us debug this:\n[ 5.385138] context-{5:5}\n[ 5.387762] 5 locks held by kworker/u17:1/44:\n[ 5.392123] #0: ffffff8800014958 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work (kernel/workqueue.c:3204)\n[ 5.402260] #1: ffffffc082fcbdd8 (deferred_probe_work){+.+.}-{0:0}, at: process_one_work (kernel/workqueue.c:3205)\n[ 5.411528] #2: ffffff880172c900 (\u0026dev-\u003emutex){....}-{4:4}, at: __device_attach (drivers/base/dd.c:1006)\n[ 5.419929] #3: ffffff88039c8268 (request_class#2){+.+.}-{4:4}, at: __setup_irq (kernel/irq/internals.h:156 kernel/irq/manage.c:1596)\n[ 5.428331] #4: ffffff88039c80c8 (lock_class#2){....}-{2:2}, at: __setup_irq (kernel/irq/manage.c:1614)\n[ 5.436472] stack backtrace:\n[ 5.439359] CPU: 2 UID: 0 PID: 44 Comm: kworker/u17:1 Tainted: G W 6.13.0-rc5+ #69\n[ 5.448690] Tainted: [W]=WARN\n[ 5.451656] Hardware name: xlnx,zynqmp (DT)\n[ 5.455845] Workqueue: events_unbound deferred_probe_work_func\n[ 5.461699] Call trace:\n[ 5.464147] show_stack+0x18/0x24 C\n[ 5.467821] dump_stack_lvl (lib/dump_stack.c:123)\n[ 5.471501] dump_stack (lib/dump_stack.c:130)\n[ 5.474824] __lock_acquire (kernel/locking/lockdep.c:4828 kernel/locking/lockdep.c:4898 kernel/locking/lockdep.c:5176)\n[ 5.478758] lock_acquire (arch/arm64/include/asm/percpu.h:40 kernel/locking/lockdep.c:467 kernel/locking/lockdep.c:5851 kernel/locking/lockdep.c:5814)\n[ 5.482429] _raw_spin_lock_irqsave (include/linux/spinlock_api_smp.h:111 kernel/locking/spinlock.c:162)\n[ 5.486797] xgpio_irq_unmask (drivers/gpio/gpio-xilinx.c:433 (discriminator 8))\n[ 5.490737] irq_enable (kernel/irq/internals.h:236 kernel/irq/chip.c:170 kernel/irq/chip.c:439 kernel/irq/chip.c:432 kernel/irq/chip.c:345)\n[ 5.494060] __irq_startup (kernel/irq/internals.h:241 kernel/irq/chip.c:180 kernel/irq/chip.c:250)\n[ 5.497645] irq_startup (kernel/irq/chip.c:270)\n[ 5.501143] __setup_irq (kernel/irq/manage.c:1807)\n[ 5.504728] request_threaded_irq (kernel/irq/manage.c:2208)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21684",
"url": "https://www.suse.com/security/cve/CVE-2025-21684"
},
{
"category": "external",
"summary": "SUSE Bug 1236952 for CVE-2025-21684",
"url": "https://bugzilla.suse.com/1236952"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21684"
},
{
"cve": "CVE-2025-21687",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21687"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvfio/platform: check the bounds of read/write syscalls\n\ncount and offset are passed from user space and not checked, only\noffset is capped to 40 bits, which can be used to read/write out of\nbounds of the device.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21687",
"url": "https://www.suse.com/security/cve/CVE-2025-21687"
},
{
"category": "external",
"summary": "SUSE Bug 1237045 for CVE-2025-21687",
"url": "https://bugzilla.suse.com/1237045"
},
{
"category": "external",
"summary": "SUSE Bug 1237046 for CVE-2025-21687",
"url": "https://bugzilla.suse.com/1237046"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2025-21687"
},
{
"cve": "CVE-2025-21688",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21688"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Assign job pointer to NULL before signaling the fence\n\nIn commit e4b5ccd392b9 (\"drm/v3d: Ensure job pointer is set to NULL\nafter job completion\"), we introduced a change to assign the job pointer\nto NULL after completing a job, indicating job completion.\n\nHowever, this approach created a race condition between the DRM\nscheduler workqueue and the IRQ execution thread. As soon as the fence is\nsignaled in the IRQ execution thread, a new job starts to be executed.\nThis results in a race condition where the IRQ execution thread sets the\njob pointer to NULL simultaneously as the `run_job()` function assigns\na new job to the pointer.\n\nThis race condition can lead to a NULL pointer dereference if the IRQ\nexecution thread sets the job pointer to NULL after `run_job()` assigns\nit to the new job. When the new job completes and the GPU emits an\ninterrupt, `v3d_irq()` is triggered, potentially causing a crash.\n\n[ 466.310099] Unable to handle kernel NULL pointer dereference at virtual address 00000000000000c0\n[ 466.318928] Mem abort info:\n[ 466.321723] ESR = 0x0000000096000005\n[ 466.325479] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 466.330807] SET = 0, FnV = 0\n[ 466.333864] EA = 0, S1PTW = 0\n[ 466.337010] FSC = 0x05: level 1 translation fault\n[ 466.341900] Data abort info:\n[ 466.344783] ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000\n[ 466.350285] CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n[ 466.355350] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[ 466.360677] user pgtable: 4k pages, 39-bit VAs, pgdp=0000000089772000\n[ 466.367140] [00000000000000c0] pgd=0000000000000000, p4d=0000000000000000, pud=0000000000000000\n[ 466.375875] Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP\n[ 466.382163] Modules linked in: rfcomm snd_seq_dummy snd_hrtimer snd_seq snd_seq_device algif_hash algif_skcipher af_alg bnep binfmt_misc vc4 snd_soc_hdmi_codec drm_display_helper cec brcmfmac_wcc spidev rpivid_hevc(C) drm_client_lib brcmfmac hci_uart drm_dma_helper pisp_be btbcm brcmutil snd_soc_core aes_ce_blk v4l2_mem2mem bluetooth aes_ce_cipher snd_compress videobuf2_dma_contig ghash_ce cfg80211 gf128mul snd_pcm_dmaengine videobuf2_memops ecdh_generic sha2_ce ecc videobuf2_v4l2 snd_pcm v3d sha256_arm64 rfkill videodev snd_timer sha1_ce libaes gpu_sched snd videobuf2_common sha1_generic drm_shmem_helper mc rp1_pio drm_kms_helper raspberrypi_hwmon spi_bcm2835 gpio_keys i2c_brcmstb rp1 raspberrypi_gpiomem rp1_mailbox rp1_adc nvmem_rmem uio_pdrv_genirq uio i2c_dev drm ledtrig_pattern drm_panel_orientation_quirks backlight fuse dm_mod ip_tables x_tables ipv6\n[ 466.458429] CPU: 0 UID: 1000 PID: 2008 Comm: chromium Tainted: G C 6.13.0-v8+ #18\n[ 466.467336] Tainted: [C]=CRAP\n[ 466.470306] Hardware name: Raspberry Pi 5 Model B Rev 1.0 (DT)\n[ 466.476157] pstate: 404000c9 (nZcv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 466.483143] pc : v3d_irq+0x118/0x2e0 [v3d]\n[ 466.487258] lr : __handle_irq_event_percpu+0x60/0x228\n[ 466.492327] sp : ffffffc080003ea0\n[ 466.495646] x29: ffffffc080003ea0 x28: ffffff80c0c94200 x27: 0000000000000000\n[ 466.502807] x26: ffffffd08dd81d7b x25: ffffff80c0c94200 x24: ffffff8003bdc200\n[ 466.509969] x23: 0000000000000001 x22: 00000000000000a7 x21: 0000000000000000\n[ 466.517130] x20: ffffff8041bb0000 x19: 0000000000000001 x18: 0000000000000000\n[ 466.524291] x17: ffffffafadfb0000 x16: ffffffc080000000 x15: 0000000000000000\n[ 466.531452] x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000\n[ 466.538613] x11: 0000000000000000 x10: 0000000000000000 x9 : ffffffd08c527eb0\n[ 466.545777] x8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000000000\n[ 466.552941] x5 : ffffffd08c4100d0 x4 : ffffffafadfb0000 x3 : ffffffc080003f70\n[ 466.560102] x2 : ffffffc0829e8058 x1 : 0000000000000001 x0 : 0000000000000000\n[ 466.567263] Call trace:\n[ 466.569711] v3d_irq+0x118/0x2e0 [v3d] (P)\n[ 466.\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21688",
"url": "https://www.suse.com/security/cve/CVE-2025-21688"
},
{
"category": "external",
"summary": "SUSE Bug 1237007 for CVE-2025-21688",
"url": "https://bugzilla.suse.com/1237007"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21688"
},
{
"cve": "CVE-2025-21689",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21689"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb()\n\nThis patch addresses a null-ptr-deref in qt2_process_read_urb() due to\nan incorrect bounds check in the following:\n\n if (newport \u003e serial-\u003enum_ports) {\n dev_err(\u0026port-\u003edev,\n \"%s - port change to invalid port: %i\\n\",\n __func__, newport);\n break;\n }\n\nThe condition doesn\u0027t account for the valid range of the serial-\u003eport\nbuffer, which is from 0 to serial-\u003enum_ports - 1. When newport is equal\nto serial-\u003enum_ports, the assignment of \"port\" in the\nfollowing code is out-of-bounds and NULL:\n\n serial_priv-\u003ecurrent_port = newport;\n port = serial-\u003eport[serial_priv-\u003ecurrent_port];\n\nThe fix checks if newport is greater than or equal to serial-\u003enum_ports\nindicating it is out-of-bounds.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21689",
"url": "https://www.suse.com/security/cve/CVE-2025-21689"
},
{
"category": "external",
"summary": "SUSE Bug 1237017 for CVE-2025-21689",
"url": "https://bugzilla.suse.com/1237017"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21689"
},
{
"cve": "CVE-2025-21690",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21690"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: storvsc: Ratelimit warning logs to prevent VM denial of service\n\nIf there\u0027s a persistent error in the hypervisor, the SCSI warning for\nfailed I/O can flood the kernel log and max out CPU utilization,\npreventing troubleshooting from the VM side. Ratelimit the warning so\nit doesn\u0027t DoS the VM.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21690",
"url": "https://www.suse.com/security/cve/CVE-2025-21690"
},
{
"category": "external",
"summary": "SUSE Bug 1237025 for CVE-2025-21690",
"url": "https://bugzilla.suse.com/1237025"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21690"
},
{
"cve": "CVE-2025-21692",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21692"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sched: fix ets qdisc OOB Indexing\n\nHaowei Yan \u003cg1042620637@gmail.com\u003e found that ets_class_from_arg() can\nindex an Out-Of-Bound class in ets_class_from_arg() when passed clid of\n0. The overflow may cause local privilege escalation.\n\n [ 18.852298] ------------[ cut here ]------------\n [ 18.853271] UBSAN: array-index-out-of-bounds in net/sched/sch_ets.c:93:20\n [ 18.853743] index 18446744073709551615 is out of range for type \u0027ets_class [16]\u0027\n [ 18.854254] CPU: 0 UID: 0 PID: 1275 Comm: poc Not tainted 6.12.6-dirty #17\n [ 18.854821] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\n [ 18.856532] Call Trace:\n [ 18.857441] \u003cTASK\u003e\n [ 18.858227] dump_stack_lvl+0xc2/0xf0\n [ 18.859607] dump_stack+0x10/0x20\n [ 18.860908] __ubsan_handle_out_of_bounds+0xa7/0xf0\n [ 18.864022] ets_class_change+0x3d6/0x3f0\n [ 18.864322] tc_ctl_tclass+0x251/0x910\n [ 18.864587] ? lock_acquire+0x5e/0x140\n [ 18.865113] ? __mutex_lock+0x9c/0xe70\n [ 18.866009] ? __mutex_lock+0xa34/0xe70\n [ 18.866401] rtnetlink_rcv_msg+0x170/0x6f0\n [ 18.866806] ? __lock_acquire+0x578/0xc10\n [ 18.867184] ? __pfx_rtnetlink_rcv_msg+0x10/0x10\n [ 18.867503] netlink_rcv_skb+0x59/0x110\n [ 18.867776] rtnetlink_rcv+0x15/0x30\n [ 18.868159] netlink_unicast+0x1c3/0x2b0\n [ 18.868440] netlink_sendmsg+0x239/0x4b0\n [ 18.868721] ____sys_sendmsg+0x3e2/0x410\n [ 18.869012] ___sys_sendmsg+0x88/0xe0\n [ 18.869276] ? rseq_ip_fixup+0x198/0x260\n [ 18.869563] ? rseq_update_cpu_node_id+0x10a/0x190\n [ 18.869900] ? trace_hardirqs_off+0x5a/0xd0\n [ 18.870196] ? syscall_exit_to_user_mode+0xcc/0x220\n [ 18.870547] ? do_syscall_64+0x93/0x150\n [ 18.870821] ? __memcg_slab_free_hook+0x69/0x290\n [ 18.871157] __sys_sendmsg+0x69/0xd0\n [ 18.871416] __x64_sys_sendmsg+0x1d/0x30\n [ 18.871699] x64_sys_call+0x9e2/0x2670\n [ 18.871979] do_syscall_64+0x87/0x150\n [ 18.873280] ? do_syscall_64+0x93/0x150\n [ 18.874742] ? lock_release+0x7b/0x160\n [ 18.876157] ? do_user_addr_fault+0x5ce/0x8f0\n [ 18.877833] ? irqentry_exit_to_user_mode+0xc2/0x210\n [ 18.879608] ? irqentry_exit+0x77/0xb0\n [ 18.879808] ? clear_bhb_loop+0x15/0x70\n [ 18.880023] ? clear_bhb_loop+0x15/0x70\n [ 18.880223] ? clear_bhb_loop+0x15/0x70\n [ 18.880426] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n [ 18.880683] RIP: 0033:0x44a957\n [ 18.880851] Code: ff ff e8 fc 00 00 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 2e 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 89 54 24 1c 48 8974 24 10\n [ 18.881766] RSP: 002b:00007ffcdd00fad8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\n [ 18.882149] RAX: ffffffffffffffda RBX: 00007ffcdd010db8 RCX: 000000000044a957\n [ 18.882507] RDX: 0000000000000000 RSI: 00007ffcdd00fb70 RDI: 0000000000000003\n [ 18.885037] RBP: 00007ffcdd010bc0 R08: 000000000703c770 R09: 000000000703c7c0\n [ 18.887203] R10: 0000000000000080 R11: 0000000000000246 R12: 0000000000000001\n [ 18.888026] R13: 00007ffcdd010da8 R14: 00000000004ca7d0 R15: 0000000000000001\n [ 18.888395] \u003c/TASK\u003e\n [ 18.888610] ---[ end trace ]---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21692",
"url": "https://www.suse.com/security/cve/CVE-2025-21692"
},
{
"category": "external",
"summary": "SUSE Bug 1237028 for CVE-2025-21692",
"url": "https://bugzilla.suse.com/1237028"
},
{
"category": "external",
"summary": "SUSE Bug 1237048 for CVE-2025-21692",
"url": "https://bugzilla.suse.com/1237048"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2025-21692"
},
{
"cve": "CVE-2025-21693",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21693"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: zswap: properly synchronize freeing resources during CPU hotunplug\n\nIn zswap_compress() and zswap_decompress(), the per-CPU acomp_ctx of the\ncurrent CPU at the beginning of the operation is retrieved and used\nthroughout. However, since neither preemption nor migration are disabled,\nit is possible that the operation continues on a different CPU.\n\nIf the original CPU is hotunplugged while the acomp_ctx is still in use,\nwe run into a UAF bug as some of the resources attached to the acomp_ctx\nare freed during hotunplug in zswap_cpu_comp_dead() (i.e. \nacomp_ctx.buffer, acomp_ctx.req, or acomp_ctx.acomp).\n\nThe problem was introduced in commit 1ec3b5fe6eec (\"mm/zswap: move to use\ncrypto_acomp API for hardware acceleration\") when the switch to the\ncrypto_acomp API was made. Prior to that, the per-CPU crypto_comp was\nretrieved using get_cpu_ptr() which disables preemption and makes sure the\nCPU cannot go away from under us. Preemption cannot be disabled with the\ncrypto_acomp API as a sleepable context is needed.\n\nUse the acomp_ctx.mutex to synchronize CPU hotplug callbacks allocating\nand freeing resources with compression/decompression paths. Make sure\nthat acomp_ctx.req is NULL when the resources are freed. In the\ncompression/decompression paths, check if acomp_ctx.req is NULL after\nacquiring the mutex (meaning the CPU was offlined) and retry on the new\nCPU.\n\nThe initialization of acomp_ctx.mutex is moved from the CPU hotplug\ncallback to the pool initialization where it belongs (where the mutex is\nallocated). In addition to adding clarity, this makes sure that CPU\nhotplug cannot reinitialize a mutex that is already locked by\ncompression/decompression.\n\nPreviously a fix was attempted by holding cpus_read_lock() [1]. This\nwould have caused a potential deadlock as it is possible for code already\nholding the lock to fall into reclaim and enter zswap (causing a\ndeadlock). A fix was also attempted using SRCU for synchronization, but\nJohannes pointed out that synchronize_srcu() cannot be used in CPU hotplug\nnotifiers [2].\n\nAlternative fixes that were considered/attempted and could have worked:\n- Refcounting the per-CPU acomp_ctx. This involves complexity in\n handling the race between the refcount dropping to zero in\n zswap_[de]compress() and the refcount being re-initialized when the\n CPU is onlined.\n- Disabling migration before getting the per-CPU acomp_ctx [3], but\n that\u0027s discouraged and is a much bigger hammer than needed, and could\n result in subtle performance issues.\n\n[1]https://lkml.kernel.org/20241219212437.2714151-1-yosryahmed@google.com/\n[2]https://lkml.kernel.org/20250107074724.1756696-2-yosryahmed@google.com/\n[3]https://lkml.kernel.org/20250107222236.2715883-2-yosryahmed@google.com/\n\n[yosryahmed@google.com: remove comment]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21693",
"url": "https://www.suse.com/security/cve/CVE-2025-21693"
},
{
"category": "external",
"summary": "SUSE Bug 1237029 for CVE-2025-21693",
"url": "https://bugzilla.suse.com/1237029"
},
{
"category": "external",
"summary": "SUSE Bug 1237047 for CVE-2025-21693",
"url": "https://bugzilla.suse.com/1237047"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2025-21693"
},
{
"cve": "CVE-2025-21697",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21697"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Ensure job pointer is set to NULL after job completion\n\nAfter a job completes, the corresponding pointer in the device must\nbe set to NULL. Failing to do so triggers a warning when unloading\nthe driver, as it appears the job is still active. To prevent this,\nassign the job pointer to NULL after completing the job, indicating\nthe job has finished.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21697",
"url": "https://www.suse.com/security/cve/CVE-2025-21697"
},
{
"category": "external",
"summary": "SUSE Bug 1237132 for CVE-2025-21697",
"url": "https://bugzilla.suse.com/1237132"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "low"
}
],
"title": "CVE-2025-21697"
},
{
"cve": "CVE-2025-21699",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21699"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngfs2: Truncate address space when flipping GFS2_DIF_JDATA flag\n\nTruncate an inode\u0027s address space when flipping the GFS2_DIF_JDATA flag:\ndepending on that flag, the pages in the address space will either use\nbuffer heads or iomap_folio_state structs, and we cannot mix the two.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21699",
"url": "https://www.suse.com/security/cve/CVE-2025-21699"
},
{
"category": "external",
"summary": "SUSE Bug 1237139 for CVE-2025-21699",
"url": "https://bugzilla.suse.com/1237139"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21699"
},
{
"cve": "CVE-2025-21700",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21700"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sched: Disallow replacing of child qdisc from one parent to another\n\nLion Ackermann was able to create a UAF which can be abused for privilege\nescalation with the following script\n\nStep 1. create root qdisc\ntc qdisc add dev lo root handle 1:0 drr\n\nstep2. a class for packet aggregation do demonstrate uaf\ntc class add dev lo classid 1:1 drr\n\nstep3. a class for nesting\ntc class add dev lo classid 1:2 drr\n\nstep4. a class to graft qdisc to\ntc class add dev lo classid 1:3 drr\n\nstep5.\ntc qdisc add dev lo parent 1:1 handle 2:0 plug limit 1024\n\nstep6.\ntc qdisc add dev lo parent 1:2 handle 3:0 drr\n\nstep7.\ntc class add dev lo classid 3:1 drr\n\nstep 8.\ntc qdisc add dev lo parent 3:1 handle 4:0 pfifo\n\nstep 9. Display the class/qdisc layout\n\ntc class ls dev lo\n class drr 1:1 root leaf 2: quantum 64Kb\n class drr 1:2 root leaf 3: quantum 64Kb\n class drr 3:1 root leaf 4: quantum 64Kb\n\ntc qdisc ls\n qdisc drr 1: dev lo root refcnt 2\n qdisc plug 2: dev lo parent 1:1\n qdisc pfifo 4: dev lo parent 3:1 limit 1000p\n qdisc drr 3: dev lo parent 1:2\n\nstep10. trigger the bug \u003c=== prevented by this patch\ntc qdisc replace dev lo parent 1:3 handle 4:0\n\nstep 11. Redisplay again the qdiscs/classes\n\ntc class ls dev lo\n class drr 1:1 root leaf 2: quantum 64Kb\n class drr 1:2 root leaf 3: quantum 64Kb\n class drr 1:3 root leaf 4: quantum 64Kb\n class drr 3:1 root leaf 4: quantum 64Kb\n\ntc qdisc ls\n qdisc drr 1: dev lo root refcnt 2\n qdisc plug 2: dev lo parent 1:1\n qdisc pfifo 4: dev lo parent 3:1 refcnt 2 limit 1000p\n qdisc drr 3: dev lo parent 1:2\n\nObserve that a) parent for 4:0 does not change despite the replace request.\nThere can only be one parent. b) refcount has gone up by two for 4:0 and\nc) both class 1:3 and 3:1 are pointing to it.\n\nStep 12. send one packet to plug\necho \"\" | socat -u STDIN UDP4-DATAGRAM:127.0.0.1:8888,priority=$((0x10001))\nstep13. send one packet to the grafted fifo\necho \"\" | socat -u STDIN UDP4-DATAGRAM:127.0.0.1:8888,priority=$((0x10003))\n\nstep14. lets trigger the uaf\ntc class delete dev lo classid 1:3\ntc class delete dev lo classid 1:1\n\nThe semantics of \"replace\" is for a del/add _on the same node_ and not\na delete from one node(3:1) and add to another node (1:3) as in step10.\nWhile we could \"fix\" with a more complex approach there could be\nconsequences to expectations so the patch takes the preventive approach of\n\"disallow such config\".\n\nJoint work with Lion Ackermann \u003cnnamrec@gmail.com\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21700",
"url": "https://www.suse.com/security/cve/CVE-2025-21700"
},
{
"category": "external",
"summary": "SUSE Bug 1237159 for CVE-2025-21700",
"url": "https://bugzilla.suse.com/1237159"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21700"
},
{
"cve": "CVE-2025-21701",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21701"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: avoid race between device unregistration and ethnl ops\n\nThe following trace can be seen if a device is being unregistered while\nits number of channels are being modified.\n\n DEBUG_LOCKS_WARN_ON(lock-\u003emagic != lock)\n WARNING: CPU: 3 PID: 3754 at kernel/locking/mutex.c:564 __mutex_lock+0xc8a/0x1120\n CPU: 3 UID: 0 PID: 3754 Comm: ethtool Not tainted 6.13.0-rc6+ #771\n RIP: 0010:__mutex_lock+0xc8a/0x1120\n Call Trace:\n \u003cTASK\u003e\n ethtool_check_max_channel+0x1ea/0x880\n ethnl_set_channels+0x3c3/0xb10\n ethnl_default_set_doit+0x306/0x650\n genl_family_rcv_msg_doit+0x1e3/0x2c0\n genl_rcv_msg+0x432/0x6f0\n netlink_rcv_skb+0x13d/0x3b0\n genl_rcv+0x28/0x40\n netlink_unicast+0x42e/0x720\n netlink_sendmsg+0x765/0xc20\n __sys_sendto+0x3ac/0x420\n __x64_sys_sendto+0xe0/0x1c0\n do_syscall_64+0x95/0x180\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nThis is because unregister_netdevice_many_notify might run before the\nrtnl lock section of ethnl operations, eg. set_channels in the above\nexample. In this example the rss lock would be destroyed by the device\nunregistration path before being used again, but in general running\nethnl operations while dismantle has started is not a good idea.\n\nFix this by denying any operation on devices being unregistered. A check\nwas already there in ethnl_ops_begin, but not wide enough.\n\nNote that the same issue cannot be seen on the ioctl version\n(__dev_ethtool) because the device reference is retrieved from within\nthe rtnl lock section there. Once dismantle started, the net device is\nunlisted and no reference will be found.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21701",
"url": "https://www.suse.com/security/cve/CVE-2025-21701"
},
{
"category": "external",
"summary": "SUSE Bug 1237164 for CVE-2025-21701",
"url": "https://bugzilla.suse.com/1237164"
},
{
"category": "external",
"summary": "SUSE Bug 1245805 for CVE-2025-21701",
"url": "https://bugzilla.suse.com/1245805"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2025-21701"
},
{
"cve": "CVE-2025-21703",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21703"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetem: Update sch-\u003eq.qlen before qdisc_tree_reduce_backlog()\n\nqdisc_tree_reduce_backlog() notifies parent qdisc only if child\nqdisc becomes empty, therefore we need to reduce the backlog of the\nchild qdisc before calling it. Otherwise it would miss the opportunity\nto call cops-\u003eqlen_notify(), in the case of DRR, it resulted in UAF\nsince DRR uses -\u003eqlen_notify() to maintain its active list.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21703",
"url": "https://www.suse.com/security/cve/CVE-2025-21703"
},
{
"category": "external",
"summary": "SUSE Bug 1237313 for CVE-2025-21703",
"url": "https://bugzilla.suse.com/1237313"
},
{
"category": "external",
"summary": "SUSE Bug 1245796 for CVE-2025-21703",
"url": "https://bugzilla.suse.com/1245796"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2025-21703"
},
{
"cve": "CVE-2025-21704",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21704"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: cdc-acm: Check control transfer buffer size before access\n\nIf the first fragment is shorter than struct usb_cdc_notification, we can\u0027t\ncalculate an expected_size. Log an error and discard the notification\ninstead of reading lengths from memory outside the received data, which can\nlead to memory corruption when the expected_size decreases between\nfragments, causing `expected_size - acm-\u003enb_index` to wrap.\n\nThis issue has been present since the beginning of git history; however,\nit only leads to memory corruption since commit ea2583529cd1\n(\"cdc-acm: reassemble fragmented notifications\").\n\nA mitigating factor is that acm_ctrl_irq() can only execute after userspace\nhas opened /dev/ttyACM*; but if ModemManager is running, ModemManager will\ndo that automatically depending on the USB device\u0027s vendor/product IDs and\nits other interfaces.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21704",
"url": "https://www.suse.com/security/cve/CVE-2025-21704"
},
{
"category": "external",
"summary": "SUSE Bug 1237571 for CVE-2025-21704",
"url": "https://bugzilla.suse.com/1237571"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21704"
},
{
"cve": "CVE-2025-21705",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21705"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: handle fastopen disconnect correctly\n\nSyzbot was able to trigger a data stream corruption:\n\n WARNING: CPU: 0 PID: 9846 at net/mptcp/protocol.c:1024 __mptcp_clean_una+0xddb/0xff0 net/mptcp/protocol.c:1024\n Modules linked in:\n CPU: 0 UID: 0 PID: 9846 Comm: syz-executor351 Not tainted 6.13.0-rc2-syzkaller-00059-g00a5acdbf398 #0\n Hardware name: Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024\n RIP: 0010:__mptcp_clean_una+0xddb/0xff0 net/mptcp/protocol.c:1024\n Code: fa ff ff 48 8b 4c 24 18 80 e1 07 fe c1 38 c1 0f 8c 8e fa ff ff 48 8b 7c 24 18 e8 e0 db 54 f6 e9 7f fa ff ff e8 e6 80 ee f5 90 \u003c0f\u003e 0b 90 4c 8b 6c 24 40 4d 89 f4 e9 04 f5 ff ff 44 89 f1 80 e1 07\n RSP: 0018:ffffc9000c0cf400 EFLAGS: 00010293\n RAX: ffffffff8bb0dd5a RBX: ffff888033f5d230 RCX: ffff888059ce8000\n RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\n RBP: ffffc9000c0cf518 R08: ffffffff8bb0d1dd R09: 1ffff110170c8928\n R10: dffffc0000000000 R11: ffffed10170c8929 R12: 0000000000000000\n R13: ffff888033f5d220 R14: dffffc0000000000 R15: ffff8880592b8000\n FS: 00007f6e866496c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f6e86f491a0 CR3: 00000000310e6000 CR4: 00000000003526f0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n \u003cTASK\u003e\n __mptcp_clean_una_wakeup+0x7f/0x2d0 net/mptcp/protocol.c:1074\n mptcp_release_cb+0x7cb/0xb30 net/mptcp/protocol.c:3493\n release_sock+0x1aa/0x1f0 net/core/sock.c:3640\n inet_wait_for_connect net/ipv4/af_inet.c:609 [inline]\n __inet_stream_connect+0x8bd/0xf30 net/ipv4/af_inet.c:703\n mptcp_sendmsg_fastopen+0x2a2/0x530 net/mptcp/protocol.c:1755\n mptcp_sendmsg+0x1884/0x1b10 net/mptcp/protocol.c:1830\n sock_sendmsg_nosec net/socket.c:711 [inline]\n __sock_sendmsg+0x1a6/0x270 net/socket.c:726\n ____sys_sendmsg+0x52a/0x7e0 net/socket.c:2583\n ___sys_sendmsg net/socket.c:2637 [inline]\n __sys_sendmsg+0x269/0x350 net/socket.c:2669\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n RIP: 0033:0x7f6e86ebfe69\n Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 1f 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48\n RSP: 002b:00007f6e86649168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\n RAX: ffffffffffffffda RBX: 00007f6e86f491b8 RCX: 00007f6e86ebfe69\n RDX: 0000000030004001 RSI: 0000000020000080 RDI: 0000000000000003\n RBP: 00007f6e86f491b0 R08: 00007f6e866496c0 R09: 0000000000000000\n R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6e86f491bc\n R13: 000000000000006e R14: 00007ffe445d9420 R15: 00007ffe445d9508\n \u003c/TASK\u003e\n\nThe root cause is the bad handling of disconnect() generated internally\nby the MPTCP protocol in case of connect FASTOPEN errors.\n\nAddress the issue increasing the socket disconnect counter even on such\na case, to allow other threads waiting on the same socket lock to\nproperly error out.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21705",
"url": "https://www.suse.com/security/cve/CVE-2025-21705"
},
{
"category": "external",
"summary": "SUSE Bug 1238525 for CVE-2025-21705",
"url": "https://bugzilla.suse.com/1238525"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21705"
},
{
"cve": "CVE-2025-21706",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21706"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: only set fullmesh for subflow endp\n\nWith the in-kernel path-manager, it is possible to change the \u0027fullmesh\u0027\nflag. The code in mptcp_pm_nl_fullmesh() expects to change it only on\n\u0027subflow\u0027 endpoints, to recreate more or less subflows using the linked\naddress.\n\nUnfortunately, the set_flags() hook was a bit more permissive, and\nallowed \u0027implicit\u0027 endpoints to get the \u0027fullmesh\u0027 flag while it is not\nallowed before.\n\nThat\u0027s what syzbot found, triggering the following warning:\n\n WARNING: CPU: 0 PID: 6499 at net/mptcp/pm_netlink.c:1496 __mark_subflow_endp_available net/mptcp/pm_netlink.c:1496 [inline]\n WARNING: CPU: 0 PID: 6499 at net/mptcp/pm_netlink.c:1496 mptcp_pm_nl_fullmesh net/mptcp/pm_netlink.c:1980 [inline]\n WARNING: CPU: 0 PID: 6499 at net/mptcp/pm_netlink.c:1496 mptcp_nl_set_flags net/mptcp/pm_netlink.c:2003 [inline]\n WARNING: CPU: 0 PID: 6499 at net/mptcp/pm_netlink.c:1496 mptcp_pm_nl_set_flags+0x974/0xdc0 net/mptcp/pm_netlink.c:2064\n Modules linked in:\n CPU: 0 UID: 0 PID: 6499 Comm: syz.1.413 Not tainted 6.13.0-rc5-syzkaller-00172-gd1bf27c4e176 #0\n Hardware name: Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\n RIP: 0010:__mark_subflow_endp_available net/mptcp/pm_netlink.c:1496 [inline]\n RIP: 0010:mptcp_pm_nl_fullmesh net/mptcp/pm_netlink.c:1980 [inline]\n RIP: 0010:mptcp_nl_set_flags net/mptcp/pm_netlink.c:2003 [inline]\n RIP: 0010:mptcp_pm_nl_set_flags+0x974/0xdc0 net/mptcp/pm_netlink.c:2064\n Code: 01 00 00 49 89 c5 e8 fb 45 e8 f5 e9 b8 fc ff ff e8 f1 45 e8 f5 4c 89 f7 be 03 00 00 00 e8 44 1d 0b f9 eb a0 e8 dd 45 e8 f5 90 \u003c0f\u003e 0b 90 e9 17 ff ff ff 89 d9 80 e1 07 38 c1 0f 8c c9 fc ff ff 48\n RSP: 0018:ffffc9000d307240 EFLAGS: 00010293\n RAX: ffffffff8bb72e03 RBX: 0000000000000000 RCX: ffff88807da88000\n RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\n RBP: ffffc9000d307430 R08: ffffffff8bb72cf0 R09: 1ffff1100b842a5e\n R10: dffffc0000000000 R11: ffffed100b842a5f R12: ffff88801e2e5ac0\n R13: ffff88805c214800 R14: ffff88805c2152e8 R15: 1ffff1100b842a5d\n FS: 00005555619f6500(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000000020002840 CR3: 00000000247e6000 CR4: 00000000003526f0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n \u003cTASK\u003e\n genl_family_rcv_msg_doit net/netlink/genetlink.c:1115 [inline]\n genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]\n genl_rcv_msg+0xb14/0xec0 net/netlink/genetlink.c:1210\n netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2542\n genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219\n netlink_unicast_kernel net/netlink/af_netlink.c:1321 [inline]\n netlink_unicast+0x7f6/0x990 net/netlink/af_netlink.c:1347\n netlink_sendmsg+0x8e4/0xcb0 net/netlink/af_netlink.c:1891\n sock_sendmsg_nosec net/socket.c:711 [inline]\n __sock_sendmsg+0x221/0x270 net/socket.c:726\n ____sys_sendmsg+0x52a/0x7e0 net/socket.c:2583\n ___sys_sendmsg net/socket.c:2637 [inline]\n __sys_sendmsg+0x269/0x350 net/socket.c:2669\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n RIP: 0033:0x7f5fe8785d29\n Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48\n RSP: 002b:00007fff571f5558 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\n RAX: ffffffffffffffda RBX: 00007f5fe8975fa0 RCX: 00007f5fe8785d29\n RDX: 0000000000000000 RSI: 0000000020000480 RDI: 0000000000000007\n RBP: 00007f5fe8801b08 R08: 0000000000000000 R09: 0000000000000000\n R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\n R13: 00007f5fe8975fa0 R14: 00007f5fe8975fa0 R15: 000000\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21706",
"url": "https://www.suse.com/security/cve/CVE-2025-21706"
},
{
"category": "external",
"summary": "SUSE Bug 1238528 for CVE-2025-21706",
"url": "https://bugzilla.suse.com/1238528"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21706"
},
{
"cve": "CVE-2025-21708",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21708"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: rtl8150: enable basic endpoint checking\n\nSyzkaller reports [1] encountering a common issue of utilizing a wrong\nusb endpoint type during URB submitting stage. This, in turn, triggers\na warning shown below.\n\nFor now, enable simple endpoint checking (specifically, bulk and\ninterrupt eps, testing control one is not essential) to mitigate\nthe issue with a view to do other related cosmetic changes later,\nif they are necessary.\n\n[1] Syzkaller report:\nusb 1-1: BOGUS urb xfer, pipe 3 != type 1\nWARNING: CPU: 1 PID: 2586 at drivers/usb/core/urb.c:503 usb_submit_urb+0xe4b/0x1730 driv\u003e\nModules linked in:\nCPU: 1 UID: 0 PID: 2586 Comm: dhcpcd Not tainted 6.11.0-rc4-syzkaller-00069-gfc88bb11617\u003e\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024\nRIP: 0010:usb_submit_urb+0xe4b/0x1730 drivers/usb/core/urb.c:503\nCode: 84 3c 02 00 00 e8 05 e4 fc fc 4c 89 ef e8 fd 25 d7 fe 45 89 e0 89 e9 4c 89 f2 48 8\u003e\nRSP: 0018:ffffc9000441f740 EFLAGS: 00010282\nRAX: 0000000000000000 RBX: ffff888112487a00 RCX: ffffffff811a99a9\nRDX: ffff88810df6ba80 RSI: ffffffff811a99b6 RDI: 0000000000000001\nRBP: 0000000000000003 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000001\nR13: ffff8881023bf0a8 R14: ffff888112452a20 R15: ffff888112487a7c\nFS: 00007fc04eea5740(0000) GS:ffff8881f6300000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f0a1de9f870 CR3: 000000010dbd0000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n rtl8150_open+0x300/0xe30 drivers/net/usb/rtl8150.c:733\n __dev_open+0x2d4/0x4e0 net/core/dev.c:1474\n __dev_change_flags+0x561/0x720 net/core/dev.c:8838\n dev_change_flags+0x8f/0x160 net/core/dev.c:8910\n devinet_ioctl+0x127a/0x1f10 net/ipv4/devinet.c:1177\n inet_ioctl+0x3aa/0x3f0 net/ipv4/af_inet.c:1003\n sock_do_ioctl+0x116/0x280 net/socket.c:1222\n sock_ioctl+0x22e/0x6c0 net/socket.c:1341\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:907 [inline]\n __se_sys_ioctl fs/ioctl.c:893 [inline]\n __x64_sys_ioctl+0x193/0x220 fs/ioctl.c:893\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7fc04ef73d49\n...\n\nThis change has not been tested on real hardware.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21708",
"url": "https://www.suse.com/security/cve/CVE-2025-21708"
},
{
"category": "external",
"summary": "SUSE Bug 1239087 for CVE-2025-21708",
"url": "https://bugzilla.suse.com/1239087"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21708"
},
{
"cve": "CVE-2025-21711",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21711"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/rose: prevent integer overflows in rose_setsockopt()\n\nIn case of possible unpredictably large arguments passed to\nrose_setsockopt() and multiplied by extra values on top of that,\ninteger overflows may occur.\n\nDo the safest minimum and fix these issues by checking the\ncontents of \u0027opt\u0027 and returning -EINVAL if they are too large. Also,\nswitch to unsigned int and remove useless check for negative \u0027opt\u0027\nin ROSE_IDLE case.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21711",
"url": "https://www.suse.com/security/cve/CVE-2025-21711"
},
{
"category": "external",
"summary": "SUSE Bug 1239114 for CVE-2025-21711",
"url": "https://bugzilla.suse.com/1239114"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21711"
},
{
"cve": "CVE-2025-21714",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21714"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mlx5: Fix implicit ODP use after free\n\nPrevent double queueing of implicit ODP mr destroy work by using\n__xa_cmpxchg() to make sure this is the only time we are destroying this\nspecific mr.\n\nWithout this change, we could try to invalidate this mr twice, which in\nturn could result in queuing a MR work destroy twice, and eventually the\nsecond work could execute after the MR was freed due to the first work,\ncausing a user after free and trace below.\n\n refcount_t: underflow; use-after-free.\n WARNING: CPU: 2 PID: 12178 at lib/refcount.c:28 refcount_warn_saturate+0x12b/0x130\n Modules linked in: bonding ib_ipoib vfio_pci ip_gre geneve nf_tables ip6_gre gre ip6_tunnel tunnel6 ipip tunnel4 ib_umad rdma_ucm mlx5_vfio_pci vfio_pci_core vfio_iommu_type1 mlx5_ib vfio ib_uverbs mlx5_core iptable_raw openvswitch nsh rpcrdma ib_iser libiscsi scsi_transport_iscsi rdma_cm iw_cm ib_cm ib_core xt_conntrack xt_MASQUERADE nf_conntrack_netlink nfnetlink xt_addrtype iptable_nat nf_nat br_netfilter rpcsec_gss_krb5 auth_rpcgss oid_registry overlay zram zsmalloc fuse [last unloaded: ib_uverbs]\n CPU: 2 PID: 12178 Comm: kworker/u20:5 Not tainted 6.5.0-rc1_net_next_mlx5_58c644e #1\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\n Workqueue: events_unbound free_implicit_child_mr_work [mlx5_ib]\n RIP: 0010:refcount_warn_saturate+0x12b/0x130\n Code: 48 c7 c7 38 95 2a 82 c6 05 bc c6 fe 00 01 e8 0c 66 aa ff 0f 0b 5b c3 48 c7 c7 e0 94 2a 82 c6 05 a7 c6 fe 00 01 e8 f5 65 aa ff \u003c0f\u003e 0b 5b c3 90 8b 07 3d 00 00 00 c0 74 12 83 f8 01 74 13 8d 50 ff\n RSP: 0018:ffff8881008e3e40 EFLAGS: 00010286\n RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000027\n RDX: ffff88852c91b5c8 RSI: 0000000000000001 RDI: ffff88852c91b5c0\n RBP: ffff8881dacd4e00 R08: 00000000ffffffff R09: 0000000000000019\n R10: 000000000000072e R11: 0000000063666572 R12: ffff88812bfd9e00\n R13: ffff8881c792d200 R14: ffff88810011c005 R15: ffff8881002099c0\n FS: 0000000000000000(0000) GS:ffff88852c900000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f5694b5e000 CR3: 00000001153f6003 CR4: 0000000000370ea0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n \u003cTASK\u003e\n ? refcount_warn_saturate+0x12b/0x130\n free_implicit_child_mr_work+0x180/0x1b0 [mlx5_ib]\n process_one_work+0x1cc/0x3c0\n worker_thread+0x218/0x3c0\n kthread+0xc6/0xf0\n ret_from_fork+0x1f/0x30\n \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21714",
"url": "https://www.suse.com/security/cve/CVE-2025-21714"
},
{
"category": "external",
"summary": "SUSE Bug 1237890 for CVE-2025-21714",
"url": "https://bugzilla.suse.com/1237890"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21714"
},
{
"cve": "CVE-2025-21715",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21715"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: davicom: fix UAF in dm9000_drv_remove\n\ndm is netdev private data and it cannot be\nused after free_netdev() call. Using dm after free_netdev()\ncan cause UAF bug. Fix it by moving free_netdev() at the end of the\nfunction.\n\nThis is similar to the issue fixed in commit\nad297cd2db89 (\"net: qcom/emac: fix UAF in emac_remove\").\n\nThis bug is detected by our static analysis tool.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21715",
"url": "https://www.suse.com/security/cve/CVE-2025-21715"
},
{
"category": "external",
"summary": "SUSE Bug 1237889 for CVE-2025-21715",
"url": "https://bugzilla.suse.com/1237889"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21715"
},
{
"cve": "CVE-2025-21716",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21716"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvxlan: Fix uninit-value in vxlan_vnifilter_dump()\n\nKMSAN reported an uninit-value access in vxlan_vnifilter_dump() [1].\n\nIf the length of the netlink message payload is less than\nsizeof(struct tunnel_msg), vxlan_vnifilter_dump() accesses bytes\nbeyond the message. This can lead to uninit-value access. Fix this by\nreturning an error in such situations.\n\n[1]\nBUG: KMSAN: uninit-value in vxlan_vnifilter_dump+0x328/0x920 drivers/net/vxlan/vxlan_vnifilter.c:422\n vxlan_vnifilter_dump+0x328/0x920 drivers/net/vxlan/vxlan_vnifilter.c:422\n rtnl_dumpit+0xd5/0x2f0 net/core/rtnetlink.c:6786\n netlink_dump+0x93e/0x15f0 net/netlink/af_netlink.c:2317\n __netlink_dump_start+0x716/0xd60 net/netlink/af_netlink.c:2432\n netlink_dump_start include/linux/netlink.h:340 [inline]\n rtnetlink_dump_start net/core/rtnetlink.c:6815 [inline]\n rtnetlink_rcv_msg+0x1256/0x14a0 net/core/rtnetlink.c:6882\n netlink_rcv_skb+0x467/0x660 net/netlink/af_netlink.c:2542\n rtnetlink_rcv+0x35/0x40 net/core/rtnetlink.c:6944\n netlink_unicast_kernel net/netlink/af_netlink.c:1321 [inline]\n netlink_unicast+0xed6/0x1290 net/netlink/af_netlink.c:1347\n netlink_sendmsg+0x1092/0x1230 net/netlink/af_netlink.c:1891\n sock_sendmsg_nosec net/socket.c:711 [inline]\n __sock_sendmsg+0x330/0x3d0 net/socket.c:726\n ____sys_sendmsg+0x7f4/0xb50 net/socket.c:2583\n ___sys_sendmsg+0x271/0x3b0 net/socket.c:2637\n __sys_sendmsg net/socket.c:2669 [inline]\n __do_sys_sendmsg net/socket.c:2674 [inline]\n __se_sys_sendmsg net/socket.c:2672 [inline]\n __x64_sys_sendmsg+0x211/0x3e0 net/socket.c:2672\n x64_sys_call+0x3878/0x3d90 arch/x86/include/generated/asm/syscalls_64.h:47\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xd9/0x1d0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nUninit was created at:\n slab_post_alloc_hook mm/slub.c:4110 [inline]\n slab_alloc_node mm/slub.c:4153 [inline]\n kmem_cache_alloc_node_noprof+0x800/0xe80 mm/slub.c:4205\n kmalloc_reserve+0x13b/0x4b0 net/core/skbuff.c:587\n __alloc_skb+0x347/0x7d0 net/core/skbuff.c:678\n alloc_skb include/linux/skbuff.h:1323 [inline]\n netlink_alloc_large_skb+0xa5/0x280 net/netlink/af_netlink.c:1196\n netlink_sendmsg+0xac9/0x1230 net/netlink/af_netlink.c:1866\n sock_sendmsg_nosec net/socket.c:711 [inline]\n __sock_sendmsg+0x330/0x3d0 net/socket.c:726\n ____sys_sendmsg+0x7f4/0xb50 net/socket.c:2583\n ___sys_sendmsg+0x271/0x3b0 net/socket.c:2637\n __sys_sendmsg net/socket.c:2669 [inline]\n __do_sys_sendmsg net/socket.c:2674 [inline]\n __se_sys_sendmsg net/socket.c:2672 [inline]\n __x64_sys_sendmsg+0x211/0x3e0 net/socket.c:2672\n x64_sys_call+0x3878/0x3d90 arch/x86/include/generated/asm/syscalls_64.h:47\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xd9/0x1d0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nCPU: 0 UID: 0 PID: 30991 Comm: syz.4.10630 Not tainted 6.12.0-10694-gc44daa7e3c73 #29\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-3.fc41 04/01/2014",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21716",
"url": "https://www.suse.com/security/cve/CVE-2025-21716"
},
{
"category": "external",
"summary": "SUSE Bug 1237891 for CVE-2025-21716",
"url": "https://bugzilla.suse.com/1237891"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21716"
},
{
"cve": "CVE-2025-21718",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21718"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: rose: fix timer races against user threads\n\nRose timers only acquire the socket spinlock, without\nchecking if the socket is owned by one user thread.\n\nAdd a check and rearm the timers if needed.\n\nBUG: KASAN: slab-use-after-free in rose_timer_expiry+0x31d/0x360 net/rose/rose_timer.c:174\nRead of size 2 at addr ffff88802f09b82a by task swapper/0/0\n\nCPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.13.0-rc5-syzkaller-00172-gd1bf27c4e176 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nCall Trace:\n \u003cIRQ\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:489\n kasan_report+0x143/0x180 mm/kasan/report.c:602\n rose_timer_expiry+0x31d/0x360 net/rose/rose_timer.c:174\n call_timer_fn+0x187/0x650 kernel/time/timer.c:1793\n expire_timers kernel/time/timer.c:1844 [inline]\n __run_timers kernel/time/timer.c:2418 [inline]\n __run_timer_base+0x66a/0x8e0 kernel/time/timer.c:2430\n run_timer_base kernel/time/timer.c:2439 [inline]\n run_timer_softirq+0xb7/0x170 kernel/time/timer.c:2449\n handle_softirqs+0x2d4/0x9b0 kernel/softirq.c:561\n __do_softirq kernel/softirq.c:595 [inline]\n invoke_softirq kernel/softirq.c:435 [inline]\n __irq_exit_rcu+0xf7/0x220 kernel/softirq.c:662\n irq_exit_rcu+0x9/0x30 kernel/softirq.c:678\n instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline]\n sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1049\n \u003c/IRQ\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21718",
"url": "https://www.suse.com/security/cve/CVE-2025-21718"
},
{
"category": "external",
"summary": "SUSE Bug 1239073 for CVE-2025-21718",
"url": "https://bugzilla.suse.com/1239073"
},
{
"category": "external",
"summary": "SUSE Bug 1239074 for CVE-2025-21718",
"url": "https://bugzilla.suse.com/1239074"
},
{
"category": "external",
"summary": "SUSE Bug 1239076 for CVE-2025-21718",
"url": "https://bugzilla.suse.com/1239076"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2025-21718"
},
{
"cve": "CVE-2025-21719",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21719"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipmr: do not call mr_mfc_uses_dev() for unres entries\n\nsyzbot found that calling mr_mfc_uses_dev() for unres entries\nwould crash [1], because c-\u003emfc_un.res.minvif / c-\u003emfc_un.res.maxvif\nalias to \"struct sk_buff_head unresolved\", which contain two pointers.\n\nThis code never worked, lets remove it.\n\n[1]\nUnable to handle kernel paging request at virtual address ffff5fff2d536613\nKASAN: maybe wild-memory-access in range [0xfffefff96a9b3098-0xfffefff96a9b309f]\nModules linked in:\nCPU: 1 UID: 0 PID: 7321 Comm: syz.0.16 Not tainted 6.13.0-rc7-syzkaller-g1950a0af2d55 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\npstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : mr_mfc_uses_dev net/ipv4/ipmr_base.c:290 [inline]\n pc : mr_table_dump+0x5a4/0x8b0 net/ipv4/ipmr_base.c:334\n lr : mr_mfc_uses_dev net/ipv4/ipmr_base.c:289 [inline]\n lr : mr_table_dump+0x694/0x8b0 net/ipv4/ipmr_base.c:334\nCall trace:\n mr_mfc_uses_dev net/ipv4/ipmr_base.c:290 [inline] (P)\n mr_table_dump+0x5a4/0x8b0 net/ipv4/ipmr_base.c:334 (P)\n mr_rtm_dumproute+0x254/0x454 net/ipv4/ipmr_base.c:382\n ipmr_rtm_dumproute+0x248/0x4b4 net/ipv4/ipmr.c:2648\n rtnl_dump_all+0x2e4/0x4e8 net/core/rtnetlink.c:4327\n rtnl_dumpit+0x98/0x1d0 net/core/rtnetlink.c:6791\n netlink_dump+0x4f0/0xbc0 net/netlink/af_netlink.c:2317\n netlink_recvmsg+0x56c/0xe64 net/netlink/af_netlink.c:1973\n sock_recvmsg_nosec net/socket.c:1033 [inline]\n sock_recvmsg net/socket.c:1055 [inline]\n sock_read_iter+0x2d8/0x40c net/socket.c:1125\n new_sync_read fs/read_write.c:484 [inline]\n vfs_read+0x740/0x970 fs/read_write.c:565\n ksys_read+0x15c/0x26c fs/read_write.c:708",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21719",
"url": "https://www.suse.com/security/cve/CVE-2025-21719"
},
{
"category": "external",
"summary": "SUSE Bug 1238860 for CVE-2025-21719",
"url": "https://bugzilla.suse.com/1238860"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21719"
},
{
"cve": "CVE-2025-21723",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21723"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: mpi3mr: Fix possible crash when setting up bsg fails\n\nIf bsg_setup_queue() fails, the bsg_queue is assigned a non-NULL value.\nConsequently, in mpi3mr_bsg_exit(), the condition \"if(!mrioc-\u003ebsg_queue)\"\nwill not be satisfied, preventing execution from entering\nbsg_remove_queue(), which could lead to the following crash:\n\nBUG: kernel NULL pointer dereference, address: 000000000000041c\nCall Trace:\n \u003cTASK\u003e\n mpi3mr_bsg_exit+0x1f/0x50 [mpi3mr]\n mpi3mr_remove+0x6f/0x340 [mpi3mr]\n pci_device_remove+0x3f/0xb0\n device_release_driver_internal+0x19d/0x220\n unbind_store+0xa4/0xb0\n kernfs_fop_write_iter+0x11f/0x200\n vfs_write+0x1fc/0x3e0\n ksys_write+0x67/0xe0\n do_syscall_64+0x38/0x80\n entry_SYSCALL_64_after_hwframe+0x78/0xe2",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21723",
"url": "https://www.suse.com/security/cve/CVE-2025-21723"
},
{
"category": "external",
"summary": "SUSE Bug 1238864 for CVE-2025-21723",
"url": "https://bugzilla.suse.com/1238864"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21723"
},
{
"cve": "CVE-2025-21724",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21724"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niommufd/iova_bitmap: Fix shift-out-of-bounds in iova_bitmap_offset_to_index()\n\nResolve a UBSAN shift-out-of-bounds issue in iova_bitmap_offset_to_index()\nwhere shifting the constant \"1\" (of type int) by bitmap-\u003emapped.pgshift\n(an unsigned long value) could result in undefined behavior.\n\nThe constant \"1\" defaults to a 32-bit \"int\", and when \"pgshift\" exceeds\n31 (e.g., pgshift = 63) the shift operation overflows, as the result\ncannot be represented in a 32-bit type.\n\nTo resolve this, the constant is updated to \"1UL\", promoting it to an\nunsigned long type to match the operand\u0027s type.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21724",
"url": "https://www.suse.com/security/cve/CVE-2025-21724"
},
{
"category": "external",
"summary": "SUSE Bug 1238863 for CVE-2025-21724",
"url": "https://bugzilla.suse.com/1238863"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21724"
},
{
"cve": "CVE-2025-21725",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21725"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix oops due to unset link speed\n\nIt isn\u0027t guaranteed that NETWORK_INTERFACE_INFO::LinkSpeed will always\nbe set by the server, so the client must handle any values and then\nprevent oopses like below from happening:\n\nOops: divide error: 0000 [#1] PREEMPT SMP KASAN NOPTI\nCPU: 0 UID: 0 PID: 1323 Comm: cat Not tainted 6.13.0-rc7 #2\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-3.fc41\n04/01/2014\nRIP: 0010:cifs_debug_data_proc_show+0xa45/0x1460 [cifs] Code: 00 00 48\n89 df e8 3b cd 1b c1 41 f6 44 24 2c 04 0f 84 50 01 00 00 48 89 ef e8\ne7 d0 1b c1 49 8b 44 24 18 31 d2 49 8d 7c 24 28 \u003c48\u003e f7 74 24 18 48 89\nc3 e8 6e cf 1b c1 41 8b 6c 24 28 49 8d 7c 24\nRSP: 0018:ffffc90001817be0 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: ffff88811230022c RCX: ffffffffc041bd99\nRDX: 0000000000000000 RSI: 0000000000000567 RDI: ffff888112300228\nRBP: ffff888112300218 R08: fffff52000302f5f R09: ffffed1022fa58ac\nR10: ffff888117d2c566 R11: 00000000fffffffe R12: ffff888112300200\nR13: 000000012a15343f R14: 0000000000000001 R15: ffff888113f2db58\nFS: 00007fe27119e740(0000) GS:ffff888148600000(0000)\nknlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007fe2633c5000 CR3: 0000000124da0000 CR4: 0000000000750ef0\nPKRU: 55555554\nCall Trace:\n \u003cTASK\u003e\n ? __die_body.cold+0x19/0x27\n ? die+0x2e/0x50\n ? do_trap+0x159/0x1b0\n ? cifs_debug_data_proc_show+0xa45/0x1460 [cifs]\n ? do_error_trap+0x90/0x130\n ? cifs_debug_data_proc_show+0xa45/0x1460 [cifs]\n ? exc_divide_error+0x39/0x50\n ? cifs_debug_data_proc_show+0xa45/0x1460 [cifs]\n ? asm_exc_divide_error+0x1a/0x20\n ? cifs_debug_data_proc_show+0xa39/0x1460 [cifs]\n ? cifs_debug_data_proc_show+0xa45/0x1460 [cifs]\n ? seq_read_iter+0x42e/0x790\n seq_read_iter+0x19a/0x790\n proc_reg_read_iter+0xbe/0x110\n ? __pfx_proc_reg_read_iter+0x10/0x10\n vfs_read+0x469/0x570\n ? do_user_addr_fault+0x398/0x760\n ? __pfx_vfs_read+0x10/0x10\n ? find_held_lock+0x8a/0xa0\n ? __pfx_lock_release+0x10/0x10\n ksys_read+0xd3/0x170\n ? __pfx_ksys_read+0x10/0x10\n ? __rcu_read_unlock+0x50/0x270\n ? mark_held_locks+0x1a/0x90\n do_syscall_64+0xbb/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7fe271288911\nCode: 00 48 8b 15 01 25 10 00 f7 d8 64 89 02 b8 ff ff ff ff eb bd e8\n20 ad 01 00 f3 0f 1e fa 80 3d b5 a7 10 00 00 74 13 31 c0 0f 05 \u003c48\u003e 3d\n00 f0 ff ff 77 4f c3 66 0f 1f 44 00 00 55 48 89 e5 48 83 ec\nRSP: 002b:00007ffe87c079d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000\nRAX: ffffffffffffffda RBX: 0000000000040000 RCX: 00007fe271288911\nRDX: 0000000000040000 RSI: 00007fe2633c6000 RDI: 0000000000000003\nRBP: 00007ffe87c07a00 R08: 0000000000000000 R09: 00007fe2713e6380\nR10: 0000000000000022 R11: 0000000000000246 R12: 0000000000040000\nR13: 00007fe2633c6000 R14: 0000000000000003 R15: 0000000000000000\n \u003c/TASK\u003e\n\nFix this by setting cifs_server_iface::speed to a sane value (1Gbps)\nby default when link speed is unset.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21725",
"url": "https://www.suse.com/security/cve/CVE-2025-21725"
},
{
"category": "external",
"summary": "SUSE Bug 1238877 for CVE-2025-21725",
"url": "https://bugzilla.suse.com/1238877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21725"
},
{
"cve": "CVE-2025-21726",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21726"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npadata: avoid UAF for reorder_work\n\nAlthough the previous patch can avoid ps and ps UAF for _do_serial, it\ncan not avoid potential UAF issue for reorder_work. This issue can\nhappen just as below:\n\ncrypto_request\t\t\tcrypto_request\t\tcrypto_del_alg\npadata_do_serial\n ...\n padata_reorder\n // processes all remaining\n // requests then breaks\n while (1) {\n if (!padata)\n break;\n ...\n }\n\n\t\t\t\tpadata_do_serial\n\t\t\t\t // new request added\n\t\t\t\t list_add\n // sees the new request\n queue_work(reorder_work)\n\t\t\t\t padata_reorder\n\t\t\t\t queue_work_on(squeue-\u003ework)\n...\n\n\t\t\t\t\u003ckworker context\u003e\n\t\t\t\tpadata_serial_worker\n\t\t\t\t// completes new request,\n\t\t\t\t// no more outstanding\n\t\t\t\t// requests\n\n\t\t\t\t\t\t\tcrypto_del_alg\n\t\t\t\t\t\t\t // free pd\n\n\u003ckworker context\u003e\ninvoke_padata_reorder\n // UAF of pd\n\nTo avoid UAF for \u0027reorder_work\u0027, get \u0027pd\u0027 ref before put \u0027reorder_work\u0027\ninto the \u0027serial_wq\u0027 and put \u0027pd\u0027 ref until the \u0027serial_wq\u0027 finish.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21726",
"url": "https://www.suse.com/security/cve/CVE-2025-21726"
},
{
"category": "external",
"summary": "SUSE Bug 1238865 for CVE-2025-21726",
"url": "https://bugzilla.suse.com/1238865"
},
{
"category": "external",
"summary": "SUSE Bug 1240837 for CVE-2025-21726",
"url": "https://bugzilla.suse.com/1240837"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2025-21726"
},
{
"cve": "CVE-2025-21727",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21727"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npadata: fix UAF in padata_reorder\n\nA bug was found when run ltp test:\n\nBUG: KASAN: slab-use-after-free in padata_find_next+0x29/0x1a0\nRead of size 4 at addr ffff88bbfe003524 by task kworker/u113:2/3039206\n\nCPU: 0 PID: 3039206 Comm: kworker/u113:2 Kdump: loaded Not tainted 6.6.0+\nWorkqueue: pdecrypt_parallel padata_parallel_worker\nCall Trace:\n\u003cTASK\u003e\ndump_stack_lvl+0x32/0x50\nprint_address_description.constprop.0+0x6b/0x3d0\nprint_report+0xdd/0x2c0\nkasan_report+0xa5/0xd0\npadata_find_next+0x29/0x1a0\npadata_reorder+0x131/0x220\npadata_parallel_worker+0x3d/0xc0\nprocess_one_work+0x2ec/0x5a0\n\nIf \u0027mdelay(10)\u0027 is added before calling \u0027padata_find_next\u0027 in the\n\u0027padata_reorder\u0027 function, this issue could be reproduced easily with\nltp test (pcrypt_aead01).\n\nThis can be explained as bellow:\n\npcrypt_aead_encrypt\n...\npadata_do_parallel\nrefcount_inc(\u0026pd-\u003erefcnt); // add refcnt\n...\npadata_do_serial\npadata_reorder // pd\nwhile (1) {\npadata_find_next(pd, true); // using pd\nqueue_work_on\n...\npadata_serial_worker\t\t\t\tcrypto_del_alg\npadata_put_pd_cnt // sub refcnt\n\t\t\t\t\t\tpadata_free_shell\n\t\t\t\t\t\tpadata_put_pd(ps-\u003epd);\n\t\t\t\t\t\t// pd is freed\n// loop again, but pd is freed\n// call padata_find_next, UAF\n}\n\nIn the padata_reorder function, when it loops in \u0027while\u0027, if the alg is\ndeleted, the refcnt may be decreased to 0 before entering\n\u0027padata_find_next\u0027, which leads to UAF.\n\nAs mentioned in [1], do_serial is supposed to be called with BHs disabled\nand always happen under RCU protection, to address this issue, add\nsynchronize_rcu() in \u0027padata_free_shell\u0027 wait for all _do_serial calls\nto finish.\n\n[1] https://lore.kernel.org/all/20221028160401.cccypv4euxikusiq@parnassus.localdomain/\n[2] https://lore.kernel.org/linux-kernel/jfjz5d7zwbytztackem7ibzalm5lnxldi2eofeiczqmqs2m7o6@fq426cwnjtkm/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21727",
"url": "https://www.suse.com/security/cve/CVE-2025-21727"
},
{
"category": "external",
"summary": "SUSE Bug 1237876 for CVE-2025-21727",
"url": "https://bugzilla.suse.com/1237876"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21727"
},
{
"cve": "CVE-2025-21728",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21728"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Send signals asynchronously if !preemptible\n\nBPF programs can execute in all kinds of contexts and when a program\nrunning in a non-preemptible context uses the bpf_send_signal() kfunc,\nit will cause issues because this kfunc can sleep.\nChange `irqs_disabled()` to `!preemptible()`.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21728",
"url": "https://www.suse.com/security/cve/CVE-2025-21728"
},
{
"category": "external",
"summary": "SUSE Bug 1237879 for CVE-2025-21728",
"url": "https://bugzilla.suse.com/1237879"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21728"
},
{
"cve": "CVE-2025-21729",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21729"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw89: fix race between cancel_hw_scan and hw_scan completion\n\nThe rtwdev-\u003escanning flag isn\u0027t protected by mutex originally, so\ncancel_hw_scan can pass the condition, but suddenly hw_scan completion\nunset the flag and calls ieee80211_scan_completed() that will free\nlocal-\u003ehw_scan_req. Then, cancel_hw_scan raises null-ptr-deref and\nuse-after-free. Fix it by moving the check condition to where\nprotected by mutex.\n\n KASAN: null-ptr-deref in range [0x0000000000000088-0x000000000000008f]\n CPU: 2 PID: 6922 Comm: kworker/2:2 Tainted: G OE\n Hardware name: LENOVO 2356AD1/2356AD1, BIOS G7ETB6WW (2.76 ) 09/10/2019\n Workqueue: events cfg80211_conn_work [cfg80211]\n RIP: 0010:rtw89_fw_h2c_scan_offload_be+0xc33/0x13c3 [rtw89_core]\n Code: 00 45 89 6c 24 1c 0f 85 23 01 00 00 48 8b 85 20 ff ff ff 48 8d\n RSP: 0018:ffff88811fd9f068 EFLAGS: 00010206\n RAX: dffffc0000000000 RBX: ffff88811fd9f258 RCX: 0000000000000001\n RDX: 0000000000000011 RSI: 0000000000000001 RDI: 0000000000000089\n RBP: ffff88811fd9f170 R08: 0000000000000000 R09: 0000000000000000\n R10: ffff88811fd9f108 R11: 0000000000000000 R12: ffff88810e47f960\n R13: 0000000000000000 R14: 000000000000ffff R15: 0000000000000000\n FS: 0000000000000000(0000) GS:ffff8881d6f00000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007531dfca55b0 CR3: 00000001be296004 CR4: 00000000001706e0\n Call Trace:\n \u003cTASK\u003e\n ? show_regs+0x61/0x73\n ? __die_body+0x20/0x73\n ? die_addr+0x4f/0x7b\n ? exc_general_protection+0x191/0x1db\n ? asm_exc_general_protection+0x27/0x30\n ? rtw89_fw_h2c_scan_offload_be+0xc33/0x13c3 [rtw89_core]\n ? rtw89_fw_h2c_scan_offload_be+0x458/0x13c3 [rtw89_core]\n ? __pfx_rtw89_fw_h2c_scan_offload_be+0x10/0x10 [rtw89_core]\n ? do_raw_spin_lock+0x75/0xdb\n ? __pfx_do_raw_spin_lock+0x10/0x10\n rtw89_hw_scan_offload+0xb5e/0xbf7 [rtw89_core]\n ? _raw_spin_unlock+0xe/0x24\n ? __mutex_lock.constprop.0+0x40c/0x471\n ? __pfx_rtw89_hw_scan_offload+0x10/0x10 [rtw89_core]\n ? __mutex_lock_slowpath+0x13/0x1f\n ? mutex_lock+0xa2/0xdc\n ? __pfx_mutex_lock+0x10/0x10\n rtw89_hw_scan_abort+0x58/0xb7 [rtw89_core]\n rtw89_ops_cancel_hw_scan+0x120/0x13b [rtw89_core]\n ieee80211_scan_cancel+0x468/0x4d0 [mac80211]\n ieee80211_prep_connection+0x858/0x899 [mac80211]\n ieee80211_mgd_auth+0xbea/0xdde [mac80211]\n ? __pfx_ieee80211_mgd_auth+0x10/0x10 [mac80211]\n ? cfg80211_find_elem+0x15/0x29 [cfg80211]\n ? is_bss+0x1b7/0x1d7 [cfg80211]\n ieee80211_auth+0x18/0x27 [mac80211]\n cfg80211_mlme_auth+0x3bb/0x3e7 [cfg80211]\n cfg80211_conn_do_work+0x410/0xb81 [cfg80211]\n ? __pfx_cfg80211_conn_do_work+0x10/0x10 [cfg80211]\n ? __kasan_check_read+0x11/0x1f\n ? psi_group_change+0x8bc/0x944\n ? __kasan_check_write+0x14/0x22\n ? mutex_lock+0x8e/0xdc\n ? __pfx_mutex_lock+0x10/0x10\n ? __pfx___radix_tree_lookup+0x10/0x10\n cfg80211_conn_work+0x245/0x34d [cfg80211]\n ? __pfx_cfg80211_conn_work+0x10/0x10 [cfg80211]\n ? update_cfs_rq_load_avg+0x3bc/0x3d7\n ? sched_clock_noinstr+0x9/0x1a\n ? sched_clock+0x10/0x24\n ? sched_clock_cpu+0x7e/0x42e\n ? newidle_balance+0x796/0x937\n ? __pfx_sched_clock_cpu+0x10/0x10\n ? __pfx_newidle_balance+0x10/0x10\n ? __kasan_check_read+0x11/0x1f\n ? psi_group_change+0x8bc/0x944\n ? _raw_spin_unlock+0xe/0x24\n ? raw_spin_rq_unlock+0x47/0x54\n ? raw_spin_rq_unlock_irq+0x9/0x1f\n ? finish_task_switch.isra.0+0x347/0x586\n ? __schedule+0x27bf/0x2892\n ? mutex_unlock+0x80/0xd0\n ? do_raw_spin_lock+0x75/0xdb\n ? __pfx___schedule+0x10/0x10\n process_scheduled_works+0x58c/0x821\n worker_thread+0x4c7/0x586\n ? __kasan_check_read+0x11/0x1f\n kthread+0x285/0x294\n ? __pfx_worker_thread+0x10/0x10\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x29/0x6f\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1b/0x30\n \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21729",
"url": "https://www.suse.com/security/cve/CVE-2025-21729"
},
{
"category": "external",
"summary": "SUSE Bug 1237874 for CVE-2025-21729",
"url": "https://bugzilla.suse.com/1237874"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21729"
},
{
"cve": "CVE-2025-21731",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21731"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnbd: don\u0027t allow reconnect after disconnect\n\nFollowing process can cause nbd_config UAF:\n\n1) grab nbd_config temporarily;\n\n2) nbd_genl_disconnect() flush all recv_work() and release the\ninitial reference:\n\n nbd_genl_disconnect\n nbd_disconnect_and_put\n nbd_disconnect\n flush_workqueue(nbd-\u003erecv_workq)\n if (test_and_clear_bit(NBD_RT_HAS_CONFIG_REF, ...))\n nbd_config_put\n -\u003e due to step 1), reference is still not zero\n\n3) nbd_genl_reconfigure() queue recv_work() again;\n\n nbd_genl_reconfigure\n config = nbd_get_config_unlocked(nbd)\n if (!config)\n -\u003e succeed\n if (!test_bit(NBD_RT_BOUND, ...))\n -\u003e succeed\n nbd_reconnect_socket\n queue_work(nbd-\u003erecv_workq, \u0026args-\u003ework)\n\n4) step 1) release the reference;\n\n5) Finially, recv_work() will trigger UAF:\n\n recv_work\n nbd_config_put(nbd)\n -\u003e nbd_config is freed\n atomic_dec(\u0026config-\u003erecv_threads)\n -\u003e UAF\n\nFix the problem by clearing NBD_RT_BOUND in nbd_genl_disconnect(), so\nthat nbd_genl_reconfigure() will fail.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21731",
"url": "https://www.suse.com/security/cve/CVE-2025-21731"
},
{
"category": "external",
"summary": "SUSE Bug 1237881 for CVE-2025-21731",
"url": "https://bugzilla.suse.com/1237881"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21731"
},
{
"cve": "CVE-2025-21732",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21732"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mlx5: Fix a race for an ODP MR which leads to CQE with error\n\nThis patch addresses a race condition for an ODP MR that can result in a\nCQE with an error on the UMR QP.\n\nDuring the __mlx5_ib_dereg_mr() flow, the following sequence of calls\noccurs:\n\nmlx5_revoke_mr()\n mlx5r_umr_revoke_mr()\n mlx5r_umr_post_send_wait()\n\nAt this point, the lkey is freed from the hardware\u0027s perspective.\n\nHowever, concurrently, mlx5_ib_invalidate_range() might be triggered by\nanother task attempting to invalidate a range for the same freed lkey.\n\nThis task will:\n - Acquire the umem_odp-\u003eumem_mutex lock.\n - Call mlx5r_umr_update_xlt() on the UMR QP.\n - Since the lkey has already been freed, this can lead to a CQE error,\n causing the UMR QP to enter an error state [1].\n\nTo resolve this race condition, the umem_odp-\u003eumem_mutex lock is now also\nacquired as part of the mlx5_revoke_mr() scope. Upon successful revoke,\nwe set umem_odp-\u003eprivate which points to that MR to NULL, preventing any\nfurther invalidation attempts on its lkey.\n\n[1] From dmesg:\n\n infiniband rocep8s0f0: dump_cqe:277:(pid 0): WC error: 6, Message: memory bind operation error\n cqe_dump: 00000000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n cqe_dump: 00000010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n cqe_dump: 00000020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n cqe_dump: 00000030: 00 00 00 00 08 00 78 06 25 00 11 b9 00 0e dd d2\n\n WARNING: CPU: 15 PID: 1506 at drivers/infiniband/hw/mlx5/umr.c:394 mlx5r_umr_post_send_wait+0x15a/0x2b0 [mlx5_ib]\n Modules linked in: ip6table_mangle ip6table_natip6table_filter ip6_tables iptable_mangle xt_conntrack xt_MASQUERADE nf_conntrack_netlink nfnetlink xt_addrtype iptable_nat nf_nat br_netfilter rpcsec_gss_krb5 auth_rpcgss oid_registry overlay rpcrdma rdma_ucm ib_iser libiscsi scsi_transport_iscsi rdma_cm iw_cm ib_umad ib_ipoib ib_cm mlx5_ib ib_uverbs ib_core fuse mlx5_core\n CPU: 15 UID: 0 PID: 1506 Comm: ibv_rc_pingpong Not tainted 6.12.0-rc7+ #1626\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\n RIP: 0010:mlx5r_umr_post_send_wait+0x15a/0x2b0 [mlx5_ib]\n [..]\n Call Trace:\n \u003cTASK\u003e\n mlx5r_umr_update_xlt+0x23c/0x3e0 [mlx5_ib]\n mlx5_ib_invalidate_range+0x2e1/0x330 [mlx5_ib]\n __mmu_notifier_invalidate_range_start+0x1e1/0x240\n zap_page_range_single+0xf1/0x1a0\n madvise_vma_behavior+0x677/0x6e0\n do_madvise+0x1a2/0x4b0\n __x64_sys_madvise+0x25/0x30\n do_syscall_64+0x6b/0x140\n entry_SYSCALL_64_after_hwframe+0x76/0x7e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21732",
"url": "https://www.suse.com/security/cve/CVE-2025-21732"
},
{
"category": "external",
"summary": "SUSE Bug 1237877 for CVE-2025-21732",
"url": "https://bugzilla.suse.com/1237877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21732"
},
{
"cve": "CVE-2025-21733",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21733"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing/osnoise: Fix resetting of tracepoints\n\nIf a timerlat tracer is started with the osnoise option OSNOISE_WORKLOAD\ndisabled, but then that option is enabled and timerlat is removed, the\ntracepoints that were enabled on timerlat registration do not get\ndisabled. If the option is disabled again and timelat is started, then it\ntriggers a warning in the tracepoint code due to registering the\ntracepoint again without ever disabling it.\n\nDo not use the same user space defined options to know to disable the\ntracepoints when timerlat is removed. Instead, set a global flag when it\nis enabled and use that flag to know to disable the events.\n\n ~# echo NO_OSNOISE_WORKLOAD \u003e /sys/kernel/tracing/osnoise/options\n ~# echo timerlat \u003e /sys/kernel/tracing/current_tracer\n ~# echo OSNOISE_WORKLOAD \u003e /sys/kernel/tracing/osnoise/options\n ~# echo nop \u003e /sys/kernel/tracing/current_tracer\n ~# echo NO_OSNOISE_WORKLOAD \u003e /sys/kernel/tracing/osnoise/options\n ~# echo timerlat \u003e /sys/kernel/tracing/current_tracer\n\nTriggers:\n\n ------------[ cut here ]------------\n WARNING: CPU: 6 PID: 1337 at kernel/tracepoint.c:294 tracepoint_add_func+0x3b6/0x3f0\n Modules linked in:\n CPU: 6 UID: 0 PID: 1337 Comm: rtla Not tainted 6.13.0-rc4-test-00018-ga867c441128e-dirty #73\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n RIP: 0010:tracepoint_add_func+0x3b6/0x3f0\n Code: 48 8b 53 28 48 8b 73 20 4c 89 04 24 e8 23 59 11 00 4c 8b 04 24 e9 36 fe ff ff 0f 0b b8 ea ff ff ff 45 84 e4 0f 84 68 fe ff ff \u003c0f\u003e 0b e9 61 fe ff ff 48 8b 7b 18 48 85 ff 0f 84 4f ff ff ff 49 8b\n RSP: 0018:ffffb9b003a87ca0 EFLAGS: 00010202\n RAX: 00000000ffffffef RBX: ffffffff92f30860 RCX: 0000000000000000\n RDX: 0000000000000000 RSI: ffff9bf59e91ccd0 RDI: ffffffff913b6410\n RBP: 000000000000000a R08: 00000000000005c7 R09: 0000000000000002\n R10: ffffb9b003a87ce0 R11: 0000000000000002 R12: 0000000000000001\n R13: ffffb9b003a87ce0 R14: ffffffffffffffef R15: 0000000000000008\n FS: 00007fce81209240(0000) GS:ffff9bf6fdd00000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 000055e99b728000 CR3: 00000001277c0002 CR4: 0000000000172ef0\n Call Trace:\n \u003cTASK\u003e\n ? __warn.cold+0xb7/0x14d\n ? tracepoint_add_func+0x3b6/0x3f0\n ? report_bug+0xea/0x170\n ? handle_bug+0x58/0x90\n ? exc_invalid_op+0x17/0x70\n ? asm_exc_invalid_op+0x1a/0x20\n ? __pfx_trace_sched_migrate_callback+0x10/0x10\n ? tracepoint_add_func+0x3b6/0x3f0\n ? __pfx_trace_sched_migrate_callback+0x10/0x10\n ? __pfx_trace_sched_migrate_callback+0x10/0x10\n tracepoint_probe_register+0x78/0xb0\n ? __pfx_trace_sched_migrate_callback+0x10/0x10\n osnoise_workload_start+0x2b5/0x370\n timerlat_tracer_init+0x76/0x1b0\n tracing_set_tracer+0x244/0x400\n tracing_set_trace_write+0xa0/0xe0\n vfs_write+0xfc/0x570\n ? do_sys_openat2+0x9c/0xe0\n ksys_write+0x72/0xf0\n do_syscall_64+0x79/0x1c0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21733",
"url": "https://www.suse.com/security/cve/CVE-2025-21733"
},
{
"category": "external",
"summary": "SUSE Bug 1238494 for CVE-2025-21733",
"url": "https://bugzilla.suse.com/1238494"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21733"
},
{
"cve": "CVE-2025-21734",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21734"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmisc: fastrpc: Fix copy buffer page size\n\nFor non-registered buffer, fastrpc driver copies the buffer and\npass it to the remote subsystem. There is a problem with current\nimplementation of page size calculation which is not considering\nthe offset in the calculation. This might lead to passing of\nimproper and out-of-bounds page size which could result in\nmemory issue. Calculate page start and page end using the offset\nadjusted address instead of absolute address.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21734",
"url": "https://www.suse.com/security/cve/CVE-2025-21734"
},
{
"category": "external",
"summary": "SUSE Bug 1238734 for CVE-2025-21734",
"url": "https://bugzilla.suse.com/1238734"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21734"
},
{
"cve": "CVE-2025-21735",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21735"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFC: nci: Add bounds checking in nci_hci_create_pipe()\n\nThe \"pipe\" variable is a u8 which comes from the network. If it\u0027s more\nthan 127, then it results in memory corruption in the caller,\nnci_hci_connect_gate().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21735",
"url": "https://www.suse.com/security/cve/CVE-2025-21735"
},
{
"category": "external",
"summary": "SUSE Bug 1238497 for CVE-2025-21735",
"url": "https://bugzilla.suse.com/1238497"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21735"
},
{
"cve": "CVE-2025-21736",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21736"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix possible int overflows in nilfs_fiemap()\n\nSince nilfs_bmap_lookup_contig() in nilfs_fiemap() calculates its result\nby being prepared to go through potentially maxblocks == INT_MAX blocks,\nthe value in n may experience an overflow caused by left shift of blkbits.\n\nWhile it is extremely unlikely to occur, play it safe and cast right hand\nexpression to wider type to mitigate the issue.\n\nFound by Linux Verification Center (linuxtesting.org) with static analysis\ntool SVACE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21736",
"url": "https://www.suse.com/security/cve/CVE-2025-21736"
},
{
"category": "external",
"summary": "SUSE Bug 1238715 for CVE-2025-21736",
"url": "https://bugzilla.suse.com/1238715"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21736"
},
{
"cve": "CVE-2025-21738",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21738"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nata: libata-sff: Ensure that we cannot write outside the allocated buffer\n\nreveliofuzzing reported that a SCSI_IOCTL_SEND_COMMAND ioctl with out_len\nset to 0xd42, SCSI command set to ATA_16 PASS-THROUGH, ATA command set to\nATA_NOP, and protocol set to ATA_PROT_PIO, can cause ata_pio_sector() to\nwrite outside the allocated buffer, overwriting random memory.\n\nWhile a ATA device is supposed to abort a ATA_NOP command, there does seem\nto be a bug either in libata-sff or QEMU, where either this status is not\nset, or the status is cleared before read by ata_sff_hsm_move().\nAnyway, that is most likely a separate bug.\n\nLooking at __atapi_pio_bytes(), it already has a safety check to ensure\nthat __atapi_pio_bytes() cannot write outside the allocated buffer.\n\nAdd a similar check to ata_pio_sector(), such that also ata_pio_sector()\ncannot write outside the allocated buffer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21738",
"url": "https://www.suse.com/security/cve/CVE-2025-21738"
},
{
"category": "external",
"summary": "SUSE Bug 1238917 for CVE-2025-21738",
"url": "https://bugzilla.suse.com/1238917"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21738"
},
{
"cve": "CVE-2025-21739",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21739"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ufs: core: Fix use-after free in init error and remove paths\n\ndevm_blk_crypto_profile_init() registers a cleanup handler to run when\nthe associated (platform-) device is being released. For UFS, the\ncrypto private data and pointers are stored as part of the ufs_hba\u0027s\ndata structure \u0027struct ufs_hba::crypto_profile\u0027. This structure is\nallocated as part of the underlying ufshcd and therefore Scsi_host\nallocation.\n\nDuring driver release or during error handling in ufshcd_pltfrm_init(),\nthis structure is released as part of ufshcd_dealloc_host() before the\n(platform-) device associated with the crypto call above is released.\nOnce this device is released, the crypto cleanup code will run, using\nthe just-released \u0027struct ufs_hba::crypto_profile\u0027. This causes a\nuse-after-free situation:\n\n Call trace:\n kfree+0x60/0x2d8 (P)\n kvfree+0x44/0x60\n blk_crypto_profile_destroy_callback+0x28/0x70\n devm_action_release+0x1c/0x30\n release_nodes+0x6c/0x108\n devres_release_all+0x98/0x100\n device_unbind_cleanup+0x20/0x70\n really_probe+0x218/0x2d0\n\nIn other words, the initialisation code flow is:\n\n platform-device probe\n ufshcd_pltfrm_init()\n ufshcd_alloc_host()\n scsi_host_alloc()\n allocation of struct ufs_hba\n creation of scsi-host devices\n devm_blk_crypto_profile_init()\n devm registration of cleanup handler using platform-device\n\nand during error handling of ufshcd_pltfrm_init() or during driver\nremoval:\n\n ufshcd_dealloc_host()\n scsi_host_put()\n put_device(scsi-host)\n release of struct ufs_hba\n put_device(platform-device)\n crypto cleanup handler\n\nTo fix this use-after free, change ufshcd_alloc_host() to register a\ndevres action to automatically cleanup the underlying SCSI device on\nufshcd destruction, without requiring explicit calls to\nufshcd_dealloc_host(). This way:\n\n * the crypto profile and all other ufs_hba-owned resources are\n destroyed before SCSI (as they\u0027ve been registered after)\n * a memleak is plugged in tc-dwc-g210-pci.c remove() as a\n side-effect\n * EXPORT_SYMBOL_GPL(ufshcd_dealloc_host) can be removed fully as\n it\u0027s not needed anymore\n * no future drivers using ufshcd_alloc_host() could ever forget\n adding the cleanup",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21739",
"url": "https://www.suse.com/security/cve/CVE-2025-21739"
},
{
"category": "external",
"summary": "SUSE Bug 1238506 for CVE-2025-21739",
"url": "https://bugzilla.suse.com/1238506"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21739"
},
{
"cve": "CVE-2025-21741",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21741"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusbnet: ipheth: fix DPE OoB read\n\nFix an out-of-bounds DPE read, limit the number of processed DPEs to\nthe amount that fits into the fixed-size NDP16 header.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21741",
"url": "https://www.suse.com/security/cve/CVE-2025-21741"
},
{
"category": "external",
"summary": "SUSE Bug 1238767 for CVE-2025-21741",
"url": "https://bugzilla.suse.com/1238767"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21741"
},
{
"cve": "CVE-2025-21742",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21742"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusbnet: ipheth: use static NDP16 location in URB\n\nOriginal code allowed for the start of NDP16 to be anywhere within the\nURB based on the `wNdpIndex` value in NTH16. Only the start position of\nNDP16 was checked, so it was possible for even the fixed-length part\nof NDP16 to extend past the end of URB, leading to an out-of-bounds\nread.\n\nOn iOS devices, the NDP16 header always directly follows NTH16. Rely on\nand check for this specific format.\n\nThis, along with NCM-specific minimal URB length check that already\nexists, will ensure that the fixed-length part of NDP16 plus a set\namount of DPEs fit within the URB.\n\nNote that this commit alone does not fully address the OoB read.\nThe limit on the amount of DPEs needs to be enforced separately.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21742",
"url": "https://www.suse.com/security/cve/CVE-2025-21742"
},
{
"category": "external",
"summary": "SUSE Bug 1238771 for CVE-2025-21742",
"url": "https://bugzilla.suse.com/1238771"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21742"
},
{
"cve": "CVE-2025-21743",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21743"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusbnet: ipheth: fix possible overflow in DPE length check\n\nOriginally, it was possible for the DPE length check to overflow if\nwDatagramIndex + wDatagramLength \u003e U16_MAX. This could lead to an OoB\nread.\n\nMove the wDatagramIndex term to the other side of the inequality.\n\nAn existing condition ensures that wDatagramIndex \u003c urb-\u003eactual_length.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21743",
"url": "https://www.suse.com/security/cve/CVE-2025-21743"
},
{
"category": "external",
"summary": "SUSE Bug 1238781 for CVE-2025-21743",
"url": "https://bugzilla.suse.com/1238781"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21743"
},
{
"cve": "CVE-2025-21744",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21744"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize()\n\nOn removal of the device or unloading of the kernel module a potential NULL\npointer dereference occurs.\n\nThe following sequence deletes the interface:\n\n brcmf_detach()\n brcmf_remove_interface()\n brcmf_del_if()\n\nInside the brcmf_del_if() function the drvr-\u003eif2bss[ifidx] is updated to\nBRCMF_BSSIDX_INVALID (-1) if the bsscfgidx matches.\n\nAfter brcmf_remove_interface() call the brcmf_proto_detach() function is\ncalled providing the following sequence:\n\n brcmf_detach()\n brcmf_proto_detach()\n brcmf_proto_msgbuf_detach()\n brcmf_flowring_detach()\n brcmf_msgbuf_delete_flowring()\n brcmf_msgbuf_remove_flowring()\n brcmf_flowring_delete()\n brcmf_get_ifp()\n brcmf_txfinalize()\n\nSince brcmf_get_ip() can and actually will return NULL in this case the\ncall to brcmf_txfinalize() will result in a NULL pointer dereference inside\nbrcmf_txfinalize() when trying to update ifp-\u003endev-\u003estats.tx_errors.\n\nThis will only happen if a flowring still has an skb.\n\nAlthough the NULL pointer dereference has only been seen when trying to\nupdate the tx statistic, all other uses of the ifp pointer have been\nguarded as well with an early return if ifp is NULL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21744",
"url": "https://www.suse.com/security/cve/CVE-2025-21744"
},
{
"category": "external",
"summary": "SUSE Bug 1238903 for CVE-2025-21744",
"url": "https://bugzilla.suse.com/1238903"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21744"
},
{
"cve": "CVE-2025-21745",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21745"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nblk-cgroup: Fix class @block_class\u0027s subsystem refcount leakage\n\nblkcg_fill_root_iostats() iterates over @block_class\u0027s devices by\nclass_dev_iter_(init|next)(), but does not end iterating with\nclass_dev_iter_exit(), so causes the class\u0027s subsystem refcount leakage.\n\nFix by ending the iterating with class_dev_iter_exit().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21745",
"url": "https://www.suse.com/security/cve/CVE-2025-21745"
},
{
"category": "external",
"summary": "SUSE Bug 1238785 for CVE-2025-21745",
"url": "https://bugzilla.suse.com/1238785"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21745"
},
{
"cve": "CVE-2025-21749",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21749"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: rose: lock the socket in rose_bind()\n\nsyzbot reported a soft lockup in rose_loopback_timer(),\nwith a repro calling bind() from multiple threads.\n\nrose_bind() must lock the socket to avoid this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21749",
"url": "https://www.suse.com/security/cve/CVE-2025-21749"
},
{
"category": "external",
"summary": "SUSE Bug 1238904 for CVE-2025-21749",
"url": "https://bugzilla.suse.com/1238904"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "low"
}
],
"title": "CVE-2025-21749"
},
{
"cve": "CVE-2025-21750",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21750"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: brcmfmac: Check the return value of of_property_read_string_index()\n\nSomewhen between 6.10 and 6.11 the driver started to crash on my\nMacBookPro14,3. The property doesn\u0027t exist and \u0027tmp\u0027 remains\nuninitialized, so we pass a random pointer to devm_kstrdup().\n\nThe crash I am getting looks like this:\n\nBUG: unable to handle page fault for address: 00007f033c669379\nPF: supervisor read access in kernel mode\nPF: error_code(0x0001) - permissions violation\nPGD 8000000101341067 P4D 8000000101341067 PUD 101340067 PMD 1013bb067 PTE 800000010aee9025\nOops: Oops: 0001 [#1] SMP PTI\nCPU: 4 UID: 0 PID: 827 Comm: (udev-worker) Not tainted 6.11.8-gentoo #1\nHardware name: Apple Inc. MacBookPro14,3/Mac-551B86E5744E2388, BIOS 529.140.2.0.0 06/23/2024\nRIP: 0010:strlen+0x4/0x30\nCode: f7 75 ec 31 c0 c3 cc cc cc cc 48 89 f8 c3 cc cc cc cc 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa \u003c80\u003e 3f 00 74 14 48 89 f8 48 83 c0 01 80 38 00 75 f7 48 29 f8 c3 cc\nRSP: 0018:ffffb4aac0683ad8 EFLAGS: 00010202\nRAX: 00000000ffffffea RBX: 00007f033c669379 RCX: 0000000000000001\nRDX: 0000000000000cc0 RSI: 00007f033c669379 RDI: 00007f033c669379\nRBP: 00000000ffffffea R08: 0000000000000000 R09: 00000000c0ba916a\nR10: ffffffffffffffff R11: ffffffffb61ea260 R12: ffff91f7815b50c8\nR13: 0000000000000cc0 R14: ffff91fafefffe30 R15: ffffb4aac0683b30\nFS: 00007f033ccbe8c0(0000) GS:ffff91faeed00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f033c669379 CR3: 0000000107b1e004 CR4: 00000000003706f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n ? __die+0x23/0x70\n ? page_fault_oops+0x149/0x4c0\n ? raw_spin_rq_lock_nested+0xe/0x20\n ? sched_balance_newidle+0x22b/0x3c0\n ? update_load_avg+0x78/0x770\n ? exc_page_fault+0x6f/0x150\n ? asm_exc_page_fault+0x26/0x30\n ? __pfx_pci_conf1_write+0x10/0x10\n ? strlen+0x4/0x30\n devm_kstrdup+0x25/0x70\n brcmf_of_probe+0x273/0x350 [brcmfmac]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21750",
"url": "https://www.suse.com/security/cve/CVE-2025-21750"
},
{
"category": "external",
"summary": "SUSE Bug 1238905 for CVE-2025-21750",
"url": "https://bugzilla.suse.com/1238905"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21750"
},
{
"cve": "CVE-2025-21753",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21753"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix use-after-free when attempting to join an aborted transaction\n\nWhen we are trying to join the current transaction and if it\u0027s aborted,\nwe read its \u0027aborted\u0027 field after unlocking fs_info-\u003etrans_lock and\nwithout holding any extra reference count on it. This means that a\nconcurrent task that is aborting the transaction may free the transaction\nbefore we read its \u0027aborted\u0027 field, leading to a use-after-free.\n\nFix this by reading the \u0027aborted\u0027 field while holding fs_info-\u003etrans_lock\nsince any freeing task must first acquire that lock and set\nfs_info-\u003erunning_transaction to NULL before freeing the transaction.\n\nThis was reported by syzbot and Dmitry with the following stack traces\nfrom KASAN:\n\n ==================================================================\n BUG: KASAN: slab-use-after-free in join_transaction+0xd9b/0xda0 fs/btrfs/transaction.c:278\n Read of size 4 at addr ffff888011839024 by task kworker/u4:9/1128\n\n CPU: 0 UID: 0 PID: 1128 Comm: kworker/u4:9 Not tainted 6.13.0-rc7-syzkaller-00019-gc45323b7560e #0\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\n Workqueue: events_unbound btrfs_async_reclaim_data_space\n Call Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:489\n kasan_report+0x143/0x180 mm/kasan/report.c:602\n join_transaction+0xd9b/0xda0 fs/btrfs/transaction.c:278\n start_transaction+0xaf8/0x1670 fs/btrfs/transaction.c:697\n flush_space+0x448/0xcf0 fs/btrfs/space-info.c:803\n btrfs_async_reclaim_data_space+0x159/0x510 fs/btrfs/space-info.c:1321\n process_one_work kernel/workqueue.c:3236 [inline]\n process_scheduled_works+0xa66/0x1840 kernel/workqueue.c:3317\n worker_thread+0x870/0xd30 kernel/workqueue.c:3398\n kthread+0x2f0/0x390 kernel/kthread.c:389\n ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n \u003c/TASK\u003e\n\n Allocated by task 5315:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0x98/0xb0 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __kmalloc_cache_noprof+0x243/0x390 mm/slub.c:4329\n kmalloc_noprof include/linux/slab.h:901 [inline]\n join_transaction+0x144/0xda0 fs/btrfs/transaction.c:308\n start_transaction+0xaf8/0x1670 fs/btrfs/transaction.c:697\n btrfs_create_common+0x1b2/0x2e0 fs/btrfs/inode.c:6572\n lookup_open fs/namei.c:3649 [inline]\n open_last_lookups fs/namei.c:3748 [inline]\n path_openat+0x1c03/0x3590 fs/namei.c:3984\n do_filp_open+0x27f/0x4e0 fs/namei.c:4014\n do_sys_openat2+0x13e/0x1d0 fs/open.c:1402\n do_sys_open fs/open.c:1417 [inline]\n __do_sys_creat fs/open.c:1495 [inline]\n __se_sys_creat fs/open.c:1489 [inline]\n __x64_sys_creat+0x123/0x170 fs/open.c:1489\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\n Freed by task 5336:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:582\n poison_slab_object mm/kasan/common.c:247 [inline]\n __kasan_slab_free+0x59/0x70 mm/kasan/common.c:264\n kasan_slab_free include/linux/kasan.h:233 [inline]\n slab_free_hook mm/slub.c:2353 [inline]\n slab_free mm/slub.c:4613 [inline]\n kfree+0x196/0x430 mm/slub.c:4761\n cleanup_transaction fs/btrfs/transaction.c:2063 [inline]\n btrfs_commit_transaction+0x2c97/0x3720 fs/btrfs/transaction.c:2598\n insert_balance_item+0x1284/0x20b0 fs/btrfs/volumes.c:3757\n btrfs_balance+0x992/\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21753",
"url": "https://www.suse.com/security/cve/CVE-2025-21753"
},
{
"category": "external",
"summary": "SUSE Bug 1237875 for CVE-2025-21753",
"url": "https://bugzilla.suse.com/1237875"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21753"
},
{
"cve": "CVE-2025-21754",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21754"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix assertion failure when splitting ordered extent after transaction abort\n\nIf while we are doing a direct IO write a transaction abort happens, we\nmark all existing ordered extents with the BTRFS_ORDERED_IOERR flag (done\nat btrfs_destroy_ordered_extents()), and then after that if we enter\nbtrfs_split_ordered_extent() and the ordered extent has bytes left\n(meaning we have a bio that doesn\u0027t cover the whole ordered extent, see\ndetails at btrfs_extract_ordered_extent()), we will fail on the following\nassertion at btrfs_split_ordered_extent():\n\n ASSERT(!(flags \u0026 ~BTRFS_ORDERED_TYPE_FLAGS));\n\nbecause the BTRFS_ORDERED_IOERR flag is set and the definition of\nBTRFS_ORDERED_TYPE_FLAGS is just the union of all flags that identify the\ntype of write (regular, nocow, prealloc, compressed, direct IO, encoded).\n\nFix this by returning an error from btrfs_extract_ordered_extent() if we\nfind the BTRFS_ORDERED_IOERR flag in the ordered extent. The error will\nbe the error that resulted in the transaction abort or -EIO if no\ntransaction abort happened.\n\nThis was recently reported by syzbot with the following trace:\n\n FAULT_INJECTION: forcing a failure.\n name failslab, interval 1, probability 0, space 0, times 1\n CPU: 0 UID: 0 PID: 5321 Comm: syz.0.0 Not tainted 6.13.0-rc5-syzkaller #0\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\n Call Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n fail_dump lib/fault-inject.c:53 [inline]\n should_fail_ex+0x3b0/0x4e0 lib/fault-inject.c:154\n should_failslab+0xac/0x100 mm/failslab.c:46\n slab_pre_alloc_hook mm/slub.c:4072 [inline]\n slab_alloc_node mm/slub.c:4148 [inline]\n __do_kmalloc_node mm/slub.c:4297 [inline]\n __kmalloc_noprof+0xdd/0x4c0 mm/slub.c:4310\n kmalloc_noprof include/linux/slab.h:905 [inline]\n kzalloc_noprof include/linux/slab.h:1037 [inline]\n btrfs_chunk_alloc_add_chunk_item+0x244/0x1100 fs/btrfs/volumes.c:5742\n reserve_chunk_space+0x1ca/0x2c0 fs/btrfs/block-group.c:4292\n check_system_chunk fs/btrfs/block-group.c:4319 [inline]\n do_chunk_alloc fs/btrfs/block-group.c:3891 [inline]\n btrfs_chunk_alloc+0x77b/0xf80 fs/btrfs/block-group.c:4187\n find_free_extent_update_loop fs/btrfs/extent-tree.c:4166 [inline]\n find_free_extent+0x42d1/0x5810 fs/btrfs/extent-tree.c:4579\n btrfs_reserve_extent+0x422/0x810 fs/btrfs/extent-tree.c:4672\n btrfs_new_extent_direct fs/btrfs/direct-io.c:186 [inline]\n btrfs_get_blocks_direct_write+0x706/0xfa0 fs/btrfs/direct-io.c:321\n btrfs_dio_iomap_begin+0xbb7/0x1180 fs/btrfs/direct-io.c:525\n iomap_iter+0x697/0xf60 fs/iomap/iter.c:90\n __iomap_dio_rw+0xeb9/0x25b0 fs/iomap/direct-io.c:702\n btrfs_dio_write fs/btrfs/direct-io.c:775 [inline]\n btrfs_direct_write+0x610/0xa30 fs/btrfs/direct-io.c:880\n btrfs_do_write_iter+0x2a0/0x760 fs/btrfs/file.c:1397\n do_iter_readv_writev+0x600/0x880\n vfs_writev+0x376/0xba0 fs/read_write.c:1050\n do_pwritev fs/read_write.c:1146 [inline]\n __do_sys_pwritev2 fs/read_write.c:1204 [inline]\n __se_sys_pwritev2+0x196/0x2b0 fs/read_write.c:1195\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n RIP: 0033:0x7f1281f85d29\n RSP: 002b:00007f12819fe038 EFLAGS: 00000246 ORIG_RAX: 0000000000000148\n RAX: ffffffffffffffda RBX: 00007f1282176080 RCX: 00007f1281f85d29\n RDX: 0000000000000001 RSI: 0000000020000240 RDI: 0000000000000005\n RBP: 00007f12819fe090 R08: 0000000000000000 R09: 0000000000000003\n R10: 0000000000007000 R11: 0000000000000246 R12: 0000000000000002\n R13: 0000000000000000 R14: 00007f1282176080 R15: 00007ffcb9e23328\n \u003c/TASK\u003e\n BTRFS error (device loop0 state A): Transaction aborted (error -12)\n BTRFS: error (device loop0 state A\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21754",
"url": "https://www.suse.com/security/cve/CVE-2025-21754"
},
{
"category": "external",
"summary": "SUSE Bug 1238496 for CVE-2025-21754",
"url": "https://bugzilla.suse.com/1238496"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21754"
},
{
"cve": "CVE-2025-21755",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21755"
}
],
"notes": [
{
"category": "general",
"text": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21755",
"url": "https://www.suse.com/security/cve/CVE-2025-21755"
},
{
"category": "external",
"summary": "SUSE Bug 1237882 for CVE-2025-21755",
"url": "https://bugzilla.suse.com/1237882"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21755"
},
{
"cve": "CVE-2025-21756",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21756"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock: Keep the binding until socket destruction\n\nPreserve sockets bindings; this includes both resulting from an explicit\nbind() and those implicitly bound through autobind during connect().\n\nPrevents socket unbinding during a transport reassignment, which fixes a\nuse-after-free:\n\n 1. vsock_create() (refcnt=1) calls vsock_insert_unbound() (refcnt=2)\n 2. transport-\u003erelease() calls vsock_remove_bound() without checking if\n sk was bound and moved to bound list (refcnt=1)\n 3. vsock_bind() assumes sk is in unbound list and before\n __vsock_insert_bound(vsock_bound_sockets()) calls\n __vsock_remove_bound() which does:\n list_del_init(\u0026vsk-\u003ebound_table); // nop\n sock_put(\u0026vsk-\u003esk); // refcnt=0\n\nBUG: KASAN: slab-use-after-free in __vsock_bind+0x62e/0x730\nRead of size 4 at addr ffff88816b46a74c by task a.out/2057\n dump_stack_lvl+0x68/0x90\n print_report+0x174/0x4f6\n kasan_report+0xb9/0x190\n __vsock_bind+0x62e/0x730\n vsock_bind+0x97/0xe0\n __sys_bind+0x154/0x1f0\n __x64_sys_bind+0x6e/0xb0\n do_syscall_64+0x93/0x1b0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nAllocated by task 2057:\n kasan_save_stack+0x1e/0x40\n kasan_save_track+0x10/0x30\n __kasan_slab_alloc+0x85/0x90\n kmem_cache_alloc_noprof+0x131/0x450\n sk_prot_alloc+0x5b/0x220\n sk_alloc+0x2c/0x870\n __vsock_create.constprop.0+0x2e/0xb60\n vsock_create+0xe4/0x420\n __sock_create+0x241/0x650\n __sys_socket+0xf2/0x1a0\n __x64_sys_socket+0x6e/0xb0\n do_syscall_64+0x93/0x1b0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nFreed by task 2057:\n kasan_save_stack+0x1e/0x40\n kasan_save_track+0x10/0x30\n kasan_save_free_info+0x37/0x60\n __kasan_slab_free+0x4b/0x70\n kmem_cache_free+0x1a1/0x590\n __sk_destruct+0x388/0x5a0\n __vsock_bind+0x5e1/0x730\n vsock_bind+0x97/0xe0\n __sys_bind+0x154/0x1f0\n __x64_sys_bind+0x6e/0xb0\n do_syscall_64+0x93/0x1b0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nrefcount_t: addition on 0; use-after-free.\nWARNING: CPU: 7 PID: 2057 at lib/refcount.c:25 refcount_warn_saturate+0xce/0x150\nRIP: 0010:refcount_warn_saturate+0xce/0x150\n __vsock_bind+0x66d/0x730\n vsock_bind+0x97/0xe0\n __sys_bind+0x154/0x1f0\n __x64_sys_bind+0x6e/0xb0\n do_syscall_64+0x93/0x1b0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nrefcount_t: underflow; use-after-free.\nWARNING: CPU: 7 PID: 2057 at lib/refcount.c:28 refcount_warn_saturate+0xee/0x150\nRIP: 0010:refcount_warn_saturate+0xee/0x150\n vsock_remove_bound+0x187/0x1e0\n __vsock_release+0x383/0x4a0\n vsock_release+0x90/0x120\n __sock_release+0xa3/0x250\n sock_close+0x14/0x20\n __fput+0x359/0xa80\n task_work_run+0x107/0x1d0\n do_exit+0x847/0x2560\n do_group_exit+0xb8/0x250\n __x64_sys_exit_group+0x3a/0x50\n x64_sys_call+0xfec/0x14f0\n do_syscall_64+0x93/0x1b0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21756",
"url": "https://www.suse.com/security/cve/CVE-2025-21756"
},
{
"category": "external",
"summary": "SUSE Bug 1238876 for CVE-2025-21756",
"url": "https://bugzilla.suse.com/1238876"
},
{
"category": "external",
"summary": "SUSE Bug 1245795 for CVE-2025-21756",
"url": "https://bugzilla.suse.com/1245795"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2025-21756"
},
{
"cve": "CVE-2025-21759",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21759"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: mcast: extend RCU protection in igmp6_send()\n\nigmp6_send() can be called without RTNL or RCU being held.\n\nExtend RCU protection so that we can safely fetch the net pointer\nand avoid a potential UAF.\n\nNote that we no longer can use sock_alloc_send_skb() because\nipv6.igmp_sk uses GFP_KERNEL allocations which can sleep.\n\nInstead use alloc_skb() and charge the net-\u003eipv6.igmp_sk\nsocket under RCU protection.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21759",
"url": "https://www.suse.com/security/cve/CVE-2025-21759"
},
{
"category": "external",
"summary": "SUSE Bug 1238738 for CVE-2025-21759",
"url": "https://bugzilla.suse.com/1238738"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21759"
},
{
"cve": "CVE-2025-21760",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21760"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nndisc: extend RCU protection in ndisc_send_skb()\n\nndisc_send_skb() can be called without RTNL or RCU held.\n\nAcquire rcu_read_lock() earlier, so that we can use dev_net_rcu()\nand avoid a potential UAF.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21760",
"url": "https://www.suse.com/security/cve/CVE-2025-21760"
},
{
"category": "external",
"summary": "SUSE Bug 1238763 for CVE-2025-21760",
"url": "https://bugzilla.suse.com/1238763"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21760"
},
{
"cve": "CVE-2025-21761",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21761"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nopenvswitch: use RCU protection in ovs_vport_cmd_fill_info()\n\novs_vport_cmd_fill_info() can be called without RTNL or RCU.\n\nUse RCU protection and dev_net_rcu() to avoid potential UAF.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21761",
"url": "https://www.suse.com/security/cve/CVE-2025-21761"
},
{
"category": "external",
"summary": "SUSE Bug 1238775 for CVE-2025-21761",
"url": "https://bugzilla.suse.com/1238775"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21761"
},
{
"cve": "CVE-2025-21762",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21762"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\narp: use RCU protection in arp_xmit()\n\narp_xmit() can be called without RTNL or RCU protection.\n\nUse RCU protection to avoid potential UAF.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21762",
"url": "https://www.suse.com/security/cve/CVE-2025-21762"
},
{
"category": "external",
"summary": "SUSE Bug 1238780 for CVE-2025-21762",
"url": "https://bugzilla.suse.com/1238780"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21762"
},
{
"cve": "CVE-2025-21763",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21763"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nneighbour: use RCU protection in __neigh_notify()\n\n__neigh_notify() can be called without RTNL or RCU protection.\n\nUse RCU protection to avoid potential UAF.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21763",
"url": "https://www.suse.com/security/cve/CVE-2025-21763"
},
{
"category": "external",
"summary": "SUSE Bug 1237897 for CVE-2025-21763",
"url": "https://bugzilla.suse.com/1237897"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21763"
},
{
"cve": "CVE-2025-21764",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21764"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nndisc: use RCU protection in ndisc_alloc_skb()\n\nndisc_alloc_skb() can be called without RTNL or RCU being held.\n\nAdd RCU protection to avoid possible UAF.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21764",
"url": "https://www.suse.com/security/cve/CVE-2025-21764"
},
{
"category": "external",
"summary": "SUSE Bug 1237885 for CVE-2025-21764",
"url": "https://bugzilla.suse.com/1237885"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21764"
},
{
"cve": "CVE-2025-21765",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21765"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: use RCU protection in ip6_default_advmss()\n\nip6_default_advmss() needs rcu protection to make\nsure the net structure it reads does not disappear.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21765",
"url": "https://www.suse.com/security/cve/CVE-2025-21765"
},
{
"category": "external",
"summary": "SUSE Bug 1237906 for CVE-2025-21765",
"url": "https://bugzilla.suse.com/1237906"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21765"
},
{
"cve": "CVE-2025-21766",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21766"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv4: use RCU protection in __ip_rt_update_pmtu()\n\n__ip_rt_update_pmtu() must use RCU protection to make\nsure the net structure it reads does not disappear.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21766",
"url": "https://www.suse.com/security/cve/CVE-2025-21766"
},
{
"category": "external",
"summary": "SUSE Bug 1238754 for CVE-2025-21766",
"url": "https://bugzilla.suse.com/1238754"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21766"
},
{
"cve": "CVE-2025-21767",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21767"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nclocksource: Use migrate_disable() to avoid calling get_random_u32() in atomic context\n\nThe following bug report happened with a PREEMPT_RT kernel:\n\n BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48\n in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 2012, name: kwatchdog\n preempt_count: 1, expected: 0\n RCU nest depth: 0, expected: 0\n get_random_u32+0x4f/0x110\n clocksource_verify_choose_cpus+0xab/0x1a0\n clocksource_verify_percpu.part.0+0x6b/0x330\n clocksource_watchdog_kthread+0x193/0x1a0\n\nIt is due to the fact that clocksource_verify_choose_cpus() is invoked with\npreemption disabled. This function invokes get_random_u32() to obtain\nrandom numbers for choosing CPUs. The batched_entropy_32 local lock and/or\nthe base_crng.lock spinlock in driver/char/random.c will be acquired during\nthe call. In PREEMPT_RT kernel, they are both sleeping locks and so cannot\nbe acquired in atomic context.\n\nFix this problem by using migrate_disable() to allow smp_processor_id() to\nbe reliably used without introducing atomic context. preempt_disable() is\nthen called after clocksource_verify_choose_cpus() but before the\nclocksource measurement is being run to avoid introducing unexpected\nlatency.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21767",
"url": "https://www.suse.com/security/cve/CVE-2025-21767"
},
{
"category": "external",
"summary": "SUSE Bug 1238509 for CVE-2025-21767",
"url": "https://bugzilla.suse.com/1238509"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21767"
},
{
"cve": "CVE-2025-21772",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21772"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npartitions: mac: fix handling of bogus partition table\n\nFix several issues in partition probing:\n\n - The bailout for a bad partoffset must use put_dev_sector(), since the\n preceding read_part_sector() succeeded.\n - If the partition table claims a silly sector size like 0xfff bytes\n (which results in partition table entries straddling sector boundaries),\n bail out instead of accessing out-of-bounds memory.\n - We must not assume that the partition table contains proper NUL\n termination - use strnlen() and strncmp() instead of strlen() and\n strcmp().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21772",
"url": "https://www.suse.com/security/cve/CVE-2025-21772"
},
{
"category": "external",
"summary": "SUSE Bug 1238911 for CVE-2025-21772",
"url": "https://bugzilla.suse.com/1238911"
},
{
"category": "external",
"summary": "SUSE Bug 1238912 for CVE-2025-21772",
"url": "https://bugzilla.suse.com/1238912"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2025-21772"
},
{
"cve": "CVE-2025-21773",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21773"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: etas_es58x: fix potential NULL pointer dereference on udev-\u003eserial\n\nThe driver assumed that es58x_dev-\u003eudev-\u003eserial could never be NULL.\nWhile this is true on commercially available devices, an attacker\ncould spoof the device identity providing a NULL USB serial number.\nThat would trigger a NULL pointer dereference.\n\nAdd a check on es58x_dev-\u003eudev-\u003eserial before accessing it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21773",
"url": "https://www.suse.com/security/cve/CVE-2025-21773"
},
{
"category": "external",
"summary": "SUSE Bug 1238762 for CVE-2025-21773",
"url": "https://bugzilla.suse.com/1238762"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21773"
},
{
"cve": "CVE-2025-21775",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21775"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: ctucanfd: handle skb allocation failure\n\nIf skb allocation fails, the pointer to struct can_frame is NULL. This\nis actually handled everywhere inside ctucan_err_interrupt() except for\nthe only place.\n\nAdd the missed NULL check.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE static\nanalysis tool.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21775",
"url": "https://www.suse.com/security/cve/CVE-2025-21775"
},
{
"category": "external",
"summary": "SUSE Bug 1238501 for CVE-2025-21775",
"url": "https://bugzilla.suse.com/1238501"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21775"
},
{
"cve": "CVE-2025-21776",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21776"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: hub: Ignore non-compliant devices with too many configs or interfaces\n\nRobert Morris created a test program which can cause\nusb_hub_to_struct_hub() to dereference a NULL or inappropriate\npointer:\n\nOops: general protection fault, probably for non-canonical address\n0xcccccccccccccccc: 0000 [#1] SMP DEBUG_PAGEALLOC PTI\nCPU: 7 UID: 0 PID: 117 Comm: kworker/7:1 Not tainted 6.13.0-rc3-00017-gf44d154d6e3d #14\nHardware name: FreeBSD BHYVE/BHYVE, BIOS 14.0 10/17/2021\nWorkqueue: usb_hub_wq hub_event\nRIP: 0010:usb_hub_adjust_deviceremovable+0x78/0x110\n...\nCall Trace:\n \u003cTASK\u003e\n ? die_addr+0x31/0x80\n ? exc_general_protection+0x1b4/0x3c0\n ? asm_exc_general_protection+0x26/0x30\n ? usb_hub_adjust_deviceremovable+0x78/0x110\n hub_probe+0x7c7/0xab0\n usb_probe_interface+0x14b/0x350\n really_probe+0xd0/0x2d0\n ? __pfx___device_attach_driver+0x10/0x10\n __driver_probe_device+0x6e/0x110\n driver_probe_device+0x1a/0x90\n __device_attach_driver+0x7e/0xc0\n bus_for_each_drv+0x7f/0xd0\n __device_attach+0xaa/0x1a0\n bus_probe_device+0x8b/0xa0\n device_add+0x62e/0x810\n usb_set_configuration+0x65d/0x990\n usb_generic_driver_probe+0x4b/0x70\n usb_probe_device+0x36/0xd0\n\nThe cause of this error is that the device has two interfaces, and the\nhub driver binds to interface 1 instead of interface 0, which is where\nusb_hub_to_struct_hub() looks.\n\nWe can prevent the problem from occurring by refusing to accept hub\ndevices that violate the USB spec by having more than one\nconfiguration or interface.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21776",
"url": "https://www.suse.com/security/cve/CVE-2025-21776"
},
{
"category": "external",
"summary": "SUSE Bug 1238909 for CVE-2025-21776",
"url": "https://bugzilla.suse.com/1238909"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21776"
},
{
"cve": "CVE-2025-21779",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21779"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: x86: Reject Hyper-V\u0027s SEND_IPI hypercalls if local APIC isn\u0027t in-kernel\n\nAdvertise support for Hyper-V\u0027s SEND_IPI and SEND_IPI_EX hypercalls if and\nonly if the local API is emulated/virtualized by KVM, and explicitly reject\nsaid hypercalls if the local APIC is emulated in userspace, i.e. don\u0027t rely\non userspace to opt-in to KVM_CAP_HYPERV_ENFORCE_CPUID.\n\nRejecting SEND_IPI and SEND_IPI_EX fixes a NULL-pointer dereference if\nHyper-V enlightenments are exposed to the guest without an in-kernel local\nAPIC:\n\n dump_stack+0xbe/0xfd\n __kasan_report.cold+0x34/0x84\n kasan_report+0x3a/0x50\n __apic_accept_irq+0x3a/0x5c0\n kvm_hv_send_ipi.isra.0+0x34e/0x820\n kvm_hv_hypercall+0x8d9/0x9d0\n kvm_emulate_hypercall+0x506/0x7e0\n __vmx_handle_exit+0x283/0xb60\n vmx_handle_exit+0x1d/0xd0\n vcpu_enter_guest+0x16b0/0x24c0\n vcpu_run+0xc0/0x550\n kvm_arch_vcpu_ioctl_run+0x170/0x6d0\n kvm_vcpu_ioctl+0x413/0xb20\n __se_sys_ioctl+0x111/0x160\n do_syscal1_64+0x30/0x40\n entry_SYSCALL_64_after_hwframe+0x67/0xd1\n\nNote, checking the sending vCPU is sufficient, as the per-VM irqchip_mode\ncan\u0027t be modified after vCPUs are created, i.e. if one vCPU has an\nin-kernel local APIC, then all vCPUs have an in-kernel local APIC.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21779",
"url": "https://www.suse.com/security/cve/CVE-2025-21779"
},
{
"category": "external",
"summary": "SUSE Bug 1238768 for CVE-2025-21779",
"url": "https://bugzilla.suse.com/1238768"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21779"
},
{
"cve": "CVE-2025-21780",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21780"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table()\n\nIt malicious user provides a small pptable through sysfs and then\na bigger pptable, it may cause buffer overflow attack in function\nsmu_sys_set_pp_table().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21780",
"url": "https://www.suse.com/security/cve/CVE-2025-21780"
},
{
"category": "external",
"summary": "SUSE Bug 1239115 for CVE-2025-21780",
"url": "https://bugzilla.suse.com/1239115"
},
{
"category": "external",
"summary": "SUSE Bug 1239116 for CVE-2025-21780",
"url": "https://bugzilla.suse.com/1239116"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2025-21780"
},
{
"cve": "CVE-2025-21781",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21781"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbatman-adv: fix panic during interface removal\n\nReference counting is used to ensure that\nbatadv_hardif_neigh_node and batadv_hard_iface\nare not freed before/during\nbatadv_v_elp_throughput_metric_update work is\nfinished.\n\nBut there isn\u0027t a guarantee that the hard if will\nremain associated with a soft interface up until\nthe work is finished.\n\nThis fixes a crash triggered by reboot that looks\nlike this:\n\nCall trace:\n batadv_v_mesh_free+0xd0/0x4dc [batman_adv]\n batadv_v_elp_throughput_metric_update+0x1c/0xa4\n process_one_work+0x178/0x398\n worker_thread+0x2e8/0x4d0\n kthread+0xd8/0xdc\n ret_from_fork+0x10/0x20\n\n(the batadv_v_mesh_free call is misleading,\nand does not actually happen)\n\nI was able to make the issue happen more reliably\nby changing hardif_neigh-\u003ebat_v.metric_work work\nto be delayed work. This allowed me to track down\nand confirm the fix.\n\n[sven@narfation.org: prevent entering batadv_v_elp_get_throughput without\n soft_iface]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21781",
"url": "https://www.suse.com/security/cve/CVE-2025-21781"
},
{
"category": "external",
"summary": "SUSE Bug 1238735 for CVE-2025-21781",
"url": "https://bugzilla.suse.com/1238735"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21781"
},
{
"cve": "CVE-2025-21782",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21782"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\norangefs: fix a oob in orangefs_debug_write\n\nI got a syzbot report: slab-out-of-bounds Read in\norangefs_debug_write... several people suggested fixes,\nI tested Al Viro\u0027s suggestion and made this patch.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21782",
"url": "https://www.suse.com/security/cve/CVE-2025-21782"
},
{
"category": "external",
"summary": "SUSE Bug 1239117 for CVE-2025-21782",
"url": "https://bugzilla.suse.com/1239117"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21782"
},
{
"cve": "CVE-2025-21784",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21784"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: bail out when failed to load fw in psp_init_cap_microcode()\n\nIn function psp_init_cap_microcode(), it should bail out when failed to\nload firmware, otherwise it may cause invalid memory access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21784",
"url": "https://www.suse.com/security/cve/CVE-2025-21784"
},
{
"category": "external",
"summary": "SUSE Bug 1238510 for CVE-2025-21784",
"url": "https://bugzilla.suse.com/1238510"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21784"
},
{
"cve": "CVE-2025-21785",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21785"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array\n\nThe loop that detects/populates cache information already has a bounds\ncheck on the array size but does not account for cache levels with\nseparate data/instructions cache. Fix this by incrementing the index\nfor any populated leaf (instead of any populated level).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21785",
"url": "https://www.suse.com/security/cve/CVE-2025-21785"
},
{
"category": "external",
"summary": "SUSE Bug 1238747 for CVE-2025-21785",
"url": "https://bugzilla.suse.com/1238747"
},
{
"category": "external",
"summary": "SUSE Bug 1240745 for CVE-2025-21785",
"url": "https://bugzilla.suse.com/1240745"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2025-21785"
},
{
"cve": "CVE-2025-21790",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21790"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvxlan: check vxlan_vnigroup_init() return value\n\nvxlan_init() must check vxlan_vnigroup_init() success\notherwise a crash happens later, spotted by syzbot.\n\nOops: general protection fault, probably for non-canonical address 0xdffffc000000002c: 0000 [#1] PREEMPT SMP KASAN NOPTI\nKASAN: null-ptr-deref in range [0x0000000000000160-0x0000000000000167]\nCPU: 0 UID: 0 PID: 7313 Comm: syz-executor147 Not tainted 6.14.0-rc1-syzkaller-00276-g69b54314c975 #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\n RIP: 0010:vxlan_vnigroup_uninit+0x89/0x500 drivers/net/vxlan/vxlan_vnifilter.c:912\nCode: 00 48 8b 44 24 08 4c 8b b0 98 41 00 00 49 8d 86 60 01 00 00 48 89 c2 48 89 44 24 10 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 \u003c80\u003e 3c 02 00 0f 85 4d 04 00 00 49 8b 86 60 01 00 00 48 ba 00 00 00\nRSP: 0018:ffffc9000cc1eea8 EFLAGS: 00010202\nRAX: dffffc0000000000 RBX: 0000000000000001 RCX: ffffffff8672effb\nRDX: 000000000000002c RSI: ffffffff8672ecb9 RDI: ffff8880461b4f18\nRBP: ffff8880461b4ef4 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000000000001 R11: 0000000000000000 R12: 0000000000020000\nR13: ffff8880461b0d80 R14: 0000000000000000 R15: dffffc0000000000\nFS: 00007fecfa95d6c0(0000) GS:ffff88806a600000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007fecfa95cfb8 CR3: 000000004472c000 CR4: 0000000000352ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n vxlan_uninit+0x1ab/0x200 drivers/net/vxlan/vxlan_core.c:2942\n unregister_netdevice_many_notify+0x12d6/0x1f30 net/core/dev.c:11824\n unregister_netdevice_many net/core/dev.c:11866 [inline]\n unregister_netdevice_queue+0x307/0x3f0 net/core/dev.c:11736\n register_netdevice+0x1829/0x1eb0 net/core/dev.c:10901\n __vxlan_dev_create+0x7c6/0xa30 drivers/net/vxlan/vxlan_core.c:3981\n vxlan_newlink+0xd1/0x130 drivers/net/vxlan/vxlan_core.c:4407\n rtnl_newlink_create net/core/rtnetlink.c:3795 [inline]\n __rtnl_newlink net/core/rtnetlink.c:3906 [inline]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21790",
"url": "https://www.suse.com/security/cve/CVE-2025-21790"
},
{
"category": "external",
"summary": "SUSE Bug 1238753 for CVE-2025-21790",
"url": "https://bugzilla.suse.com/1238753"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21790"
},
{
"cve": "CVE-2025-21791",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21791"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvrf: use RCU protection in l3mdev_l3_out()\n\nl3mdev_l3_out() can be called without RCU being held:\n\nraw_sendmsg()\n ip_push_pending_frames()\n ip_send_skb()\n ip_local_out()\n __ip_local_out()\n l3mdev_ip_out()\n\nAdd rcu_read_lock() / rcu_read_unlock() pair to avoid\na potential UAF.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21791",
"url": "https://www.suse.com/security/cve/CVE-2025-21791"
},
{
"category": "external",
"summary": "SUSE Bug 1238512 for CVE-2025-21791",
"url": "https://bugzilla.suse.com/1238512"
},
{
"category": "external",
"summary": "SUSE Bug 1240744 for CVE-2025-21791",
"url": "https://bugzilla.suse.com/1240744"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2025-21791"
},
{
"cve": "CVE-2025-21793",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21793"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: sn-f-ospi: Fix division by zero\n\nWhen there is no dummy cycle in the spi-nor commands, both dummy bus cycle\nbytes and width are zero. Because of the cpu\u0027s warning when divided by\nzero, the warning should be avoided. Return just zero to avoid such\ncalculations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21793",
"url": "https://www.suse.com/security/cve/CVE-2025-21793"
},
{
"category": "external",
"summary": "SUSE Bug 1238500 for CVE-2025-21793",
"url": "https://bugzilla.suse.com/1238500"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21793"
},
{
"cve": "CVE-2025-21794",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21794"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: hid-thrustmaster: fix stack-out-of-bounds read in usb_check_int_endpoints()\n\nSyzbot[1] has detected a stack-out-of-bounds read of the ep_addr array from\nhid-thrustmaster driver. This array is passed to usb_check_int_endpoints\nfunction from usb.c core driver, which executes a for loop that iterates\nover the elements of the passed array. Not finding a null element at the end of\nthe array, it tries to read the next, non-existent element, crashing the kernel.\n\nTo fix this, a 0 element was added at the end of the array to break the for\nloop.\n\n[1] https://syzkaller.appspot.com/bug?extid=9c9179ac46169c56c1ad",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21794",
"url": "https://www.suse.com/security/cve/CVE-2025-21794"
},
{
"category": "external",
"summary": "SUSE Bug 1238502 for CVE-2025-21794",
"url": "https://bugzilla.suse.com/1238502"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21794"
},
{
"cve": "CVE-2025-21795",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21795"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSD: fix hang in nfsd4_shutdown_callback\n\nIf nfs4_client is in courtesy state then there is no point to send\nthe callback. This causes nfsd4_shutdown_callback to hang since\ncl_cb_inflight is not 0. This hang lasts about 15 minutes until TCP\nnotifies NFSD that the connection was dropped.\n\nThis patch modifies nfsd4_run_cb_work to skip the RPC call if\nnfs4_client is in courtesy state.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21795",
"url": "https://www.suse.com/security/cve/CVE-2025-21795"
},
{
"category": "external",
"summary": "SUSE Bug 1238759 for CVE-2025-21795",
"url": "https://bugzilla.suse.com/1238759"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21795"
},
{
"cve": "CVE-2025-21796",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21796"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: clear acl_access/acl_default after releasing them\n\nIf getting acl_default fails, acl_access and acl_default will be released\nsimultaneously. However, acl_access will still retain a pointer pointing\nto the released posix_acl, which will trigger a WARNING in\nnfs3svc_release_getacl like this:\n\n------------[ cut here ]------------\nrefcount_t: underflow; use-after-free.\nWARNING: CPU: 26 PID: 3199 at lib/refcount.c:28\nrefcount_warn_saturate+0xb5/0x170\nModules linked in:\nCPU: 26 UID: 0 PID: 3199 Comm: nfsd Not tainted\n6.12.0-rc6-00079-g04ae226af01f-dirty #8\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS\n1.16.1-2.fc37 04/01/2014\nRIP: 0010:refcount_warn_saturate+0xb5/0x170\nCode: cc cc 0f b6 1d b3 20 a5 03 80 fb 01 0f 87 65 48 d8 00 83 e3 01 75\ne4 48 c7 c7 c0 3b 9b 85 c6 05 97 20 a5 03 01 e8 fb 3e 30 ff \u003c0f\u003e 0b eb\ncd 0f b6 1d 8a3\nRSP: 0018:ffffc90008637cd8 EFLAGS: 00010282\nRAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff83904fde\nRDX: dffffc0000000000 RSI: 0000000000000008 RDI: ffff88871ed36380\nRBP: ffff888158beeb40 R08: 0000000000000001 R09: fffff520010c6f56\nR10: ffffc90008637ab7 R11: 0000000000000001 R12: 0000000000000001\nR13: ffff888140e77400 R14: ffff888140e77408 R15: ffffffff858b42c0\nFS: 0000000000000000(0000) GS:ffff88871ed00000(0000)\nknlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000562384d32158 CR3: 000000055cc6a000 CR4: 00000000000006f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n ? refcount_warn_saturate+0xb5/0x170\n ? __warn+0xa5/0x140\n ? refcount_warn_saturate+0xb5/0x170\n ? report_bug+0x1b1/0x1e0\n ? handle_bug+0x53/0xa0\n ? exc_invalid_op+0x17/0x40\n ? asm_exc_invalid_op+0x1a/0x20\n ? tick_nohz_tick_stopped+0x1e/0x40\n ? refcount_warn_saturate+0xb5/0x170\n ? refcount_warn_saturate+0xb5/0x170\n nfs3svc_release_getacl+0xc9/0xe0\n svc_process_common+0x5db/0xb60\n ? __pfx_svc_process_common+0x10/0x10\n ? __rcu_read_unlock+0x69/0xa0\n ? __pfx_nfsd_dispatch+0x10/0x10\n ? svc_xprt_received+0xa1/0x120\n ? xdr_init_decode+0x11d/0x190\n svc_process+0x2a7/0x330\n svc_handle_xprt+0x69d/0x940\n svc_recv+0x180/0x2d0\n nfsd+0x168/0x200\n ? __pfx_nfsd+0x10/0x10\n kthread+0x1a2/0x1e0\n ? kthread+0xf4/0x1e0\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x34/0x60\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\nKernel panic - not syncing: kernel: panic_on_warn set ...\n\nClear acl_access/acl_default after posix_acl_release is called to prevent\nUAF from being triggered.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21796",
"url": "https://www.suse.com/security/cve/CVE-2025-21796"
},
{
"category": "external",
"summary": "SUSE Bug 1238716 for CVE-2025-21796",
"url": "https://bugzilla.suse.com/1238716"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21796"
},
{
"cve": "CVE-2025-21799",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21799"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ethernet: ti: am65-cpsw: fix freeing IRQ in am65_cpsw_nuss_remove_tx_chns()\n\nWhen getting the IRQ we use k3_udma_glue_tx_get_irq() which returns\nnegative error value on error. So not NULL check is not sufficient\nto deteremine if IRQ is valid. Check that IRQ is greater then zero\nto ensure it is valid.\n\nThere is no issue at probe time but at runtime user can invoke\n.set_channels which results in the following call chain.\nam65_cpsw_set_channels()\n am65_cpsw_nuss_update_tx_rx_chns()\n am65_cpsw_nuss_remove_tx_chns()\n am65_cpsw_nuss_init_tx_chns()\n\nAt this point if am65_cpsw_nuss_init_tx_chns() fails due to\nk3_udma_glue_tx_get_irq() then tx_chn-\u003eirq will be set to a\nnegative value.\n\nThen, at subsequent .set_channels with higher channel count we\nwill attempt to free an invalid IRQ in am65_cpsw_nuss_remove_tx_chns()\nleading to a kernel warning.\n\nThe issue is present in the original commit that introduced this driver,\nalthough there, am65_cpsw_nuss_update_tx_rx_chns() existed as\nam65_cpsw_nuss_update_tx_chns().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21799",
"url": "https://www.suse.com/security/cve/CVE-2025-21799"
},
{
"category": "external",
"summary": "SUSE Bug 1238739 for CVE-2025-21799",
"url": "https://bugzilla.suse.com/1238739"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21799"
},
{
"cve": "CVE-2025-21802",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21802"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hns3: fix oops when unload drivers paralleling\n\nWhen unload hclge driver, it tries to disable sriov first for each\nae_dev node from hnae3_ae_dev_list. If user unloads hns3 driver at\nthe time, because it removes all the ae_dev nodes, and it may cause\noops.\n\nBut we can\u0027t simply use hnae3_common_lock for this. Because in the\nprocess flow of pci_disable_sriov(), it will trigger the remove flow\nof VF, which will also take hnae3_common_lock.\n\nTo fixes it, introduce a new mutex to protect the unload process.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21802",
"url": "https://www.suse.com/security/cve/CVE-2025-21802"
},
{
"category": "external",
"summary": "SUSE Bug 1238751 for CVE-2025-21802",
"url": "https://bugzilla.suse.com/1238751"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21802"
},
{
"cve": "CVE-2025-21804",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21804"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: rcar-ep: Fix incorrect variable used when calling devm_request_mem_region()\n\nThe rcar_pcie_parse_outbound_ranges() uses the devm_request_mem_region()\nmacro to request a needed resource. A string variable that lives on the\nstack is then used to store a dynamically computed resource name, which\nis then passed on as one of the macro arguments. This can lead to\nundefined behavior.\n\nDepending on the current contents of the memory, the manifestations of\nerrors may vary. One possible output may be as follows:\n\n $ cat /proc/iomem\n 30000000-37ffffff :\n 38000000-3fffffff :\n\nSometimes, garbage may appear after the colon.\n\nIn very rare cases, if no NULL-terminator is found in memory, the system\nmight crash because the string iterator will overrun which can lead to\naccess of unmapped memory above the stack.\n\nThus, fix this by replacing outbound_name with the name of the previously\nrequested resource. With the changes applied, the output will be as\nfollows:\n\n $ cat /proc/iomem\n 30000000-37ffffff : memory2\n 38000000-3fffffff : memory3\n\n[kwilczynski: commit log]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21804",
"url": "https://www.suse.com/security/cve/CVE-2025-21804"
},
{
"category": "external",
"summary": "SUSE Bug 1238736 for CVE-2025-21804",
"url": "https://bugzilla.suse.com/1238736"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21804"
},
{
"cve": "CVE-2025-21806",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21806"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: let net.core.dev_weight always be non-zero\n\nThe following problem was encountered during stability test:\n\n(NULL net_device): NAPI poll function process_backlog+0x0/0x530 \\\n\treturned 1, exceeding its budget of 0.\n------------[ cut here ]------------\nlist_add double add: new=ffff88905f746f48, prev=ffff88905f746f48, \\\n\tnext=ffff88905f746e40.\nWARNING: CPU: 18 PID: 5462 at lib/list_debug.c:35 \\\n\t__list_add_valid_or_report+0xf3/0x130\nCPU: 18 UID: 0 PID: 5462 Comm: ping Kdump: loaded Not tainted 6.13.0-rc7+\nRIP: 0010:__list_add_valid_or_report+0xf3/0x130\nCall Trace:\n? __warn+0xcd/0x250\n? __list_add_valid_or_report+0xf3/0x130\nenqueue_to_backlog+0x923/0x1070\nnetif_rx_internal+0x92/0x2b0\n__netif_rx+0x15/0x170\nloopback_xmit+0x2ef/0x450\ndev_hard_start_xmit+0x103/0x490\n__dev_queue_xmit+0xeac/0x1950\nip_finish_output2+0x6cc/0x1620\nip_output+0x161/0x270\nip_push_pending_frames+0x155/0x1a0\nraw_sendmsg+0xe13/0x1550\n__sys_sendto+0x3bf/0x4e0\n__x64_sys_sendto+0xdc/0x1b0\ndo_syscall_64+0x5b/0x170\nentry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nThe reproduction command is as follows:\n sysctl -w net.core.dev_weight=0\n ping 127.0.0.1\n\nThis is because when the napi\u0027s weight is set to 0, process_backlog() may\nreturn 0 and clear the NAPI_STATE_SCHED bit of napi-\u003estate, causing this\nnapi to be re-polled in net_rx_action() until __do_softirq() times out.\nSince the NAPI_STATE_SCHED bit has been cleared, napi_schedule_rps() can\nbe retriggered in enqueue_to_backlog(), causing this issue.\n\nMaking the napi\u0027s weight always non-zero solves this problem.\n\nTriggering this issue requires system-wide admin (setting is\nnot namespaced).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21806",
"url": "https://www.suse.com/security/cve/CVE-2025-21806"
},
{
"category": "external",
"summary": "SUSE Bug 1238746 for CVE-2025-21806",
"url": "https://bugzilla.suse.com/1238746"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21806"
},
{
"cve": "CVE-2025-21810",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21810"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndriver core: class: Fix wild pointer dereferences in API class_dev_iter_next()\n\nThere are a potential wild pointer dereferences issue regarding APIs\nclass_dev_iter_(init|next|exit)(), as explained by below typical usage:\n\n// All members of @iter are wild pointers.\nstruct class_dev_iter iter;\n\n// class_dev_iter_init(@iter, @class, ...) checks parameter @class for\n// potential class_to_subsys() error, and it returns void type and does\n// not initialize its output parameter @iter, so caller can not detect\n// the error and continues to invoke class_dev_iter_next(@iter) even if\n// @iter still contains wild pointers.\nclass_dev_iter_init(\u0026iter, ...);\n\n// Dereference these wild pointers in @iter here once suffer the error.\nwhile (dev = class_dev_iter_next(\u0026iter)) { ... };\n\n// Also dereference these wild pointers here.\nclass_dev_iter_exit(\u0026iter);\n\nActually, all callers of these APIs have such usage pattern in kernel tree.\nFix by:\n- Initialize output parameter @iter by memset() in class_dev_iter_init()\n and give callers prompt by pr_crit() for the error.\n- Check if @iter is valid in class_dev_iter_next().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21810",
"url": "https://www.suse.com/security/cve/CVE-2025-21810"
},
{
"category": "external",
"summary": "SUSE Bug 1238757 for CVE-2025-21810",
"url": "https://bugzilla.suse.com/1238757"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21810"
},
{
"cve": "CVE-2025-21815",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21815"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/compaction: fix UBSAN shift-out-of-bounds warning\n\nsyzkaller reported a UBSAN shift-out-of-bounds warning of (1UL \u003c\u003c order)\nin isolate_freepages_block(). The bogus compound_order can be any value\nbecause it is union with flags. Add back the MAX_PAGE_ORDER check to fix\nthe warning.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21815",
"url": "https://www.suse.com/security/cve/CVE-2025-21815"
},
{
"category": "external",
"summary": "SUSE Bug 1238474 for CVE-2025-21815",
"url": "https://bugzilla.suse.com/1238474"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21815"
},
{
"cve": "CVE-2025-21819",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21819"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRevert \"drm/amd/display: Use HW lock mgr for PSR1\"\n\nThis reverts commit\na2b5a9956269 (\"drm/amd/display: Use HW lock mgr for PSR1\")\n\nBecause it may cause system hang while connect with two edp panel.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21819",
"url": "https://www.suse.com/security/cve/CVE-2025-21819"
},
{
"category": "external",
"summary": "SUSE Bug 1238994 for CVE-2025-21819",
"url": "https://bugzilla.suse.com/1238994"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21819"
},
{
"cve": "CVE-2025-21820",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21820"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: xilinx_uartps: split sysrq handling\n\nlockdep detects the following circular locking dependency:\n\nCPU 0 CPU 1\n========================== ============================\ncdns_uart_isr() printk()\n uart_port_lock(port) console_lock()\n\t\t\t cdns_uart_console_write()\n if (!port-\u003esysrq)\n uart_port_lock(port)\n uart_handle_break()\n port-\u003esysrq = ...\n uart_handle_sysrq_char()\n printk()\n console_lock()\n\nThe fixed commit attempts to avoid this situation by only taking the\nport lock in cdns_uart_console_write if port-\u003esysrq unset. However, if\n(as shown above) cdns_uart_console_write runs before port-\u003esysrq is set,\nthen it will try to take the port lock anyway. This may result in a\ndeadlock.\n\nFix this by splitting sysrq handling into two parts. We use the prepare\nhelper under the port lock and defer handling until we release the lock.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21820",
"url": "https://www.suse.com/security/cve/CVE-2025-21820"
},
{
"category": "external",
"summary": "SUSE Bug 1238479 for CVE-2025-21820",
"url": "https://bugzilla.suse.com/1238479"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21820"
},
{
"cve": "CVE-2025-21821",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21821"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: omap: use threaded IRQ for LCD DMA\n\nWhen using touchscreen and framebuffer, Nokia 770 crashes easily with:\n\n BUG: scheduling while atomic: irq/144-ads7846/82/0x00010000\n Modules linked in: usb_f_ecm g_ether usb_f_rndis u_ether libcomposite configfs omap_udc ohci_omap ohci_hcd\n CPU: 0 UID: 0 PID: 82 Comm: irq/144-ads7846 Not tainted 6.12.7-770 #2\n Hardware name: Nokia 770\n Call trace:\n unwind_backtrace from show_stack+0x10/0x14\n show_stack from dump_stack_lvl+0x54/0x5c\n dump_stack_lvl from __schedule_bug+0x50/0x70\n __schedule_bug from __schedule+0x4d4/0x5bc\n __schedule from schedule+0x34/0xa0\n schedule from schedule_preempt_disabled+0xc/0x10\n schedule_preempt_disabled from __mutex_lock.constprop.0+0x218/0x3b4\n __mutex_lock.constprop.0 from clk_prepare_lock+0x38/0xe4\n clk_prepare_lock from clk_set_rate+0x18/0x154\n clk_set_rate from sossi_read_data+0x4c/0x168\n sossi_read_data from hwa742_read_reg+0x5c/0x8c\n hwa742_read_reg from send_frame_handler+0xfc/0x300\n send_frame_handler from process_pending_requests+0x74/0xd0\n process_pending_requests from lcd_dma_irq_handler+0x50/0x74\n lcd_dma_irq_handler from __handle_irq_event_percpu+0x44/0x130\n __handle_irq_event_percpu from handle_irq_event+0x28/0x68\n handle_irq_event from handle_level_irq+0x9c/0x170\n handle_level_irq from generic_handle_domain_irq+0x2c/0x3c\n generic_handle_domain_irq from omap1_handle_irq+0x40/0x8c\n omap1_handle_irq from generic_handle_arch_irq+0x28/0x3c\n generic_handle_arch_irq from call_with_stack+0x1c/0x24\n call_with_stack from __irq_svc+0x94/0xa8\n Exception stack(0xc5255da0 to 0xc5255de8)\n 5da0: 00000001 c22fc620 00000000 00000000 c08384a8 c106fc00 00000000 c240c248\n 5dc0: c113a600 c3f6ec30 00000001 00000000 c22fc620 c5255df0 c22fc620 c0279a94\n 5de0: 60000013 ffffffff\n __irq_svc from clk_prepare_lock+0x4c/0xe4\n clk_prepare_lock from clk_get_rate+0x10/0x74\n clk_get_rate from uwire_setup_transfer+0x40/0x180\n uwire_setup_transfer from spi_bitbang_transfer_one+0x2c/0x9c\n spi_bitbang_transfer_one from spi_transfer_one_message+0x2d0/0x664\n spi_transfer_one_message from __spi_pump_transfer_message+0x29c/0x498\n __spi_pump_transfer_message from __spi_sync+0x1f8/0x2e8\n __spi_sync from spi_sync+0x24/0x40\n spi_sync from ads7846_halfd_read_state+0x5c/0x1c0\n ads7846_halfd_read_state from ads7846_irq+0x58/0x348\n ads7846_irq from irq_thread_fn+0x1c/0x78\n irq_thread_fn from irq_thread+0x120/0x228\n irq_thread from kthread+0xc8/0xe8\n kthread from ret_from_fork+0x14/0x28\n\nAs a quick fix, switch to a threaded IRQ which provides a stable system.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21821",
"url": "https://www.suse.com/security/cve/CVE-2025-21821"
},
{
"category": "external",
"summary": "SUSE Bug 1239174 for CVE-2025-21821",
"url": "https://bugzilla.suse.com/1239174"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21821"
},
{
"cve": "CVE-2025-21823",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21823"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbatman-adv: Drop unmanaged ELP metric worker\n\nThe ELP worker needs to calculate new metric values for all neighbors\n\"reachable\" over an interface. Some of the used metric sources require\nlocks which might need to sleep. This sleep is incompatible with the RCU\nlist iterator used for the recorded neighbors. The initial approach to work\naround of this problem was to queue another work item per neighbor and then\nrun this in a new context.\n\nEven when this solved the RCU vs might_sleep() conflict, it has a major\nproblems: Nothing was stopping the work item in case it is not needed\nanymore - for example because one of the related interfaces was removed or\nthe batman-adv module was unloaded - resulting in potential invalid memory\naccesses.\n\nDirectly canceling the metric worker also has various problems:\n\n* cancel_work_sync for a to-be-deactivated interface is called with\n rtnl_lock held. But the code in the ELP metric worker also tries to use\n rtnl_lock() - which will never return in this case. This also means that\n cancel_work_sync would never return because it is waiting for the worker\n to finish.\n* iterating over the neighbor list for the to-be-deactivated interface is\n currently done using the RCU specific methods. Which means that it is\n possible to miss items when iterating over it without the associated\n spinlock - a behaviour which is acceptable for a periodic metric check\n but not for a cleanup routine (which must \"stop\" all still running\n workers)\n\nThe better approch is to get rid of the per interface neighbor metric\nworker and handle everything in the interface worker. The original problems\nare solved by:\n\n* creating a list of neighbors which require new metric information inside\n the RCU protected context, gathering the metric according to the new list\n outside the RCU protected context\n* only use rcu_trylock inside metric gathering code to avoid a deadlock\n when the cancel_delayed_work_sync is called in the interface removal code\n (which is called with the rtnl_lock held)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21823",
"url": "https://www.suse.com/security/cve/CVE-2025-21823"
},
{
"category": "external",
"summary": "SUSE Bug 1238475 for CVE-2025-21823",
"url": "https://bugzilla.suse.com/1238475"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21823"
},
{
"cve": "CVE-2025-21825",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21825"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Cancel the running bpf_timer through kworker for PREEMPT_RT\n\nDuring the update procedure, when overwrite element in a pre-allocated\nhtab, the freeing of old_element is protected by the bucket lock. The\nreason why the bucket lock is necessary is that the old_element has\nalready been stashed in htab-\u003eextra_elems after alloc_htab_elem()\nreturns. If freeing the old_element after the bucket lock is unlocked,\nthe stashed element may be reused by concurrent update procedure and the\nfreeing of old_element will run concurrently with the reuse of the\nold_element. However, the invocation of check_and_free_fields() may\nacquire a spin-lock which violates the lockdep rule because its caller\nhas already held a raw-spin-lock (bucket lock). The following warning\nwill be reported when such race happens:\n\n BUG: scheduling while atomic: test_progs/676/0x00000003\n 3 locks held by test_progs/676:\n #0: ffffffff864b0240 (rcu_read_lock_trace){....}-{0:0}, at: bpf_prog_test_run_syscall+0x2c0/0x830\n #1: ffff88810e961188 (\u0026htab-\u003elockdep_key){....}-{2:2}, at: htab_map_update_elem+0x306/0x1500\n #2: ffff8881f4eac1b8 (\u0026base-\u003esoftirq_expiry_lock){....}-{2:2}, at: hrtimer_cancel_wait_running+0xe9/0x1b0\n Modules linked in: bpf_testmod(O)\n Preemption disabled at:\n [\u003cffffffff817837a3\u003e] htab_map_update_elem+0x293/0x1500\n CPU: 0 UID: 0 PID: 676 Comm: test_progs Tainted: G ... 6.12.0+ #11\n Tainted: [W]=WARN, [O]=OOT_MODULE\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996)...\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x57/0x70\n dump_stack+0x10/0x20\n __schedule_bug+0x120/0x170\n __schedule+0x300c/0x4800\n schedule_rtlock+0x37/0x60\n rtlock_slowlock_locked+0x6d9/0x54c0\n rt_spin_lock+0x168/0x230\n hrtimer_cancel_wait_running+0xe9/0x1b0\n hrtimer_cancel+0x24/0x30\n bpf_timer_delete_work+0x1d/0x40\n bpf_timer_cancel_and_free+0x5e/0x80\n bpf_obj_free_fields+0x262/0x4a0\n check_and_free_fields+0x1d0/0x280\n htab_map_update_elem+0x7fc/0x1500\n bpf_prog_9f90bc20768e0cb9_overwrite_cb+0x3f/0x43\n bpf_prog_ea601c4649694dbd_overwrite_timer+0x5d/0x7e\n bpf_prog_test_run_syscall+0x322/0x830\n __sys_bpf+0x135d/0x3ca0\n __x64_sys_bpf+0x75/0xb0\n x64_sys_call+0x1b5/0xa10\n do_syscall_64+0x3b/0xc0\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\n ...\n \u003c/TASK\u003e\n\nIt seems feasible to break the reuse and refill of per-cpu extra_elems\ninto two independent parts: reuse the per-cpu extra_elems with bucket\nlock being held and refill the old_element as per-cpu extra_elems after\nthe bucket lock is unlocked. However, it will make the concurrent\noverwrite procedures on the same CPU return unexpected -E2BIG error when\nthe map is full.\n\nTherefore, the patch fixes the lock problem by breaking the cancelling\nof bpf_timer into two steps for PREEMPT_RT:\n1) use hrtimer_try_to_cancel() and check its return value\n2) if the timer is running, use hrtimer_cancel() through a kworker to\n cancel it again\nConsidering that the current implementation of hrtimer_cancel() will try\nto acquire a being held softirq_expiry_lock when the current timer is\nrunning, these steps above are reasonable. However, it also has\ndownside. When the timer is running, the cancelling of the timer is\ndelayed when releasing the last map uref. The delay is also fixable\n(e.g., break the cancelling of bpf timer into two parts: one part in\nlocked scope, another one in unlocked scope), it can be revised later if\nnecessary.\n\nIt is a bit hard to decide the right fix tag. One reason is that the\nproblem depends on PREEMPT_RT which is enabled in v6.12. Considering the\nsoftirq_expiry_lock lock exists since v5.4 and bpf_timer is introduced\nin v5.15, the bpf_timer commit is used in the fixes tag and an extra\ndepends-on tag is added to state the dependency on PREEMPT_RT.\n\nDepends-on: v6.12+ with PREEMPT_RT enabled",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21825",
"url": "https://www.suse.com/security/cve/CVE-2025-21825"
},
{
"category": "external",
"summary": "SUSE Bug 1238971 for CVE-2025-21825",
"url": "https://bugzilla.suse.com/1238971"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21825"
},
{
"cve": "CVE-2025-21828",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21828"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: don\u0027t flush non-uploaded STAs\n\nIf STA state is pre-moved to AUTHORIZED (such as in IBSS\nscenarios) and insertion fails, the station is freed.\nIn this case, the driver never knew about the station,\nso trying to flush it is unexpected and may crash.\n\nCheck if the sta was uploaded to the driver before and\nfix this.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21828",
"url": "https://www.suse.com/security/cve/CVE-2025-21828"
},
{
"category": "external",
"summary": "SUSE Bug 1238958 for CVE-2025-21828",
"url": "https://bugzilla.suse.com/1238958"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21828"
},
{
"cve": "CVE-2025-21829",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21829"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/rxe: Fix the warning \"__rxe_cleanup+0x12c/0x170 [rdma_rxe]\"\n\nThe Call Trace is as below:\n\"\n \u003cTASK\u003e\n ? show_regs.cold+0x1a/0x1f\n ? __rxe_cleanup+0x12c/0x170 [rdma_rxe]\n ? __warn+0x84/0xd0\n ? __rxe_cleanup+0x12c/0x170 [rdma_rxe]\n ? report_bug+0x105/0x180\n ? handle_bug+0x46/0x80\n ? exc_invalid_op+0x19/0x70\n ? asm_exc_invalid_op+0x1b/0x20\n ? __rxe_cleanup+0x12c/0x170 [rdma_rxe]\n ? __rxe_cleanup+0x124/0x170 [rdma_rxe]\n rxe_destroy_qp.cold+0x24/0x29 [rdma_rxe]\n ib_destroy_qp_user+0x118/0x190 [ib_core]\n rdma_destroy_qp.cold+0x43/0x5e [rdma_cm]\n rtrs_cq_qp_destroy.cold+0x1d/0x2b [rtrs_core]\n rtrs_srv_close_work.cold+0x1b/0x31 [rtrs_server]\n process_one_work+0x21d/0x3f0\n worker_thread+0x4a/0x3c0\n ? process_one_work+0x3f0/0x3f0\n kthread+0xf0/0x120\n ? kthread_complete_and_exit+0x20/0x20\n ret_from_fork+0x22/0x30\n \u003c/TASK\u003e\n\"\nWhen too many rdma resources are allocated, rxe needs more time to\nhandle these rdma resources. Sometimes with the current timeout, rxe\ncan not release the rdma resources correctly.\n\nCompared with other rdma drivers, a bigger timeout is used.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21829",
"url": "https://www.suse.com/security/cve/CVE-2025-21829"
},
{
"category": "external",
"summary": "SUSE Bug 1239030 for CVE-2025-21829",
"url": "https://bugzilla.suse.com/1239030"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21829"
},
{
"cve": "CVE-2025-21830",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21830"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nlandlock: Handle weird files\n\nA corrupted filesystem (e.g. bcachefs) might return weird files.\nInstead of throwing a warning and allowing access to such file, treat\nthem as regular files.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21830",
"url": "https://www.suse.com/security/cve/CVE-2025-21830"
},
{
"category": "external",
"summary": "SUSE Bug 1239033 for CVE-2025-21830",
"url": "https://bugzilla.suse.com/1239033"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21830"
},
{
"cve": "CVE-2025-21831",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21831"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: Avoid putting some root ports into D3 on TUXEDO Sirius Gen1\n\ncommit 9d26d3a8f1b0 (\"PCI: Put PCIe ports into D3 during suspend\") sets the\npolicy that all PCIe ports are allowed to use D3. When the system is\nsuspended if the port is not power manageable by the platform and won\u0027t be\nused for wakeup via a PME this sets up the policy for these ports to go\ninto D3hot.\n\nThis policy generally makes sense from an OSPM perspective but it leads to\nproblems with wakeup from suspend on the TUXEDO Sirius 16 Gen 1 with a\nspecific old BIOS. This manifests as a system hang.\n\nOn the affected Device + BIOS combination, add a quirk for the root port of\nthe problematic controller to ensure that these root ports are not put into\nD3hot at suspend.\n\nThis patch is based on\n\n https://lore.kernel.org/linux-pci/20230708214457.1229-2-mario.limonciello@amd.com\n\nbut with the added condition both in the documentation and in the code to\napply only to the TUXEDO Sirius 16 Gen 1 with a specific old BIOS and only\nthe affected root ports.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21831",
"url": "https://www.suse.com/security/cve/CVE-2025-21831"
},
{
"category": "external",
"summary": "SUSE Bug 1239039 for CVE-2025-21831",
"url": "https://bugzilla.suse.com/1239039"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21831"
},
{
"cve": "CVE-2025-21832",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21832"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: don\u0027t revert iter for -EIOCBQUEUED\n\nblkdev_read_iter() has a few odd checks, like gating the position and\ncount adjustment on whether or not the result is bigger-than-or-equal to\nzero (where bigger than makes more sense), and not checking the return\nvalue of blkdev_direct_IO() before doing an iov_iter_revert(). The\nlatter can lead to attempting to revert with a negative value, which\nwhen passed to iov_iter_revert() as an unsigned value will lead to\nthrowing a WARN_ON() because unroll is bigger than MAX_RW_COUNT.\n\nBe sane and don\u0027t revert for -EIOCBQUEUED, like what is done in other\nspots.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21832",
"url": "https://www.suse.com/security/cve/CVE-2025-21832"
},
{
"category": "external",
"summary": "SUSE Bug 1239105 for CVE-2025-21832",
"url": "https://bugzilla.suse.com/1239105"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21832"
},
{
"cve": "CVE-2025-21835",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21835"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: f_midi: fix MIDI Streaming descriptor lengths\n\nWhile the MIDI jacks are configured correctly, and the MIDIStreaming\nendpoint descriptors are filled with the correct information,\nbNumEmbMIDIJack and bLength are set incorrectly in these descriptors.\n\nThis does not matter when the numbers of in and out ports are equal, but\nwhen they differ the host will receive broken descriptors with\nuninitialized stack memory leaking into the descriptor for whichever\nvalue is smaller.\n\nThe precise meaning of \"in\" and \"out\" in the port counts is not clearly\ndefined and can be confusing. But elsewhere the driver consistently\nuses this to match the USB meaning of IN and OUT viewed from the host,\nso that \"in\" ports send data to the host and \"out\" ports receive data\nfrom it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21835",
"url": "https://www.suse.com/security/cve/CVE-2025-21835"
},
{
"category": "external",
"summary": "SUSE Bug 1239068 for CVE-2025-21835",
"url": "https://bugzilla.suse.com/1239068"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21835"
},
{
"cve": "CVE-2025-21836",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21836"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring/kbuf: reallocate buf lists on upgrade\n\nIORING_REGISTER_PBUF_RING can reuse an old struct io_buffer_list if it\nwas created for legacy selected buffer and has been emptied. It violates\nthe requirement that most of the field should stay stable after publish.\nAlways reallocate it instead.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21836",
"url": "https://www.suse.com/security/cve/CVE-2025-21836"
},
{
"category": "external",
"summary": "SUSE Bug 1239066 for CVE-2025-21836",
"url": "https://bugzilla.suse.com/1239066"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21836"
},
{
"cve": "CVE-2025-21838",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21838"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: core: flush gadget workqueue after device removal\n\ndevice_del() can lead to new work being scheduled in gadget-\u003ework\nworkqueue. This is observed, for example, with the dwc3 driver with the\nfollowing call stack:\n device_del()\n gadget_unbind_driver()\n usb_gadget_disconnect_locked()\n dwc3_gadget_pullup()\n\t dwc3_gadget_soft_disconnect()\n\t usb_gadget_set_state()\n\t schedule_work(\u0026gadget-\u003ework)\n\nMove flush_work() after device_del() to ensure the workqueue is cleaned\nup.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21838",
"url": "https://www.suse.com/security/cve/CVE-2025-21838"
},
{
"category": "external",
"summary": "SUSE Bug 1239065 for CVE-2025-21838",
"url": "https://bugzilla.suse.com/1239065"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21838"
},
{
"cve": "CVE-2025-21844",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21844"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: Add check for next_buffer in receive_encrypted_standard()\n\nAdd check for the return value of cifs_buf_get() and cifs_small_buf_get()\nin receive_encrypted_standard() to prevent null pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21844",
"url": "https://www.suse.com/security/cve/CVE-2025-21844"
},
{
"category": "external",
"summary": "SUSE Bug 1239512 for CVE-2025-21844",
"url": "https://bugzilla.suse.com/1239512"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21844"
},
{
"cve": "CVE-2025-21846",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21846"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nacct: perform last write from workqueue\n\nIn [1] it was reported that the acct(2) system call can be used to\ntrigger NULL deref in cases where it is set to write to a file that\ntriggers an internal lookup. This can e.g., happen when pointing acc(2)\nto /sys/power/resume. At the point the where the write to this file\nhappens the calling task has already exited and called exit_fs(). A\nlookup will thus trigger a NULL-deref when accessing current-\u003efs.\n\nReorganize the code so that the the final write happens from the\nworkqueue but with the caller\u0027s credentials. This preserves the\n(strange) permission model and has almost no regression risk.\n\nThis api should stop to exist though.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21846",
"url": "https://www.suse.com/security/cve/CVE-2025-21846"
},
{
"category": "external",
"summary": "SUSE Bug 1239508 for CVE-2025-21846",
"url": "https://bugzilla.suse.com/1239508"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21846"
},
{
"cve": "CVE-2025-21847",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21847"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data()\n\nThe nullity of sps-\u003ecstream should be checked similarly as it is done in\nsof_set_stream_data_offset() function.\nAssuming that it is not NULL if sps-\u003estream is NULL is incorrect and can\nlead to NULL pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21847",
"url": "https://www.suse.com/security/cve/CVE-2025-21847"
},
{
"category": "external",
"summary": "SUSE Bug 1239471 for CVE-2025-21847",
"url": "https://bugzilla.suse.com/1239471"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21847"
},
{
"cve": "CVE-2025-21848",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21848"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfp: bpf: Add check for nfp_app_ctrl_msg_alloc()\n\nAdd check for the return value of nfp_app_ctrl_msg_alloc() in\nnfp_bpf_cmsg_alloc() to prevent null pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21848",
"url": "https://www.suse.com/security/cve/CVE-2025-21848"
},
{
"category": "external",
"summary": "SUSE Bug 1239479 for CVE-2025-21848",
"url": "https://bugzilla.suse.com/1239479"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21848"
},
{
"cve": "CVE-2025-21850",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21850"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvmet: Fix crash when a namespace is disabled\n\nThe namespace percpu counter protects pending I/O, and we can\nonly safely diable the namespace once the counter drop to zero.\nOtherwise we end up with a crash when running blktests/nvme/058\n(eg for loop transport):\n\n[ 2352.930426] [ T53909] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000005: 0000 [#1] PREEMPT SMP KASAN PTI\n[ 2352.930431] [ T53909] KASAN: null-ptr-deref in range [0x0000000000000028-0x000000000000002f]\n[ 2352.930434] [ T53909] CPU: 3 UID: 0 PID: 53909 Comm: kworker/u16:5 Tainted: G W 6.13.0-rc6 #232\n[ 2352.930438] [ T53909] Tainted: [W]=WARN\n[ 2352.930440] [ T53909] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-3.fc41 04/01/2014\n[ 2352.930443] [ T53909] Workqueue: nvmet-wq nvme_loop_execute_work [nvme_loop]\n[ 2352.930449] [ T53909] RIP: 0010:blkcg_set_ioprio+0x44/0x180\n\nas the queue is already torn down when calling submit_bio();\n\nSo we need to init the percpu counter in nvmet_ns_enable(), and\nwait for it to drop to zero in nvmet_ns_disable() to avoid having\nI/O pending after the namespace has been disabled.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21850",
"url": "https://www.suse.com/security/cve/CVE-2025-21850"
},
{
"category": "external",
"summary": "SUSE Bug 1239477 for CVE-2025-21850",
"url": "https://bugzilla.suse.com/1239477"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21850"
},
{
"cve": "CVE-2025-21855",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21855"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nibmvnic: Don\u0027t reference skb after sending to VIOS\n\nPreviously, after successfully flushing the xmit buffer to VIOS,\nthe tx_bytes stat was incremented by the length of the skb.\n\nIt is invalid to access the skb memory after sending the buffer to\nthe VIOS because, at any point after sending, the VIOS can trigger\nan interrupt to free this memory. A race between reading skb-\u003elen\nand freeing the skb is possible (especially during LPM) and will\nresult in use-after-free:\n ==================================================================\n BUG: KASAN: slab-use-after-free in ibmvnic_xmit+0x75c/0x1808 [ibmvnic]\n Read of size 4 at addr c00000024eb48a70 by task hxecom/14495\n \u003c...\u003e\n Call Trace:\n [c000000118f66cf0] [c0000000018cba6c] dump_stack_lvl+0x84/0xe8 (unreliable)\n [c000000118f66d20] [c0000000006f0080] print_report+0x1a8/0x7f0\n [c000000118f66df0] [c0000000006f08f0] kasan_report+0x128/0x1f8\n [c000000118f66f00] [c0000000006f2868] __asan_load4+0xac/0xe0\n [c000000118f66f20] [c0080000046eac84] ibmvnic_xmit+0x75c/0x1808 [ibmvnic]\n [c000000118f67340] [c0000000014be168] dev_hard_start_xmit+0x150/0x358\n \u003c...\u003e\n Freed by task 0:\n kasan_save_stack+0x34/0x68\n kasan_save_track+0x2c/0x50\n kasan_save_free_info+0x64/0x108\n __kasan_mempool_poison_object+0x148/0x2d4\n napi_skb_cache_put+0x5c/0x194\n net_tx_action+0x154/0x5b8\n handle_softirqs+0x20c/0x60c\n do_softirq_own_stack+0x6c/0x88\n \u003c...\u003e\n The buggy address belongs to the object at c00000024eb48a00 which\n belongs to the cache skbuff_head_cache of size 224\n==================================================================",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21855",
"url": "https://www.suse.com/security/cve/CVE-2025-21855"
},
{
"category": "external",
"summary": "SUSE Bug 1239484 for CVE-2025-21855",
"url": "https://bugzilla.suse.com/1239484"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21855"
},
{
"cve": "CVE-2025-21856",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21856"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/ism: add release function for struct device\n\nAccording to device_release() in /drivers/base/core.c,\na device without a release function is a broken device\nand must be fixed.\n\nThe current code directly frees the device after calling device_add()\nwithout waiting for other kernel parts to release their references.\nThus, a reference could still be held to a struct device,\ne.g., by sysfs, leading to potential use-after-free\nissues if a proper release function is not set.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21856",
"url": "https://www.suse.com/security/cve/CVE-2025-21856"
},
{
"category": "external",
"summary": "SUSE Bug 1239486 for CVE-2025-21856",
"url": "https://bugzilla.suse.com/1239486"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21856"
},
{
"cve": "CVE-2025-21857",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21857"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: cls_api: fix error handling causing NULL dereference\n\ntcf_exts_miss_cookie_base_alloc() calls xa_alloc_cyclic() which can\nreturn 1 if the allocation succeeded after wrapping. This was treated as\nan error, with value 1 returned to caller tcf_exts_init_ex() which sets\nexts-\u003eactions to NULL and returns 1 to caller fl_change().\n\nfl_change() treats err == 1 as success, calling tcf_exts_validate_ex()\nwhich calls tcf_action_init() with exts-\u003eactions as argument, where it\nis dereferenced.\n\nExample trace:\n\nBUG: kernel NULL pointer dereference, address: 0000000000000000\nCPU: 114 PID: 16151 Comm: handler114 Kdump: loaded Not tainted 5.14.0-503.16.1.el9_5.x86_64 #1\nRIP: 0010:tcf_action_init+0x1f8/0x2c0\nCall Trace:\n tcf_action_init+0x1f8/0x2c0\n tcf_exts_validate_ex+0x175/0x190\n fl_change+0x537/0x1120 [cls_flower]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21857",
"url": "https://www.suse.com/security/cve/CVE-2025-21857"
},
{
"category": "external",
"summary": "SUSE Bug 1239478 for CVE-2025-21857",
"url": "https://bugzilla.suse.com/1239478"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21857"
},
{
"cve": "CVE-2025-21858",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21858"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngeneve: Fix use-after-free in geneve_find_dev().\n\nsyzkaller reported a use-after-free in geneve_find_dev() [0]\nwithout repro.\n\ngeneve_configure() links struct geneve_dev.next to\nnet_generic(net, geneve_net_id)-\u003egeneve_list.\n\nThe net here could differ from dev_net(dev) if IFLA_NET_NS_PID,\nIFLA_NET_NS_FD, or IFLA_TARGET_NETNSID is set.\n\nWhen dev_net(dev) is dismantled, geneve_exit_batch_rtnl() finally\ncalls unregister_netdevice_queue() for each dev in the netns,\nand later the dev is freed.\n\nHowever, its geneve_dev.next is still linked to the backend UDP\nsocket netns.\n\nThen, use-after-free will occur when another geneve dev is created\nin the netns.\n\nLet\u0027s call geneve_dellink() instead in geneve_destroy_tunnels().\n\n[0]:\nBUG: KASAN: slab-use-after-free in geneve_find_dev drivers/net/geneve.c:1295 [inline]\nBUG: KASAN: slab-use-after-free in geneve_configure+0x234/0x858 drivers/net/geneve.c:1343\nRead of size 2 at addr ffff000054d6ee24 by task syz.1.4029/13441\n\nCPU: 1 UID: 0 PID: 13441 Comm: syz.1.4029 Not tainted 6.13.0-g0ad9617c78ac #24 dc35ca22c79fb82e8e7bc5c9c9adafea898b1e3d\nHardware name: linux,dummy-virt (DT)\nCall trace:\n show_stack+0x38/0x50 arch/arm64/kernel/stacktrace.c:466 (C)\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0xbc/0x108 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0x16c/0x6f0 mm/kasan/report.c:489\n kasan_report+0xc0/0x120 mm/kasan/report.c:602\n __asan_report_load2_noabort+0x20/0x30 mm/kasan/report_generic.c:379\n geneve_find_dev drivers/net/geneve.c:1295 [inline]\n geneve_configure+0x234/0x858 drivers/net/geneve.c:1343\n geneve_newlink+0xb8/0x128 drivers/net/geneve.c:1634\n rtnl_newlink_create+0x23c/0x868 net/core/rtnetlink.c:3795\n __rtnl_newlink net/core/rtnetlink.c:3906 [inline]\n rtnl_newlink+0x1054/0x1630 net/core/rtnetlink.c:4021\n rtnetlink_rcv_msg+0x61c/0x918 net/core/rtnetlink.c:6911\n netlink_rcv_skb+0x1dc/0x398 net/netlink/af_netlink.c:2543\n rtnetlink_rcv+0x34/0x50 net/core/rtnetlink.c:6938\n netlink_unicast_kernel net/netlink/af_netlink.c:1322 [inline]\n netlink_unicast+0x618/0x838 net/netlink/af_netlink.c:1348\n netlink_sendmsg+0x5fc/0x8b0 net/netlink/af_netlink.c:1892\n sock_sendmsg_nosec net/socket.c:713 [inline]\n __sock_sendmsg net/socket.c:728 [inline]\n ____sys_sendmsg+0x410/0x6f8 net/socket.c:2568\n ___sys_sendmsg+0x178/0x1d8 net/socket.c:2622\n __sys_sendmsg net/socket.c:2654 [inline]\n __do_sys_sendmsg net/socket.c:2659 [inline]\n __se_sys_sendmsg net/socket.c:2657 [inline]\n __arm64_sys_sendmsg+0x12c/0x1c8 net/socket.c:2657\n __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]\n invoke_syscall+0x90/0x278 arch/arm64/kernel/syscall.c:49\n el0_svc_common+0x13c/0x250 arch/arm64/kernel/syscall.c:132\n do_el0_svc+0x54/0x70 arch/arm64/kernel/syscall.c:151\n el0_svc+0x4c/0xa8 arch/arm64/kernel/entry-common.c:744\n el0t_64_sync_handler+0x78/0x108 arch/arm64/kernel/entry-common.c:762\n el0t_64_sync+0x198/0x1a0 arch/arm64/kernel/entry.S:600\n\nAllocated by task 13247:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x30/0x68 mm/kasan/common.c:68\n kasan_save_alloc_info+0x44/0x58 mm/kasan/generic.c:568\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0x84/0xa0 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __do_kmalloc_node mm/slub.c:4298 [inline]\n __kmalloc_node_noprof+0x2a0/0x560 mm/slub.c:4304\n __kvmalloc_node_noprof+0x9c/0x230 mm/util.c:645\n alloc_netdev_mqs+0xb8/0x11a0 net/core/dev.c:11470\n rtnl_create_link+0x2b8/0xb50 net/core/rtnetlink.c:3604\n rtnl_newlink_create+0x19c/0x868 net/core/rtnetlink.c:3780\n __rtnl_newlink net/core/rtnetlink.c:3906 [inline]\n rtnl_newlink+0x1054/0x1630 net/core/rtnetlink.c:4021\n rtnetlink_rcv_msg+0x61c/0x918 net/core/rtnetlink.c:6911\n netlink_rcv_skb+0x1dc/0x398 net/netlink/af_netlink.c:2543\n rtnetlink_rcv+0x34/0x50 net/core/rtnetlink.c:6938\n netlink_unicast_kernel net/netlink/af_n\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21858",
"url": "https://www.suse.com/security/cve/CVE-2025-21858"
},
{
"category": "external",
"summary": "SUSE Bug 1239468 for CVE-2025-21858",
"url": "https://bugzilla.suse.com/1239468"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21858"
},
{
"cve": "CVE-2025-21859",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21859"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: gadget: f_midi: f_midi_complete to call queue_work\n\nWhen using USB MIDI, a lock is attempted to be acquired twice through a\nre-entrant call to f_midi_transmit, causing a deadlock.\n\nFix it by using queue_work() to schedule the inner f_midi_transmit() via\na high priority work queue from the completion handler.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21859",
"url": "https://www.suse.com/security/cve/CVE-2025-21859"
},
{
"category": "external",
"summary": "SUSE Bug 1239467 for CVE-2025-21859",
"url": "https://bugzilla.suse.com/1239467"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21859"
},
{
"cve": "CVE-2025-21861",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21861"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/migrate_device: don\u0027t add folio to be freed to LRU in migrate_device_finalize()\n\nIf migration succeeded, we called\nfolio_migrate_flags()-\u003emem_cgroup_migrate() to migrate the memcg from the\nold to the new folio. This will set memcg_data of the old folio to 0.\n\nSimilarly, if migration failed, memcg_data of the dst folio is left unset.\n\nIf we call folio_putback_lru() on such folios (memcg_data == 0), we will\nadd the folio to be freed to the LRU, making memcg code unhappy. Running\nthe hmm selftests:\n\n # ./hmm-tests\n ...\n # RUN hmm.hmm_device_private.migrate ...\n [ 102.078007][T14893] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x7ff27d200 pfn:0x13cc00\n [ 102.079974][T14893] anon flags: 0x17ff00000020018(uptodate|dirty|swapbacked|node=0|zone=2|lastcpupid=0x7ff)\n [ 102.082037][T14893] raw: 017ff00000020018 dead000000000100 dead000000000122 ffff8881353896c9\n [ 102.083687][T14893] raw: 00000007ff27d200 0000000000000000 00000001ffffffff 0000000000000000\n [ 102.085331][T14893] page dumped because: VM_WARN_ON_ONCE_FOLIO(!memcg \u0026\u0026 !mem_cgroup_disabled())\n [ 102.087230][T14893] ------------[ cut here ]------------\n [ 102.088279][T14893] WARNING: CPU: 0 PID: 14893 at ./include/linux/memcontrol.h:726 folio_lruvec_lock_irqsave+0x10e/0x170\n [ 102.090478][T14893] Modules linked in:\n [ 102.091244][T14893] CPU: 0 UID: 0 PID: 14893 Comm: hmm-tests Not tainted 6.13.0-09623-g6c216bc522fd #151\n [ 102.093089][T14893] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-2.fc40 04/01/2014\n [ 102.094848][T14893] RIP: 0010:folio_lruvec_lock_irqsave+0x10e/0x170\n [ 102.096104][T14893] Code: ...\n [ 102.099908][T14893] RSP: 0018:ffffc900236c37b0 EFLAGS: 00010293\n [ 102.101152][T14893] RAX: 0000000000000000 RBX: ffffea0004f30000 RCX: ffffffff8183f426\n [ 102.102684][T14893] RDX: ffff8881063cb880 RSI: ffffffff81b8117f RDI: ffff8881063cb880\n [ 102.104227][T14893] RBP: 0000000000000000 R08: 0000000000000005 R09: 0000000000000000\n [ 102.105757][T14893] R10: 0000000000000001 R11: 0000000000000002 R12: ffffc900236c37d8\n [ 102.107296][T14893] R13: ffff888277a2bcb0 R14: 000000000000001f R15: 0000000000000000\n [ 102.108830][T14893] FS: 00007ff27dbdd740(0000) GS:ffff888277a00000(0000) knlGS:0000000000000000\n [ 102.110643][T14893] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n [ 102.111924][T14893] CR2: 00007ff27d400000 CR3: 000000010866e000 CR4: 0000000000750ef0\n [ 102.113478][T14893] PKRU: 55555554\n [ 102.114172][T14893] Call Trace:\n [ 102.114805][T14893] \u003cTASK\u003e\n [ 102.115397][T14893] ? folio_lruvec_lock_irqsave+0x10e/0x170\n [ 102.116547][T14893] ? __warn.cold+0x110/0x210\n [ 102.117461][T14893] ? folio_lruvec_lock_irqsave+0x10e/0x170\n [ 102.118667][T14893] ? report_bug+0x1b9/0x320\n [ 102.119571][T14893] ? handle_bug+0x54/0x90\n [ 102.120494][T14893] ? exc_invalid_op+0x17/0x50\n [ 102.121433][T14893] ? asm_exc_invalid_op+0x1a/0x20\n [ 102.122435][T14893] ? __wake_up_klogd.part.0+0x76/0xd0\n [ 102.123506][T14893] ? dump_page+0x4f/0x60\n [ 102.124352][T14893] ? folio_lruvec_lock_irqsave+0x10e/0x170\n [ 102.125500][T14893] folio_batch_move_lru+0xd4/0x200\n [ 102.126577][T14893] ? __pfx_lru_add+0x10/0x10\n [ 102.127505][T14893] __folio_batch_add_and_move+0x391/0x720\n [ 102.128633][T14893] ? __pfx_lru_add+0x10/0x10\n [ 102.129550][T14893] folio_putback_lru+0x16/0x80\n [ 102.130564][T14893] migrate_device_finalize+0x9b/0x530\n [ 102.131640][T14893] dmirror_migrate_to_device.constprop.0+0x7c5/0xad0\n [ 102.133047][T14893] dmirror_fops_unlocked_ioctl+0x89b/0xc80\n\nLikely, nothing else goes wrong: putting the last folio reference will\nremove the folio from the LRU again. So besides memcg complaining, adding\nthe folio to be freed to the LRU is just an unnecessary step.\n\nThe new flow resembles what we have in migrate_folio_move(): add the dst\nto the lru, rem\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21861",
"url": "https://www.suse.com/security/cve/CVE-2025-21861"
},
{
"category": "external",
"summary": "SUSE Bug 1239483 for CVE-2025-21861",
"url": "https://bugzilla.suse.com/1239483"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21861"
},
{
"cve": "CVE-2025-21862",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21862"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrop_monitor: fix incorrect initialization order\n\nSyzkaller reports the following bug:\n\nBUG: spinlock bad magic on CPU#1, syz-executor.0/7995\n lock: 0xffff88805303f3e0, .magic: 00000000, .owner: \u003cnone\u003e/-1, .owner_cpu: 0\nCPU: 1 PID: 7995 Comm: syz-executor.0 Tainted: G E 5.10.209+ #1\nHardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 11/12/2020\nCall Trace:\n __dump_stack lib/dump_stack.c:77 [inline]\n dump_stack+0x119/0x179 lib/dump_stack.c:118\n debug_spin_lock_before kernel/locking/spinlock_debug.c:83 [inline]\n do_raw_spin_lock+0x1f6/0x270 kernel/locking/spinlock_debug.c:112\n __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:117 [inline]\n _raw_spin_lock_irqsave+0x50/0x70 kernel/locking/spinlock.c:159\n reset_per_cpu_data+0xe6/0x240 [drop_monitor]\n net_dm_cmd_trace+0x43d/0x17a0 [drop_monitor]\n genl_family_rcv_msg_doit+0x22f/0x330 net/netlink/genetlink.c:739\n genl_family_rcv_msg net/netlink/genetlink.c:783 [inline]\n genl_rcv_msg+0x341/0x5a0 net/netlink/genetlink.c:800\n netlink_rcv_skb+0x14d/0x440 net/netlink/af_netlink.c:2497\n genl_rcv+0x29/0x40 net/netlink/genetlink.c:811\n netlink_unicast_kernel net/netlink/af_netlink.c:1322 [inline]\n netlink_unicast+0x54b/0x800 net/netlink/af_netlink.c:1348\n netlink_sendmsg+0x914/0xe00 net/netlink/af_netlink.c:1916\n sock_sendmsg_nosec net/socket.c:651 [inline]\n __sock_sendmsg+0x157/0x190 net/socket.c:663\n ____sys_sendmsg+0x712/0x870 net/socket.c:2378\n ___sys_sendmsg+0xf8/0x170 net/socket.c:2432\n __sys_sendmsg+0xea/0x1b0 net/socket.c:2461\n do_syscall_64+0x30/0x40 arch/x86/entry/common.c:46\n entry_SYSCALL_64_after_hwframe+0x62/0xc7\nRIP: 0033:0x7f3f9815aee9\nCode: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007f3f972bf0c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\nRAX: ffffffffffffffda RBX: 00007f3f9826d050 RCX: 00007f3f9815aee9\nRDX: 0000000020000000 RSI: 0000000020001300 RDI: 0000000000000007\nRBP: 00007f3f981b63bd R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\nR13: 000000000000006e R14: 00007f3f9826d050 R15: 00007ffe01ee6768\n\nIf drop_monitor is built as a kernel module, syzkaller may have time\nto send a netlink NET_DM_CMD_START message during the module loading.\nThis will call the net_dm_monitor_start() function that uses\na spinlock that has not yet been initialized.\n\nTo fix this, let\u0027s place resource initialization above the registration\nof a generic netlink family.\n\nFound by InfoTeCS on behalf of Linux Verification Center\n(linuxtesting.org) with Syzkaller.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21862",
"url": "https://www.suse.com/security/cve/CVE-2025-21862"
},
{
"category": "external",
"summary": "SUSE Bug 1239474 for CVE-2025-21862",
"url": "https://bugzilla.suse.com/1239474"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21862"
},
{
"cve": "CVE-2025-21863",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21863"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring: prevent opcode speculation\n\nsqe-\u003eopcode is used for different tables, make sure we santitise it\nagainst speculations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21863",
"url": "https://www.suse.com/security/cve/CVE-2025-21863"
},
{
"category": "external",
"summary": "SUSE Bug 1239475 for CVE-2025-21863",
"url": "https://bugzilla.suse.com/1239475"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21863"
},
{
"cve": "CVE-2025-21864",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21864"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: drop secpath at the same time as we currently drop dst\n\nXiumei reported hitting the WARN in xfrm6_tunnel_net_exit while\nrunning tests that boil down to:\n - create a pair of netns\n - run a basic TCP test over ipcomp6\n - delete the pair of netns\n\nThe xfrm_state found on spi_byaddr was not deleted at the time we\ndelete the netns, because we still have a reference on it. This\nlingering reference comes from a secpath (which holds a ref on the\nxfrm_state), which is still attached to an skb. This skb is not\nleaked, it ends up on sk_receive_queue and then gets defer-free\u0027d by\nskb_attempt_defer_free.\n\nThe problem happens when we defer freeing an skb (push it on one CPU\u0027s\ndefer_list), and don\u0027t flush that list before the netns is deleted. In\nthat case, we still have a reference on the xfrm_state that we don\u0027t\nexpect at this point.\n\nWe already drop the skb\u0027s dst in the TCP receive path when it\u0027s no\nlonger needed, so let\u0027s also drop the secpath. At this point,\ntcp_filter has already called into the LSM hooks that may require the\nsecpath, so it should not be needed anymore. However, in some of those\nplaces, the MPTCP extension has just been attached to the skb, so we\ncannot simply drop all extensions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21864",
"url": "https://www.suse.com/security/cve/CVE-2025-21864"
},
{
"category": "external",
"summary": "SUSE Bug 1239482 for CVE-2025-21864",
"url": "https://bugzilla.suse.com/1239482"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21864"
},
{
"cve": "CVE-2025-21865",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21865"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl().\n\nBrad Spengler reported the list_del() corruption splat in\ngtp_net_exit_batch_rtnl(). [0]\n\nCommit eb28fd76c0a0 (\"gtp: Destroy device along with udp socket\u0027s netns\ndismantle.\") added the for_each_netdev() loop in gtp_net_exit_batch_rtnl()\nto destroy devices in each netns as done in geneve and ip tunnels.\n\nHowever, this could trigger -\u003edellink() twice for the same device during\n-\u003eexit_batch_rtnl().\n\nSay we have two netns A \u0026 B and gtp device B that resides in netns B but\nwhose UDP socket is in netns A.\n\n 1. cleanup_net() processes netns A and then B.\n\n 2. gtp_net_exit_batch_rtnl() finds the device B while iterating\n netns A\u0027s gn-\u003egtp_dev_list and calls -\u003edellink().\n\n [ device B is not yet unlinked from netns B\n as unregister_netdevice_many() has not been called. ]\n\n 3. gtp_net_exit_batch_rtnl() finds the device B while iterating\n netns B\u0027s for_each_netdev() and calls -\u003edellink().\n\ngtp_dellink() cleans up the device\u0027s hash table, unlinks the dev from\ngn-\u003egtp_dev_list, and calls unregister_netdevice_queue().\n\nBasically, calling gtp_dellink() multiple times is fine unless\nCONFIG_DEBUG_LIST is enabled.\n\nLet\u0027s remove for_each_netdev() in gtp_net_exit_batch_rtnl() and\ndelegate the destruction to default_device_exit_batch() as done\nin bareudp.\n\n[0]:\nlist_del corruption, ffff8880aaa62c00-\u003enext (autoslab_size_M_dev_P_net_core_dev_11127_8_1328_8_S_4096_A_64_n_139+0xc00/0x1000 [slab object]) is LIST_POISON1 (ffffffffffffff02) (prev is 0xffffffffffffff04)\nkernel BUG at lib/list_debug.c:58!\nOops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN\nCPU: 1 UID: 0 PID: 1804 Comm: kworker/u8:7 Tainted: G T 6.12.13-grsec-full-20250211091339 #1\nTainted: [T]=RANDSTRUCT\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\nWorkqueue: netns cleanup_net\nRIP: 0010:[\u003cffffffff84947381\u003e] __list_del_entry_valid_or_report+0x141/0x200 lib/list_debug.c:58\nCode: c2 76 91 31 c0 e8 9f b1 f7 fc 0f 0b 4d 89 f0 48 c7 c1 02 ff ff ff 48 89 ea 48 89 ee 48 c7 c7 e0 c2 76 91 31 c0 e8 7f b1 f7 fc \u003c0f\u003e 0b 4d 89 e8 48 c7 c1 04 ff ff ff 48 89 ea 48 89 ee 48 c7 c7 60\nRSP: 0018:fffffe8040b4fbd0 EFLAGS: 00010283\nRAX: 00000000000000cc RBX: dffffc0000000000 RCX: ffffffff818c4054\nRDX: ffffffff84947381 RSI: ffffffff818d1512 RDI: 0000000000000000\nRBP: ffff8880aaa62c00 R08: 0000000000000001 R09: fffffbd008169f32\nR10: fffffe8040b4f997 R11: 0000000000000001 R12: a1988d84f24943e4\nR13: ffffffffffffff02 R14: ffffffffffffff04 R15: ffff8880aaa62c08\nRBX: kasan shadow of 0x0\nRCX: __wake_up_klogd.part.0+0x74/0xe0 kernel/printk/printk.c:4554\nRDX: __list_del_entry_valid_or_report+0x141/0x200 lib/list_debug.c:58\nRSI: vprintk+0x72/0x100 kernel/printk/printk_safe.c:71\nRBP: autoslab_size_M_dev_P_net_core_dev_11127_8_1328_8_S_4096_A_64_n_139+0xc00/0x1000 [slab object]\nRSP: process kstack fffffe8040b4fbd0+0x7bd0/0x8000 [kworker/u8:7+netns 1804 ]\nR09: kasan shadow of process kstack fffffe8040b4f990+0x7990/0x8000 [kworker/u8:7+netns 1804 ]\nR10: process kstack fffffe8040b4f997+0x7997/0x8000 [kworker/u8:7+netns 1804 ]\nR15: autoslab_size_M_dev_P_net_core_dev_11127_8_1328_8_S_4096_A_64_n_139+0xc08/0x1000 [slab object]\nFS: 0000000000000000(0000) GS:ffff888116000000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000748f5372c000 CR3: 0000000015408000 CR4: 00000000003406f0 shadow CR4: 00000000003406f0\nStack:\n 0000000000000000 ffffffff8a0c35e7 ffffffff8a0c3603 ffff8880aaa62c00\n ffff8880aaa62c00 0000000000000004 ffff88811145311c 0000000000000005\n 0000000000000001 ffff8880aaa62000 fffffe8040b4fd40 ffffffff8a0c360d\nCall Trace:\n \u003cTASK\u003e\n [\u003cffffffff8a0c360d\u003e] __list_del_entry_valid include/linux/list.h:131 [inline] fffffe8040b4fc28\n [\u003cffffffff8a0c360d\u003e] __list_del_entry include/linux/list.h:248 [inline] fffffe8040b4fc28\n [\u003cffffffff8a0c360d\u003e] list_del include/linux/list.h:262 [inl\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21865",
"url": "https://www.suse.com/security/cve/CVE-2025-21865"
},
{
"category": "external",
"summary": "SUSE Bug 1239481 for CVE-2025-21865",
"url": "https://bugzilla.suse.com/1239481"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21865"
},
{
"cve": "CVE-2025-21866",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21866"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/code-patching: Fix KASAN hit by not flagging text patching area as VM_ALLOC\n\nErhard reported the following KASAN hit while booting his PowerMac G4\nwith a KASAN-enabled kernel 6.13-rc6:\n\n BUG: KASAN: vmalloc-out-of-bounds in copy_to_kernel_nofault+0xd8/0x1c8\n Write of size 8 at addr f1000000 by task chronyd/1293\n\n CPU: 0 UID: 123 PID: 1293 Comm: chronyd Tainted: G W 6.13.0-rc6-PMacG4 #2\n Tainted: [W]=WARN\n Hardware name: PowerMac3,6 7455 0x80010303 PowerMac\n Call Trace:\n [c2437590] [c1631a84] dump_stack_lvl+0x70/0x8c (unreliable)\n [c24375b0] [c0504998] print_report+0xdc/0x504\n [c2437610] [c050475c] kasan_report+0xf8/0x108\n [c2437690] [c0505a3c] kasan_check_range+0x24/0x18c\n [c24376a0] [c03fb5e4] copy_to_kernel_nofault+0xd8/0x1c8\n [c24376c0] [c004c014] patch_instructions+0x15c/0x16c\n [c2437710] [c00731a8] bpf_arch_text_copy+0x60/0x7c\n [c2437730] [c0281168] bpf_jit_binary_pack_finalize+0x50/0xac\n [c2437750] [c0073cf4] bpf_int_jit_compile+0xb30/0xdec\n [c2437880] [c0280394] bpf_prog_select_runtime+0x15c/0x478\n [c24378d0] [c1263428] bpf_prepare_filter+0xbf8/0xc14\n [c2437990] [c12677ec] bpf_prog_create_from_user+0x258/0x2b4\n [c24379d0] [c027111c] do_seccomp+0x3dc/0x1890\n [c2437ac0] [c001d8e0] system_call_exception+0x2dc/0x420\n [c2437f30] [c00281ac] ret_from_syscall+0x0/0x2c\n --- interrupt: c00 at 0x5a1274\n NIP: 005a1274 LR: 006a3b3c CTR: 005296c8\n REGS: c2437f40 TRAP: 0c00 Tainted: G W (6.13.0-rc6-PMacG4)\n MSR: 0200f932 \u003cVEC,EE,PR,FP,ME,IR,DR,RI\u003e CR: 24004422 XER: 00000000\n\n GPR00: 00000166 af8f3fa0 a7ee3540 00000001 00000000 013b6500 005a5858 0200f932\n GPR08: 00000000 00001fe9 013d5fc8 005296c8 2822244c 00b2fcd8 00000000 af8f4b57\n GPR16: 00000000 00000001 00000000 00000000 00000000 00000001 00000000 00000002\n GPR24: 00afdbb0 00000000 00000000 00000000 006e0004 013ce060 006e7c1c 00000001\n NIP [005a1274] 0x5a1274\n LR [006a3b3c] 0x6a3b3c\n --- interrupt: c00\n\n The buggy address belongs to the virtual mapping at\n [f1000000, f1002000) created by:\n text_area_cpu_up+0x20/0x190\n\n The buggy address belongs to the physical page:\n page: refcount:1 mapcount:0 mapping:00000000 index:0x0 pfn:0x76e30\n flags: 0x80000000(zone=2)\n raw: 80000000 00000000 00000122 00000000 00000000 00000000 ffffffff 00000001\n raw: 00000000\n page dumped because: kasan: bad access detected\n\n Memory state around the buggy address:\n f0ffff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n f0ffff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n \u003ef1000000: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8\n ^\n f1000080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8\n f1000100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8\n ==================================================================\n\nf8 corresponds to KASAN_VMALLOC_INVALID which means the area is not\ninitialised hence not supposed to be used yet.\n\nPowerpc text patching infrastructure allocates a virtual memory area\nusing get_vm_area() and flags it as VM_ALLOC. But that flag is meant\nto be used for vmalloc() and vmalloc() allocated memory is not\nsupposed to be used before a call to __vmalloc_node_range() which is\nnever called for that area.\n\nThat went undetected until commit e4137f08816b (\"mm, kasan, kmsan:\ninstrument copy_from/to_kernel_nofault\")\n\nThe area allocated by text_area_cpu_up() is not vmalloc memory, it is\nmapped directly on demand when needed by map_kernel_page(). There is\nno VM flag corresponding to such usage, so just pass no flag. That way\nthe area will be unpoisonned and usable immediately.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21866",
"url": "https://www.suse.com/security/cve/CVE-2025-21866"
},
{
"category": "external",
"summary": "SUSE Bug 1239473 for CVE-2025-21866",
"url": "https://bugzilla.suse.com/1239473"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21866"
},
{
"cve": "CVE-2025-21869",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21869"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/code-patching: Disable KASAN report during patching via temporary mm\n\nErhard reports the following KASAN hit on Talos II (power9) with kernel 6.13:\n\n[ 12.028126] ==================================================================\n[ 12.028198] BUG: KASAN: user-memory-access in copy_to_kernel_nofault+0x8c/0x1a0\n[ 12.028260] Write of size 8 at addr 0000187e458f2000 by task systemd/1\n\n[ 12.028346] CPU: 87 UID: 0 PID: 1 Comm: systemd Tainted: G T 6.13.0-P9-dirty #3\n[ 12.028408] Tainted: [T]=RANDSTRUCT\n[ 12.028446] Hardware name: T2P9D01 REV 1.01 POWER9 0x4e1202 opal:skiboot-bc106a0 PowerNV\n[ 12.028500] Call Trace:\n[ 12.028536] [c000000008dbf3b0] [c000000001656a48] dump_stack_lvl+0xbc/0x110 (unreliable)\n[ 12.028609] [c000000008dbf3f0] [c0000000006e2fc8] print_report+0x6b0/0x708\n[ 12.028666] [c000000008dbf4e0] [c0000000006e2454] kasan_report+0x164/0x300\n[ 12.028725] [c000000008dbf600] [c0000000006e54d4] kasan_check_range+0x314/0x370\n[ 12.028784] [c000000008dbf640] [c0000000006e6310] __kasan_check_write+0x20/0x40\n[ 12.028842] [c000000008dbf660] [c000000000578e8c] copy_to_kernel_nofault+0x8c/0x1a0\n[ 12.028902] [c000000008dbf6a0] [c0000000000acfe4] __patch_instructions+0x194/0x210\n[ 12.028965] [c000000008dbf6e0] [c0000000000ade80] patch_instructions+0x150/0x590\n[ 12.029026] [c000000008dbf7c0] [c0000000001159bc] bpf_arch_text_copy+0x6c/0xe0\n[ 12.029085] [c000000008dbf800] [c000000000424250] bpf_jit_binary_pack_finalize+0x40/0xc0\n[ 12.029147] [c000000008dbf830] [c000000000115dec] bpf_int_jit_compile+0x3bc/0x930\n[ 12.029206] [c000000008dbf990] [c000000000423720] bpf_prog_select_runtime+0x1f0/0x280\n[ 12.029266] [c000000008dbfa00] [c000000000434b18] bpf_prog_load+0xbb8/0x1370\n[ 12.029324] [c000000008dbfb70] [c000000000436ebc] __sys_bpf+0x5ac/0x2e00\n[ 12.029379] [c000000008dbfd00] [c00000000043a228] sys_bpf+0x28/0x40\n[ 12.029435] [c000000008dbfd20] [c000000000038eb4] system_call_exception+0x334/0x610\n[ 12.029497] [c000000008dbfe50] [c00000000000c270] system_call_vectored_common+0xf0/0x280\n[ 12.029561] --- interrupt: 3000 at 0x3fff82f5cfa8\n[ 12.029608] NIP: 00003fff82f5cfa8 LR: 00003fff82f5cfa8 CTR: 0000000000000000\n[ 12.029660] REGS: c000000008dbfe80 TRAP: 3000 Tainted: G T (6.13.0-P9-dirty)\n[ 12.029735] MSR: 900000000280f032 \u003cSF,HV,VEC,VSX,EE,PR,FP,ME,IR,DR,RI\u003e CR: 42004848 XER: 00000000\n[ 12.029855] IRQMASK: 0\n GPR00: 0000000000000169 00003fffdcf789a0 00003fff83067100 0000000000000005\n GPR04: 00003fffdcf78a98 0000000000000090 0000000000000000 0000000000000008\n GPR08: 0000000000000000 0000000000000000 0000000000000000 0000000000000000\n GPR12: 0000000000000000 00003fff836ff7e0 c000000000010678 0000000000000000\n GPR16: 0000000000000000 0000000000000000 00003fffdcf78f28 00003fffdcf78f90\n GPR20: 0000000000000000 0000000000000000 0000000000000000 00003fffdcf78f80\n GPR24: 00003fffdcf78f70 00003fffdcf78d10 00003fff835c7239 00003fffdcf78bd8\n GPR28: 00003fffdcf78a98 0000000000000000 0000000000000000 000000011f547580\n[ 12.030316] NIP [00003fff82f5cfa8] 0x3fff82f5cfa8\n[ 12.030361] LR [00003fff82f5cfa8] 0x3fff82f5cfa8\n[ 12.030405] --- interrupt: 3000\n[ 12.030444] ==================================================================\n\nCommit c28c15b6d28a (\"powerpc/code-patching: Use temporary mm for\nRadix MMU\") is inspired from x86 but unlike x86 is doesn\u0027t disable\nKASAN reports during patching. This wasn\u0027t a problem at the begining\nbecause __patch_mem() is not instrumented.\n\nCommit 465cabc97b42 (\"powerpc/code-patching: introduce\npatch_instructions()\") use copy_to_kernel_nofault() to copy several\ninstructions at once. But when using temporary mm the destination is\nnot regular kernel memory but a kind of kernel-like memory located\nin user address space. \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21869",
"url": "https://www.suse.com/security/cve/CVE-2025-21869"
},
{
"category": "external",
"summary": "SUSE Bug 1240182 for CVE-2025-21869",
"url": "https://bugzilla.suse.com/1240182"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21869"
},
{
"cve": "CVE-2025-21870",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21870"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: SOF: ipc4-topology: Harden loops for looking up ALH copiers\n\nOther, non DAI copier widgets could have the same stream name (sname) as\nthe ALH copier and in that case the copier-\u003edata is NULL, no alh_data is\nattached, which could lead to NULL pointer dereference.\nWe could check for this NULL pointer in sof_ipc4_prepare_copier_module()\nand avoid the crash, but a similar loop in sof_ipc4_widget_setup_comp_dai()\nwill miscalculate the ALH device count, causing broken audio.\n\nThe correct fix is to harden the matching logic by making sure that the\n1. widget is a DAI widget - so dai = w-\u003eprivate is valid\n2. the dai (and thus the copier) is ALH copier",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21870",
"url": "https://www.suse.com/security/cve/CVE-2025-21870"
},
{
"category": "external",
"summary": "SUSE Bug 1240191 for CVE-2025-21870",
"url": "https://bugzilla.suse.com/1240191"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21870"
},
{
"cve": "CVE-2025-21871",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21871"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntee: optee: Fix supplicant wait loop\n\nOP-TEE supplicant is a user-space daemon and it\u0027s possible for it\nbe hung or crashed or killed in the middle of processing an OP-TEE\nRPC call. It becomes more complicated when there is incorrect shutdown\nordering of the supplicant process vs the OP-TEE client application which\ncan eventually lead to system hang-up waiting for the closure of the\nclient application.\n\nAllow the client process waiting in kernel for supplicant response to\nbe killed rather than indefinitely waiting in an unkillable state. Also,\na normal uninterruptible wait should not have resulted in the hung-task\nwatchdog getting triggered, but the endless loop would.\n\nThis fixes issues observed during system reboot/shutdown when supplicant\ngot hung for some reason or gets crashed/killed which lead to client\ngetting hung in an unkillable state. It in turn lead to system being in\nhung up state requiring hard power off/on to recover.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21871",
"url": "https://www.suse.com/security/cve/CVE-2025-21871"
},
{
"category": "external",
"summary": "SUSE Bug 1240183 for CVE-2025-21871",
"url": "https://bugzilla.suse.com/1240183"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21871"
},
{
"cve": "CVE-2025-21873",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21873"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ufs: core: bsg: Fix crash when arpmb command fails\n\nIf the device doesn\u0027t support arpmb we\u0027ll crash due to copying user data in\nbsg_transport_sg_io_fn().\n\nIn the case where ufs_bsg_exec_advanced_rpmb_req() returns an error, do not\nset the job\u0027s reply_len.\n\nMemory crash backtrace:\n3,1290,531166405,-;ufshcd 0000:00:12.5: ARPMB OP failed: error code -22\n\n4,1308,531166555,-;Call Trace:\n\n4,1309,531166559,-; \u003cTASK\u003e\n\n4,1310,531166565,-; ? show_regs+0x6d/0x80\n\n4,1311,531166575,-; ? die+0x37/0xa0\n\n4,1312,531166583,-; ? do_trap+0xd4/0xf0\n\n4,1313,531166593,-; ? do_error_trap+0x71/0xb0\n\n4,1314,531166601,-; ? usercopy_abort+0x6c/0x80\n\n4,1315,531166610,-; ? exc_invalid_op+0x52/0x80\n\n4,1316,531166622,-; ? usercopy_abort+0x6c/0x80\n\n4,1317,531166630,-; ? asm_exc_invalid_op+0x1b/0x20\n\n4,1318,531166643,-; ? usercopy_abort+0x6c/0x80\n\n4,1319,531166652,-; __check_heap_object+0xe3/0x120\n\n4,1320,531166661,-; check_heap_object+0x185/0x1d0\n\n4,1321,531166670,-; __check_object_size.part.0+0x72/0x150\n\n4,1322,531166679,-; __check_object_size+0x23/0x30\n\n4,1323,531166688,-; bsg_transport_sg_io_fn+0x314/0x3b0",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21873",
"url": "https://www.suse.com/security/cve/CVE-2025-21873"
},
{
"category": "external",
"summary": "SUSE Bug 1240184 for CVE-2025-21873",
"url": "https://bugzilla.suse.com/1240184"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21873"
},
{
"cve": "CVE-2025-21875",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21875"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: always handle address removal under msk socket lock\n\nSyzkaller reported a lockdep splat in the PM control path:\n\n WARNING: CPU: 0 PID: 6693 at ./include/net/sock.h:1711 sock_owned_by_me include/net/sock.h:1711 [inline]\n WARNING: CPU: 0 PID: 6693 at ./include/net/sock.h:1711 msk_owned_by_me net/mptcp/protocol.h:363 [inline]\n WARNING: CPU: 0 PID: 6693 at ./include/net/sock.h:1711 mptcp_pm_nl_addr_send_ack+0x57c/0x610 net/mptcp/pm_netlink.c:788\n Modules linked in:\n CPU: 0 UID: 0 PID: 6693 Comm: syz.0.205 Not tainted 6.14.0-rc2-syzkaller-00303-gad1b832bf1cf #0\n Hardware name: Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024\n RIP: 0010:sock_owned_by_me include/net/sock.h:1711 [inline]\n RIP: 0010:msk_owned_by_me net/mptcp/protocol.h:363 [inline]\n RIP: 0010:mptcp_pm_nl_addr_send_ack+0x57c/0x610 net/mptcp/pm_netlink.c:788\n Code: 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc e8 ca 7b d3 f5 eb b9 e8 c3 7b d3 f5 90 0f 0b 90 e9 dd fb ff ff e8 b5 7b d3 f5 90 \u003c0f\u003e 0b 90 e9 3e fb ff ff 44 89 f1 80 e1 07 38 c1 0f 8c eb fb ff ff\n RSP: 0000:ffffc900034f6f60 EFLAGS: 00010283\n RAX: ffffffff8bee3c2b RBX: 0000000000000001 RCX: 0000000000080000\n RDX: ffffc90004d42000 RSI: 000000000000a407 RDI: 000000000000a408\n RBP: ffffc900034f7030 R08: ffffffff8bee37f6 R09: 0100000000000000\n R10: dffffc0000000000 R11: ffffed100bcc62e4 R12: ffff88805e6316e0\n R13: ffff88805e630c00 R14: dffffc0000000000 R15: ffff88805e630c00\n FS: 00007f7e9a7e96c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000001b2fd18ff8 CR3: 0000000032c24000 CR4: 00000000003526f0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n \u003cTASK\u003e\n mptcp_pm_remove_addr+0x103/0x1d0 net/mptcp/pm.c:59\n mptcp_pm_remove_anno_addr+0x1f4/0x2f0 net/mptcp/pm_netlink.c:1486\n mptcp_nl_remove_subflow_and_signal_addr net/mptcp/pm_netlink.c:1518 [inline]\n mptcp_pm_nl_del_addr_doit+0x118d/0x1af0 net/mptcp/pm_netlink.c:1629\n genl_family_rcv_msg_doit net/netlink/genetlink.c:1115 [inline]\n genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]\n genl_rcv_msg+0xb1f/0xec0 net/netlink/genetlink.c:1210\n netlink_rcv_skb+0x206/0x480 net/netlink/af_netlink.c:2543\n genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219\n netlink_unicast_kernel net/netlink/af_netlink.c:1322 [inline]\n netlink_unicast+0x7f6/0x990 net/netlink/af_netlink.c:1348\n netlink_sendmsg+0x8de/0xcb0 net/netlink/af_netlink.c:1892\n sock_sendmsg_nosec net/socket.c:718 [inline]\n __sock_sendmsg+0x221/0x270 net/socket.c:733\n ____sys_sendmsg+0x53a/0x860 net/socket.c:2573\n ___sys_sendmsg net/socket.c:2627 [inline]\n __sys_sendmsg+0x269/0x350 net/socket.c:2659\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n RIP: 0033:0x7f7e9998cde9\n Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48\n RSP: 002b:00007f7e9a7e9038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\n RAX: ffffffffffffffda RBX: 00007f7e99ba5fa0 RCX: 00007f7e9998cde9\n RDX: 000000002000c094 RSI: 0000400000000000 RDI: 0000000000000007\n RBP: 00007f7e99a0e2a0 R08: 0000000000000000 R09: 0000000000000000\n R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\n R13: 0000000000000000 R14: 00007f7e99ba5fa0 R15: 00007fff49231088\n\nIndeed the PM can try to send a RM_ADDR over a msk without acquiring\nfirst the msk socket lock.\n\nThe bugged code-path comes from an early optimization: when there\nare no subflows, the PM should (usually) not send RM_ADDR\nnotifications.\n\nThe above statement is incorrect, as without locks another process\ncould concur\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21875",
"url": "https://www.suse.com/security/cve/CVE-2025-21875"
},
{
"category": "external",
"summary": "SUSE Bug 1240168 for CVE-2025-21875",
"url": "https://bugzilla.suse.com/1240168"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21875"
},
{
"cve": "CVE-2025-21876",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21876"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/vt-d: Fix suspicious RCU usage\n\nCommit \u003cd74169ceb0d2\u003e (\"iommu/vt-d: Allocate DMAR fault interrupts\nlocally\") moved the call to enable_drhd_fault_handling() to a code\npath that does not hold any lock while traversing the drhd list. Fix\nit by ensuring the dmar_global_lock lock is held when traversing the\ndrhd list.\n\nWithout this fix, the following warning is triggered:\n =============================\n WARNING: suspicious RCU usage\n 6.14.0-rc3 #55 Not tainted\n -----------------------------\n drivers/iommu/intel/dmar.c:2046 RCU-list traversed in non-reader section!!\n other info that might help us debug this:\n rcu_scheduler_active = 1, debug_locks = 1\n 2 locks held by cpuhp/1/23:\n #0: ffffffff84a67c50 (cpu_hotplug_lock){++++}-{0:0}, at: cpuhp_thread_fun+0x87/0x2c0\n #1: ffffffff84a6a380 (cpuhp_state-up){+.+.}-{0:0}, at: cpuhp_thread_fun+0x87/0x2c0\n stack backtrace:\n CPU: 1 UID: 0 PID: 23 Comm: cpuhp/1 Not tainted 6.14.0-rc3 #55\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0xb7/0xd0\n lockdep_rcu_suspicious+0x159/0x1f0\n ? __pfx_enable_drhd_fault_handling+0x10/0x10\n enable_drhd_fault_handling+0x151/0x180\n cpuhp_invoke_callback+0x1df/0x990\n cpuhp_thread_fun+0x1ea/0x2c0\n smpboot_thread_fn+0x1f5/0x2e0\n ? __pfx_smpboot_thread_fn+0x10/0x10\n kthread+0x12a/0x2d0\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x4a/0x60\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n\nHolding the lock in enable_drhd_fault_handling() triggers a lockdep splat\nabout a possible deadlock between dmar_global_lock and cpu_hotplug_lock.\nThis is avoided by not holding dmar_global_lock when calling\niommu_device_register(), which initiates the device probe process.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21876",
"url": "https://www.suse.com/security/cve/CVE-2025-21876"
},
{
"category": "external",
"summary": "SUSE Bug 1240179 for CVE-2025-21876",
"url": "https://bugzilla.suse.com/1240179"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21876"
},
{
"cve": "CVE-2025-21877",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21877"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusbnet: gl620a: fix endpoint checking in genelink_bind()\n\nSyzbot reports [1] a warning in usb_submit_urb() triggered by\ninconsistencies between expected and actually present endpoints\nin gl620a driver. Since genelink_bind() does not properly\nverify whether specified eps are in fact provided by the device,\nin this case, an artificially manufactured one, one may get a\nmismatch.\n\nFix the issue by resorting to a usbnet utility function\nusbnet_get_endpoints(), usually reserved for this very problem.\nCheck for endpoints and return early before proceeding further if\nany are missing.\n\n[1] Syzbot report:\nusb 5-1: Manufacturer: syz\nusb 5-1: SerialNumber: syz\nusb 5-1: config 0 descriptor??\ngl620a 5-1:0.23 usb0: register \u0027gl620a\u0027 at usb-dummy_hcd.0-1, ...\n------------[ cut here ]------------\nusb 5-1: BOGUS urb xfer, pipe 3 != type 1\nWARNING: CPU: 2 PID: 1841 at drivers/usb/core/urb.c:503 usb_submit_urb+0xe4b/0x1730 drivers/usb/core/urb.c:503\nModules linked in:\nCPU: 2 UID: 0 PID: 1841 Comm: kworker/2:2 Not tainted 6.12.0-syzkaller-07834-g06afb0f36106 #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\nWorkqueue: mld mld_ifc_work\nRIP: 0010:usb_submit_urb+0xe4b/0x1730 drivers/usb/core/urb.c:503\n...\nCall Trace:\n \u003cTASK\u003e\n usbnet_start_xmit+0x6be/0x2780 drivers/net/usb/usbnet.c:1467\n __netdev_start_xmit include/linux/netdevice.h:5002 [inline]\n netdev_start_xmit include/linux/netdevice.h:5011 [inline]\n xmit_one net/core/dev.c:3590 [inline]\n dev_hard_start_xmit+0x9a/0x7b0 net/core/dev.c:3606\n sch_direct_xmit+0x1ae/0xc30 net/sched/sch_generic.c:343\n __dev_xmit_skb net/core/dev.c:3827 [inline]\n __dev_queue_xmit+0x13d4/0x43e0 net/core/dev.c:4400\n dev_queue_xmit include/linux/netdevice.h:3168 [inline]\n neigh_resolve_output net/core/neighbour.c:1514 [inline]\n neigh_resolve_output+0x5bc/0x950 net/core/neighbour.c:1494\n neigh_output include/net/neighbour.h:539 [inline]\n ip6_finish_output2+0xb1b/0x2070 net/ipv6/ip6_output.c:141\n __ip6_finish_output net/ipv6/ip6_output.c:215 [inline]\n ip6_finish_output+0x3f9/0x1360 net/ipv6/ip6_output.c:226\n NF_HOOK_COND include/linux/netfilter.h:303 [inline]\n ip6_output+0x1f8/0x540 net/ipv6/ip6_output.c:247\n dst_output include/net/dst.h:450 [inline]\n NF_HOOK include/linux/netfilter.h:314 [inline]\n NF_HOOK include/linux/netfilter.h:308 [inline]\n mld_sendpack+0x9f0/0x11d0 net/ipv6/mcast.c:1819\n mld_send_cr net/ipv6/mcast.c:2120 [inline]\n mld_ifc_work+0x740/0xca0 net/ipv6/mcast.c:2651\n process_one_work+0x9c5/0x1ba0 kernel/workqueue.c:3229\n process_scheduled_works kernel/workqueue.c:3310 [inline]\n worker_thread+0x6c8/0xf00 kernel/workqueue.c:3391\n kthread+0x2c1/0x3a0 kernel/kthread.c:389\n ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21877",
"url": "https://www.suse.com/security/cve/CVE-2025-21877"
},
{
"category": "external",
"summary": "SUSE Bug 1240172 for CVE-2025-21877",
"url": "https://bugzilla.suse.com/1240172"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21877"
},
{
"cve": "CVE-2025-21878",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21878"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni2c: npcm: disable interrupt enable bit before devm_request_irq\n\nThe customer reports that there is a soft lockup issue related to\nthe i2c driver. After checking, the i2c module was doing a tx transfer\nand the bmc machine reboots in the middle of the i2c transaction, the i2c\nmodule keeps the status without being reset.\n\nDue to such an i2c module status, the i2c irq handler keeps getting\ntriggered since the i2c irq handler is registered in the kernel booting\nprocess after the bmc machine is doing a warm rebooting.\nThe continuous triggering is stopped by the soft lockup watchdog timer.\n\nDisable the interrupt enable bit in the i2c module before calling\ndevm_request_irq to fix this issue since the i2c relative status bit\nis read-only.\n\nHere is the soft lockup log.\n[ 28.176395] watchdog: BUG: soft lockup - CPU#0 stuck for 26s! [swapper/0:1]\n[ 28.183351] Modules linked in:\n[ 28.186407] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.15.120-yocto-s-dirty-bbebc78 #1\n[ 28.201174] pstate: 40000005 (nZcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 28.208128] pc : __do_softirq+0xb0/0x368\n[ 28.212055] lr : __do_softirq+0x70/0x368\n[ 28.215972] sp : ffffff8035ebca00\n[ 28.219278] x29: ffffff8035ebca00 x28: 0000000000000002 x27: ffffff80071a3780\n[ 28.226412] x26: ffffffc008bdc000 x25: ffffffc008bcc640 x24: ffffffc008be50c0\n[ 28.233546] x23: ffffffc00800200c x22: 0000000000000000 x21: 000000000000001b\n[ 28.240679] x20: 0000000000000000 x19: ffffff80001c3200 x18: ffffffffffffffff\n[ 28.247812] x17: ffffffc02d2e0000 x16: ffffff8035eb8b40 x15: 00001e8480000000\n[ 28.254945] x14: 02c3647e37dbfcb6 x13: 02c364f2ab14200c x12: 0000000002c364f2\n[ 28.262078] x11: 00000000fa83b2da x10: 000000000000b67e x9 : ffffffc008010250\n[ 28.269211] x8 : 000000009d983d00 x7 : 7fffffffffffffff x6 : 0000036d74732434\n[ 28.276344] x5 : 00ffffffffffffff x4 : 0000000000000015 x3 : 0000000000000198\n[ 28.283476] x2 : ffffffc02d2e0000 x1 : 00000000000000e0 x0 : ffffffc008bdcb40\n[ 28.290611] Call trace:\n[ 28.293052] __do_softirq+0xb0/0x368\n[ 28.296625] __irq_exit_rcu+0xe0/0x100\n[ 28.300374] irq_exit+0x14/0x20\n[ 28.303513] handle_domain_irq+0x68/0x90\n[ 28.307440] gic_handle_irq+0x78/0xb0\n[ 28.311098] call_on_irq_stack+0x20/0x38\n[ 28.315019] do_interrupt_handler+0x54/0x5c\n[ 28.319199] el1_interrupt+0x2c/0x4c\n[ 28.322777] el1h_64_irq_handler+0x14/0x20\n[ 28.326872] el1h_64_irq+0x74/0x78\n[ 28.330269] __setup_irq+0x454/0x780\n[ 28.333841] request_threaded_irq+0xd0/0x1b4\n[ 28.338107] devm_request_threaded_irq+0x84/0x100\n[ 28.342809] npcm_i2c_probe_bus+0x188/0x3d0\n[ 28.346990] platform_probe+0x6c/0xc4\n[ 28.350653] really_probe+0xcc/0x45c\n[ 28.354227] __driver_probe_device+0x8c/0x160\n[ 28.358578] driver_probe_device+0x44/0xe0\n[ 28.362670] __driver_attach+0x124/0x1d0\n[ 28.366589] bus_for_each_dev+0x7c/0xe0\n[ 28.370426] driver_attach+0x28/0x30\n[ 28.373997] bus_add_driver+0x124/0x240\n[ 28.377830] driver_register+0x7c/0x124\n[ 28.381662] __platform_driver_register+0x2c/0x34\n[ 28.386362] npcm_i2c_init+0x3c/0x5c\n[ 28.389937] do_one_initcall+0x74/0x230\n[ 28.393768] kernel_init_freeable+0x24c/0x2b4\n[ 28.398126] kernel_init+0x28/0x130\n[ 28.401614] ret_from_fork+0x10/0x20\n[ 28.405189] Kernel panic - not syncing: softlockup: hung tasks\n[ 28.411011] SMP: stopping secondary CPUs\n[ 28.414933] Kernel Offset: disabled\n[ 28.418412] CPU features: 0x00000000,00000802\n[ 28.427644] Rebooting in 20 seconds..",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21878",
"url": "https://www.suse.com/security/cve/CVE-2025-21878"
},
{
"category": "external",
"summary": "SUSE Bug 1240192 for CVE-2025-21878",
"url": "https://bugzilla.suse.com/1240192"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21878"
},
{
"cve": "CVE-2025-21881",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21881"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nuprobes: Reject the shared zeropage in uprobe_write_opcode()\n\nWe triggered the following crash in syzkaller tests:\n\n BUG: Bad page state in process syz.7.38 pfn:1eff3\n page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1eff3\n flags: 0x3fffff00004004(referenced|reserved|node=0|zone=1|lastcpupid=0x1fffff)\n raw: 003fffff00004004 ffffe6c6c07bfcc8 ffffe6c6c07bfcc8 0000000000000000\n raw: 0000000000000000 0000000000000000 00000000fffffffe 0000000000000000\n page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x32/0x50\n bad_page+0x69/0xf0\n free_unref_page_prepare+0x401/0x500\n free_unref_page+0x6d/0x1b0\n uprobe_write_opcode+0x460/0x8e0\n install_breakpoint.part.0+0x51/0x80\n register_for_each_vma+0x1d9/0x2b0\n __uprobe_register+0x245/0x300\n bpf_uprobe_multi_link_attach+0x29b/0x4f0\n link_create+0x1e2/0x280\n __sys_bpf+0x75f/0xac0\n __x64_sys_bpf+0x1a/0x30\n do_syscall_64+0x56/0x100\n entry_SYSCALL_64_after_hwframe+0x78/0xe2\n\n BUG: Bad rss-counter state mm:00000000452453e0 type:MM_FILEPAGES val:-1\n\nThe following syzkaller test case can be used to reproduce:\n\n r2 = creat(\u0026(0x7f0000000000)=\u0027./file0\\x00\u0027, 0x8)\n write$nbd(r2, \u0026(0x7f0000000580)=ANY=[], 0x10)\n r4 = openat(0xffffffffffffff9c, \u0026(0x7f0000000040)=\u0027./file0\\x00\u0027, 0x42, 0x0)\n mmap$IORING_OFF_SQ_RING(\u0026(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x12, r4, 0x0)\n r5 = userfaultfd(0x80801)\n ioctl$UFFDIO_API(r5, 0xc018aa3f, \u0026(0x7f0000000040)={0xaa, 0x20})\n r6 = userfaultfd(0x80801)\n ioctl$UFFDIO_API(r6, 0xc018aa3f, \u0026(0x7f0000000140))\n ioctl$UFFDIO_REGISTER(r6, 0xc020aa00, \u0026(0x7f0000000100)={{\u0026(0x7f0000ffc000/0x4000)=nil, 0x4000}, 0x2})\n ioctl$UFFDIO_ZEROPAGE(r5, 0xc020aa04, \u0026(0x7f0000000000)={{\u0026(0x7f0000ffd000/0x1000)=nil, 0x1000}})\n r7 = bpf$PROG_LOAD(0x5, \u0026(0x7f0000000140)={0x2, 0x3, \u0026(0x7f0000000200)=ANY=[@ANYBLOB=\"1800000000120000000000000000000095\"], \u0026(0x7f0000000000)=\u0027GPL\\x00\u0027, 0x7, 0x0, 0x0, 0x0, 0x0, \u0027\\x00\u0027, 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)\n bpf$BPF_LINK_CREATE_XDP(0x1c, \u0026(0x7f0000000040)={r7, 0x0, 0x30, 0x1e, @val=@uprobe_multi={\u0026(0x7f0000000080)=\u0027./file0\\x00\u0027, \u0026(0x7f0000000100)=[0x2], 0x0, 0x0, 0x1}}, 0x40)\n\nThe cause is that zero pfn is set to the PTE without increasing the RSS\ncount in mfill_atomic_pte_zeropage() and the refcount of zero folio does\nnot increase accordingly. Then, the operation on the same pfn is performed\nin uprobe_write_opcode()-\u003e__replace_page() to unconditional decrease the\nRSS count and old_folio\u0027s refcount.\n\nTherefore, two bugs are introduced:\n\n 1. The RSS count is incorrect, when process exit, the check_mm() report\n error \"Bad rss-count\".\n\n 2. The reserved folio (zero folio) is freed when folio-\u003erefcount is zero,\n then free_pages_prepare-\u003efree_page_is_bad() report error\n \"Bad page state\".\n\nThere is more, the following warning could also theoretically be triggered:\n\n __replace_page()\n -\u003e ...\n -\u003e folio_remove_rmap_pte()\n -\u003e VM_WARN_ON_FOLIO(is_zero_folio(folio), folio)\n\nConsidering that uprobe hit on the zero folio is a very rare case, just\nreject zero old folio immediately after get_user_page_vma_remote().\n\n[ mingo: Cleaned up the changelog ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21881",
"url": "https://www.suse.com/security/cve/CVE-2025-21881"
},
{
"category": "external",
"summary": "SUSE Bug 1240185 for CVE-2025-21881",
"url": "https://bugzilla.suse.com/1240185"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21881"
},
{
"cve": "CVE-2025-21883",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21883"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: Fix deinitializing VF in error path\n\nIf ice_ena_vfs() fails after calling ice_create_vf_entries(), it frees\nall VFs without removing them from snapshot PF-VF mailbox list, leading\nto list corruption.\n\nReproducer:\n devlink dev eswitch set $PF1_PCI mode switchdev\n ip l s $PF1 up\n ip l s $PF1 promisc on\n sleep 1\n echo 1 \u003e /sys/class/net/$PF1/device/sriov_numvfs\n sleep 1\n echo 1 \u003e /sys/class/net/$PF1/device/sriov_numvfs\n\nTrace (minimized):\n list_add corruption. next-\u003eprev should be prev (ffff8882e241c6f0), but was 0000000000000000. (next=ffff888455da1330).\n kernel BUG at lib/list_debug.c:29!\n RIP: 0010:__list_add_valid_or_report+0xa6/0x100\n ice_mbx_init_vf_info+0xa7/0x180 [ice]\n ice_initialize_vf_entry+0x1fa/0x250 [ice]\n ice_sriov_configure+0x8d7/0x1520 [ice]\n ? __percpu_ref_switch_mode+0x1b1/0x5d0\n ? __pfx_ice_sriov_configure+0x10/0x10 [ice]\n\nSometimes a KASAN report can be seen instead with a similar stack trace:\n BUG: KASAN: use-after-free in __list_add_valid_or_report+0xf1/0x100\n\nVFs are added to this list in ice_mbx_init_vf_info(), but only removed\nin ice_free_vfs(). Move the removing to ice_free_vf_entries(), which is\nalso being called in other places where VFs are being removed (including\nice_free_vfs() itself).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21883",
"url": "https://www.suse.com/security/cve/CVE-2025-21883"
},
{
"category": "external",
"summary": "SUSE Bug 1240189 for CVE-2025-21883",
"url": "https://bugzilla.suse.com/1240189"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21883"
},
{
"cve": "CVE-2025-21884",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21884"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: better track kernel sockets lifetime\n\nWhile kernel sockets are dismantled during pernet_operations-\u003eexit(),\ntheir freeing can be delayed by any tx packets still held in qdisc\nor device queues, due to skb_set_owner_w() prior calls.\n\nThis then trigger the following warning from ref_tracker_dir_exit() [1]\n\nTo fix this, make sure that kernel sockets own a reference on net-\u003epassive.\n\nAdd sk_net_refcnt_upgrade() helper, used whenever a kernel socket\nis converted to a refcounted one.\n\n[1]\n\n[ 136.263918][ T35] ref_tracker: net notrefcnt@ffff8880638f01e0 has 1/2 users at\n[ 136.263918][ T35] sk_alloc+0x2b3/0x370\n[ 136.263918][ T35] inet6_create+0x6ce/0x10f0\n[ 136.263918][ T35] __sock_create+0x4c0/0xa30\n[ 136.263918][ T35] inet_ctl_sock_create+0xc2/0x250\n[ 136.263918][ T35] igmp6_net_init+0x39/0x390\n[ 136.263918][ T35] ops_init+0x31e/0x590\n[ 136.263918][ T35] setup_net+0x287/0x9e0\n[ 136.263918][ T35] copy_net_ns+0x33f/0x570\n[ 136.263918][ T35] create_new_namespaces+0x425/0x7b0\n[ 136.263918][ T35] unshare_nsproxy_namespaces+0x124/0x180\n[ 136.263918][ T35] ksys_unshare+0x57d/0xa70\n[ 136.263918][ T35] __x64_sys_unshare+0x38/0x40\n[ 136.263918][ T35] do_syscall_64+0xf3/0x230\n[ 136.263918][ T35] entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[ 136.263918][ T35]\n[ 136.343488][ T35] ref_tracker: net notrefcnt@ffff8880638f01e0 has 1/2 users at\n[ 136.343488][ T35] sk_alloc+0x2b3/0x370\n[ 136.343488][ T35] inet6_create+0x6ce/0x10f0\n[ 136.343488][ T35] __sock_create+0x4c0/0xa30\n[ 136.343488][ T35] inet_ctl_sock_create+0xc2/0x250\n[ 136.343488][ T35] ndisc_net_init+0xa7/0x2b0\n[ 136.343488][ T35] ops_init+0x31e/0x590\n[ 136.343488][ T35] setup_net+0x287/0x9e0\n[ 136.343488][ T35] copy_net_ns+0x33f/0x570\n[ 136.343488][ T35] create_new_namespaces+0x425/0x7b0\n[ 136.343488][ T35] unshare_nsproxy_namespaces+0x124/0x180\n[ 136.343488][ T35] ksys_unshare+0x57d/0xa70\n[ 136.343488][ T35] __x64_sys_unshare+0x38/0x40\n[ 136.343488][ T35] do_syscall_64+0xf3/0x230\n[ 136.343488][ T35] entry_SYSCALL_64_after_hwframe+0x77/0x7f",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21884",
"url": "https://www.suse.com/security/cve/CVE-2025-21884"
},
{
"category": "external",
"summary": "SUSE Bug 1240171 for CVE-2025-21884",
"url": "https://bugzilla.suse.com/1240171"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21884"
},
{
"cve": "CVE-2025-21885",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21885"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/bnxt_re: Fix the page details for the srq created by kernel consumers\n\nWhile using nvme target with use_srq on, below kernel panic is noticed.\n\n[ 549.698111] bnxt_en 0000:41:00.0 enp65s0np0: FEC autoneg off encoding: Clause 91 RS(544,514)\n[ 566.393619] Oops: divide error: 0000 [#1] PREEMPT SMP NOPTI\n..\n[ 566.393799] \u003cTASK\u003e\n[ 566.393807] ? __die_body+0x1a/0x60\n[ 566.393823] ? die+0x38/0x60\n[ 566.393835] ? do_trap+0xe4/0x110\n[ 566.393847] ? bnxt_qplib_alloc_init_hwq+0x1d4/0x580 [bnxt_re]\n[ 566.393867] ? bnxt_qplib_alloc_init_hwq+0x1d4/0x580 [bnxt_re]\n[ 566.393881] ? do_error_trap+0x7c/0x120\n[ 566.393890] ? bnxt_qplib_alloc_init_hwq+0x1d4/0x580 [bnxt_re]\n[ 566.393911] ? exc_divide_error+0x34/0x50\n[ 566.393923] ? bnxt_qplib_alloc_init_hwq+0x1d4/0x580 [bnxt_re]\n[ 566.393939] ? asm_exc_divide_error+0x16/0x20\n[ 566.393966] ? bnxt_qplib_alloc_init_hwq+0x1d4/0x580 [bnxt_re]\n[ 566.393997] bnxt_qplib_create_srq+0xc9/0x340 [bnxt_re]\n[ 566.394040] bnxt_re_create_srq+0x335/0x3b0 [bnxt_re]\n[ 566.394057] ? srso_return_thunk+0x5/0x5f\n[ 566.394068] ? __init_swait_queue_head+0x4a/0x60\n[ 566.394090] ib_create_srq_user+0xa7/0x150 [ib_core]\n[ 566.394147] nvmet_rdma_queue_connect+0x7d0/0xbe0 [nvmet_rdma]\n[ 566.394174] ? lock_release+0x22c/0x3f0\n[ 566.394187] ? srso_return_thunk+0x5/0x5f\n\nPage size and shift info is set only for the user space SRQs.\nSet page size and page shift for kernel space SRQs also.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21885",
"url": "https://www.suse.com/security/cve/CVE-2025-21885"
},
{
"category": "external",
"summary": "SUSE Bug 1240169 for CVE-2025-21885",
"url": "https://bugzilla.suse.com/1240169"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21885"
},
{
"cve": "CVE-2025-21886",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21886"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mlx5: Fix implicit ODP hang on parent deregistration\n\nFix the destroy_unused_implicit_child_mr() to prevent hanging during\nparent deregistration as of below [1].\n\nUpon entering destroy_unused_implicit_child_mr(), the reference count\nfor the implicit MR parent is incremented using:\nrefcount_inc_not_zero().\n\nA corresponding decrement must be performed if\nfree_implicit_child_mr_work() is not called.\n\nThe code has been updated to properly manage the reference count that\nwas incremented.\n\n[1]\nINFO: task python3:2157 blocked for more than 120 seconds.\nNot tainted 6.12.0-rc7+ #1633\n\"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\ntask:python3 state:D stack:0 pid:2157 tgid:2157 ppid:1685 flags:0x00000000\nCall Trace:\n\u003cTASK\u003e\n__schedule+0x420/0xd30\nschedule+0x47/0x130\n__mlx5_ib_dereg_mr+0x379/0x5d0 [mlx5_ib]\n? __pfx_autoremove_wake_function+0x10/0x10\nib_dereg_mr_user+0x5f/0x120 [ib_core]\n? lock_release+0xc6/0x280\ndestroy_hw_idr_uobject+0x1d/0x60 [ib_uverbs]\nuverbs_destroy_uobject+0x58/0x1d0 [ib_uverbs]\nuobj_destroy+0x3f/0x70 [ib_uverbs]\nib_uverbs_cmd_verbs+0x3e4/0xbb0 [ib_uverbs]\n? __pfx_uverbs_destroy_def_handler+0x10/0x10 [ib_uverbs]\n? lock_acquire+0xc1/0x2f0\n? ib_uverbs_ioctl+0xcb/0x170 [ib_uverbs]\n? ib_uverbs_ioctl+0x116/0x170 [ib_uverbs]\n? lock_release+0xc6/0x280\nib_uverbs_ioctl+0xe7/0x170 [ib_uverbs]\n? ib_uverbs_ioctl+0xcb/0x170 [ib_uverbs]\n __x64_sys_ioctl+0x1b0/0xa70\n? kmem_cache_free+0x221/0x400\ndo_syscall_64+0x6b/0x140\nentry_SYSCALL_64_after_hwframe+0x76/0x7e\nRIP: 0033:0x7f20f21f017b\nRSP: 002b:00007ffcfc4a77c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\nRAX: ffffffffffffffda RBX: 00007ffcfc4a78d8 RCX: 00007f20f21f017b\nRDX: 00007ffcfc4a78c0 RSI: 00000000c0181b01 RDI: 0000000000000003\nRBP: 00007ffcfc4a78a0 R08: 000056147d125190 R09: 00007f20f1f14c60\nR10: 0000000000000001 R11: 0000000000000246 R12: 00007ffcfc4a7890\nR13: 000000000000001c R14: 000056147d100fc0 R15: 00007f20e365c9d0\n\u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21886",
"url": "https://www.suse.com/security/cve/CVE-2025-21886"
},
{
"category": "external",
"summary": "SUSE Bug 1240188 for CVE-2025-21886",
"url": "https://bugzilla.suse.com/1240188"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21886"
},
{
"cve": "CVE-2025-21887",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21887"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\novl: fix UAF in ovl_dentry_update_reval by moving dput() in ovl_link_up\n\nThe issue was caused by dput(upper) being called before\novl_dentry_update_reval(), while upper-\u003ed_flags was still\naccessed in ovl_dentry_remote().\n\nMove dput(upper) after its last use to prevent use-after-free.\n\nBUG: KASAN: slab-use-after-free in ovl_dentry_remote fs/overlayfs/util.c:162 [inline]\nBUG: KASAN: slab-use-after-free in ovl_dentry_update_reval+0xd2/0xf0 fs/overlayfs/util.c:167\n\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:114\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0xc3/0x620 mm/kasan/report.c:488\n kasan_report+0xd9/0x110 mm/kasan/report.c:601\n ovl_dentry_remote fs/overlayfs/util.c:162 [inline]\n ovl_dentry_update_reval+0xd2/0xf0 fs/overlayfs/util.c:167\n ovl_link_up fs/overlayfs/copy_up.c:610 [inline]\n ovl_copy_up_one+0x2105/0x3490 fs/overlayfs/copy_up.c:1170\n ovl_copy_up_flags+0x18d/0x200 fs/overlayfs/copy_up.c:1223\n ovl_rename+0x39e/0x18c0 fs/overlayfs/dir.c:1136\n vfs_rename+0xf84/0x20a0 fs/namei.c:4893\n...\n \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21887",
"url": "https://www.suse.com/security/cve/CVE-2025-21887"
},
{
"category": "external",
"summary": "SUSE Bug 1240176 for CVE-2025-21887",
"url": "https://bugzilla.suse.com/1240176"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21887"
},
{
"cve": "CVE-2025-21888",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21888"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mlx5: Fix a WARN during dereg_mr for DM type\n\nMemory regions (MR) of type DM (device memory) do not have an associated\numem.\n\nIn the __mlx5_ib_dereg_mr() -\u003e mlx5_free_priv_descs() flow, the code\nincorrectly takes the wrong branch, attempting to call\ndma_unmap_single() on a DMA address that is not mapped.\n\nThis results in a WARN [1], as shown below.\n\nThe issue is resolved by properly accounting for the DM type and\nensuring the correct branch is selected in mlx5_free_priv_descs().\n\n[1]\nWARNING: CPU: 12 PID: 1346 at drivers/iommu/dma-iommu.c:1230 iommu_dma_unmap_page+0x79/0x90\nModules linked in: ip6table_mangle ip6table_nat ip6table_filter ip6_tables iptable_mangle xt_conntrack xt_MASQUERADE nf_conntrack_netlink nfnetlink xt_addrtype iptable_nat nf_nat br_netfilter rpcsec_gss_krb5 auth_rpcgss oid_registry ovelay rpcrdma rdma_ucm ib_iser libiscsi scsi_transport_iscsi ib_umad rdma_cm ib_ipoib iw_cm ib_cm mlx5_ib ib_uverbs ib_core fuse mlx5_core\nCPU: 12 UID: 0 PID: 1346 Comm: ibv_rc_pingpong Not tainted 6.12.0-rc7+ #1631\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\nRIP: 0010:iommu_dma_unmap_page+0x79/0x90\nCode: 2b 49 3b 29 72 26 49 3b 69 08 73 20 4d 89 f0 44 89 e9 4c 89 e2 48 89 ee 48 89 df 5b 5d 41 5c 41 5d 41 5e 41 5f e9 07 b8 88 ff \u003c0f\u003e 0b 5b 5d 41 5c 41 5d 41 5e 41 5f c3 cc cc cc cc 66 0f 1f 44 00\nRSP: 0018:ffffc90001913a10 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: ffff88810194b0a8 RCX: 0000000000000000\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001\nRBP: ffff88810194b0a8 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000000\nR13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000000\nFS: 00007f537abdd740(0000) GS:ffff88885fb00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f537aeb8000 CR3: 000000010c248001 CR4: 0000000000372eb0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n\u003cTASK\u003e\n? __warn+0x84/0x190\n? iommu_dma_unmap_page+0x79/0x90\n? report_bug+0xf8/0x1c0\n? handle_bug+0x55/0x90\n? exc_invalid_op+0x13/0x60\n? asm_exc_invalid_op+0x16/0x20\n? iommu_dma_unmap_page+0x79/0x90\ndma_unmap_page_attrs+0xe6/0x290\nmlx5_free_priv_descs+0xb0/0xe0 [mlx5_ib]\n__mlx5_ib_dereg_mr+0x37e/0x520 [mlx5_ib]\n? _raw_spin_unlock_irq+0x24/0x40\n? wait_for_completion+0xfe/0x130\n? rdma_restrack_put+0x63/0xe0 [ib_core]\nib_dereg_mr_user+0x5f/0x120 [ib_core]\n? lock_release+0xc6/0x280\ndestroy_hw_idr_uobject+0x1d/0x60 [ib_uverbs]\nuverbs_destroy_uobject+0x58/0x1d0 [ib_uverbs]\nuobj_destroy+0x3f/0x70 [ib_uverbs]\nib_uverbs_cmd_verbs+0x3e4/0xbb0 [ib_uverbs]\n? __pfx_uverbs_destroy_def_handler+0x10/0x10 [ib_uverbs]\n? lock_acquire+0xc1/0x2f0\n? ib_uverbs_ioctl+0xcb/0x170 [ib_uverbs]\n? ib_uverbs_ioctl+0x116/0x170 [ib_uverbs]\n? lock_release+0xc6/0x280\nib_uverbs_ioctl+0xe7/0x170 [ib_uverbs]\n? ib_uverbs_ioctl+0xcb/0x170 [ib_uverbs]\n__x64_sys_ioctl+0x1b0/0xa70\ndo_syscall_64+0x6b/0x140\nentry_SYSCALL_64_after_hwframe+0x76/0x7e\nRIP: 0033:0x7f537adaf17b\nCode: 0f 1e fa 48 8b 05 1d ad 0c 00 64 c7 00 26 00 00 00 48 c7 c0 ff ff ff ff c3 66 0f 1f 44 00 00 f3 0f 1e fa b8 10 00 00 00 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 0d ed ac 0c 00 f7 d8 64 89 01 48\nRSP: 002b:00007ffff218f0b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\nRAX: ffffffffffffffda RBX: 00007ffff218f1d8 RCX: 00007f537adaf17b\nRDX: 00007ffff218f1c0 RSI: 00000000c0181b01 RDI: 0000000000000003\nRBP: 00007ffff218f1a0 R08: 00007f537aa8d010 R09: 0000561ee2e4f270\nR10: 00007f537aace3a8 R11: 0000000000000246 R12: 00007ffff218f190\nR13: 000000000000001c R14: 0000561ee2e4d7c0 R15: 00007ffff218f450\n\u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21888",
"url": "https://www.suse.com/security/cve/CVE-2025-21888"
},
{
"category": "external",
"summary": "SUSE Bug 1240177 for CVE-2025-21888",
"url": "https://bugzilla.suse.com/1240177"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21888"
},
{
"cve": "CVE-2025-21889",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21889"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf/core: Add RCU read lock protection to perf_iterate_ctx()\n\nThe perf_iterate_ctx() function performs RCU list traversal but\ncurrently lacks RCU read lock protection. This causes lockdep warnings\nwhen running perf probe with unshare(1) under CONFIG_PROVE_RCU_LIST=y:\n\n\tWARNING: suspicious RCU usage\n\tkernel/events/core.c:8168 RCU-list traversed in non-reader section!!\n\n\t Call Trace:\n\t lockdep_rcu_suspicious\n\t ? perf_event_addr_filters_apply\n\t perf_iterate_ctx\n\t perf_event_exec\n\t begin_new_exec\n\t ? load_elf_phdrs\n\t load_elf_binary\n\t ? lock_acquire\n\t ? find_held_lock\n\t ? bprm_execve\n\t bprm_execve\n\t do_execveat_common.isra.0\n\t __x64_sys_execve\n\t do_syscall_64\n\t entry_SYSCALL_64_after_hwframe\n\nThis protection was previously present but was removed in commit\nbd2756811766 (\"perf: Rewrite core context handling\"). Add back the\nnecessary rcu_read_lock()/rcu_read_unlock() pair around\nperf_iterate_ctx() call in perf_event_exec().\n\n[ mingo: Use scoped_guard() as suggested by Peter ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21889",
"url": "https://www.suse.com/security/cve/CVE-2025-21889"
},
{
"category": "external",
"summary": "SUSE Bug 1240167 for CVE-2025-21889",
"url": "https://bugzilla.suse.com/1240167"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21889"
},
{
"cve": "CVE-2025-21890",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21890"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nidpf: fix checksums set in idpf_rx_rsc()\n\nidpf_rx_rsc() uses skb_transport_offset(skb) while the transport header\nis not set yet.\n\nThis triggers the following warning for CONFIG_DEBUG_NET=y builds.\n\nDEBUG_NET_WARN_ON_ONCE(!skb_transport_header_was_set(skb))\n\n[ 69.261620] WARNING: CPU: 7 PID: 0 at ./include/linux/skbuff.h:3020 idpf_vport_splitq_napi_poll (include/linux/skbuff.h:3020) idpf\n[ 69.261629] Modules linked in: vfat fat dummy bridge intel_uncore_frequency_tpmi intel_uncore_frequency_common intel_vsec_tpmi idpf intel_vsec cdc_ncm cdc_eem cdc_ether usbnet mii xhci_pci xhci_hcd ehci_pci ehci_hcd libeth\n[ 69.261644] CPU: 7 UID: 0 PID: 0 Comm: swapper/7 Tainted: G S W 6.14.0-smp-DEV #1697\n[ 69.261648] Tainted: [S]=CPU_OUT_OF_SPEC, [W]=WARN\n[ 69.261650] RIP: 0010:idpf_vport_splitq_napi_poll (include/linux/skbuff.h:3020) idpf\n[ 69.261677] ? __warn (kernel/panic.c:242 kernel/panic.c:748)\n[ 69.261682] ? idpf_vport_splitq_napi_poll (include/linux/skbuff.h:3020) idpf\n[ 69.261687] ? report_bug (lib/bug.c:?)\n[ 69.261690] ? handle_bug (arch/x86/kernel/traps.c:285)\n[ 69.261694] ? exc_invalid_op (arch/x86/kernel/traps.c:309)\n[ 69.261697] ? asm_exc_invalid_op (arch/x86/include/asm/idtentry.h:621)\n[ 69.261700] ? __pfx_idpf_vport_splitq_napi_poll (drivers/net/ethernet/intel/idpf/idpf_txrx.c:4011) idpf\n[ 69.261704] ? idpf_vport_splitq_napi_poll (include/linux/skbuff.h:3020) idpf\n[ 69.261708] ? idpf_vport_splitq_napi_poll (drivers/net/ethernet/intel/idpf/idpf_txrx.c:3072) idpf\n[ 69.261712] __napi_poll (net/core/dev.c:7194)\n[ 69.261716] net_rx_action (net/core/dev.c:7265)\n[ 69.261718] ? __qdisc_run (net/sched/sch_generic.c:293)\n[ 69.261721] ? sched_clock (arch/x86/include/asm/preempt.h:84 arch/x86/kernel/tsc.c:288)\n[ 69.261726] handle_softirqs (kernel/softirq.c:561)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21890",
"url": "https://www.suse.com/security/cve/CVE-2025-21890"
},
{
"category": "external",
"summary": "SUSE Bug 1240173 for CVE-2025-21890",
"url": "https://bugzilla.suse.com/1240173"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21890"
},
{
"cve": "CVE-2025-21891",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21891"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipvlan: ensure network headers are in skb linear part\n\nsyzbot found that ipvlan_process_v6_outbound() was assuming\nthe IPv6 network header isis present in skb-\u003ehead [1]\n\nAdd the needed pskb_network_may_pull() calls for both\nIPv4 and IPv6 handlers.\n\n[1]\nBUG: KMSAN: uninit-value in __ipv6_addr_type+0xa2/0x490 net/ipv6/addrconf_core.c:47\n __ipv6_addr_type+0xa2/0x490 net/ipv6/addrconf_core.c:47\n ipv6_addr_type include/net/ipv6.h:555 [inline]\n ip6_route_output_flags_noref net/ipv6/route.c:2616 [inline]\n ip6_route_output_flags+0x51/0x720 net/ipv6/route.c:2651\n ip6_route_output include/net/ip6_route.h:93 [inline]\n ipvlan_route_v6_outbound+0x24e/0x520 drivers/net/ipvlan/ipvlan_core.c:476\n ipvlan_process_v6_outbound drivers/net/ipvlan/ipvlan_core.c:491 [inline]\n ipvlan_process_outbound drivers/net/ipvlan/ipvlan_core.c:541 [inline]\n ipvlan_xmit_mode_l3 drivers/net/ipvlan/ipvlan_core.c:605 [inline]\n ipvlan_queue_xmit+0xd72/0x1780 drivers/net/ipvlan/ipvlan_core.c:671\n ipvlan_start_xmit+0x5b/0x210 drivers/net/ipvlan/ipvlan_main.c:223\n __netdev_start_xmit include/linux/netdevice.h:5150 [inline]\n netdev_start_xmit include/linux/netdevice.h:5159 [inline]\n xmit_one net/core/dev.c:3735 [inline]\n dev_hard_start_xmit+0x247/0xa20 net/core/dev.c:3751\n sch_direct_xmit+0x399/0xd40 net/sched/sch_generic.c:343\n qdisc_restart net/sched/sch_generic.c:408 [inline]\n __qdisc_run+0x14da/0x35d0 net/sched/sch_generic.c:416\n qdisc_run+0x141/0x4d0 include/net/pkt_sched.h:127\n net_tx_action+0x78b/0x940 net/core/dev.c:5484\n handle_softirqs+0x1a0/0x7c0 kernel/softirq.c:561\n __do_softirq+0x14/0x1a kernel/softirq.c:595\n do_softirq+0x9a/0x100 kernel/softirq.c:462\n __local_bh_enable_ip+0x9f/0xb0 kernel/softirq.c:389\n local_bh_enable include/linux/bottom_half.h:33 [inline]\n rcu_read_unlock_bh include/linux/rcupdate.h:919 [inline]\n __dev_queue_xmit+0x2758/0x57d0 net/core/dev.c:4611\n dev_queue_xmit include/linux/netdevice.h:3311 [inline]\n packet_xmit+0x9c/0x6c0 net/packet/af_packet.c:276\n packet_snd net/packet/af_packet.c:3132 [inline]\n packet_sendmsg+0x93e0/0xa7e0 net/packet/af_packet.c:3164\n sock_sendmsg_nosec net/socket.c:718 [inline]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21891",
"url": "https://www.suse.com/security/cve/CVE-2025-21891"
},
{
"category": "external",
"summary": "SUSE Bug 1240186 for CVE-2025-21891",
"url": "https://bugzilla.suse.com/1240186"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21891"
},
{
"cve": "CVE-2025-21892",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21892"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mlx5: Fix the recovery flow of the UMR QP\n\nThis patch addresses an issue in the recovery flow of the UMR QP,\nensuring tasks do not get stuck, as highlighted by the call trace [1].\n\nDuring recovery, before transitioning the QP to the RESET state, the\nsoftware must wait for all outstanding WRs to complete.\n\nFailing to do so can cause the firmware to skip sending some flushed\nCQEs with errors and simply discard them upon the RESET, as per the IB\nspecification.\n\nThis race condition can result in lost CQEs and tasks becoming stuck.\n\nTo resolve this, the patch sends a final WR which serves only as a\nbarrier before moving the QP state to RESET.\n\nOnce a CQE is received for that final WR, it guarantees that no\noutstanding WRs remain, making it safe to transition the QP to RESET and\nsubsequently back to RTS, restoring proper functionality.\n\nNote:\nFor the barrier WR, we simply reuse the failed and ready WR.\nSince the QP is in an error state, it will only receive\nIB_WC_WR_FLUSH_ERR. However, as it serves only as a barrier we don\u0027t\ncare about its status.\n\n[1]\nINFO: task rdma_resource_l:1922 blocked for more than 120 seconds.\nTainted: G W 6.12.0-rc7+ #1626\n\"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\ntask:rdma_resource_l state:D stack:0 pid:1922 tgid:1922 ppid:1369\n flags:0x00004004\nCall Trace:\n\u003cTASK\u003e\n__schedule+0x420/0xd30\nschedule+0x47/0x130\nschedule_timeout+0x280/0x300\n? mark_held_locks+0x48/0x80\n? lockdep_hardirqs_on_prepare+0xe5/0x1a0\nwait_for_completion+0x75/0x130\nmlx5r_umr_post_send_wait+0x3c2/0x5b0 [mlx5_ib]\n? __pfx_mlx5r_umr_done+0x10/0x10 [mlx5_ib]\nmlx5r_umr_revoke_mr+0x93/0xc0 [mlx5_ib]\n__mlx5_ib_dereg_mr+0x299/0x520 [mlx5_ib]\n? _raw_spin_unlock_irq+0x24/0x40\n? wait_for_completion+0xfe/0x130\n? rdma_restrack_put+0x63/0xe0 [ib_core]\nib_dereg_mr_user+0x5f/0x120 [ib_core]\n? lock_release+0xc6/0x280\ndestroy_hw_idr_uobject+0x1d/0x60 [ib_uverbs]\nuverbs_destroy_uobject+0x58/0x1d0 [ib_uverbs]\nuobj_destroy+0x3f/0x70 [ib_uverbs]\nib_uverbs_cmd_verbs+0x3e4/0xbb0 [ib_uverbs]\n? __pfx_uverbs_destroy_def_handler+0x10/0x10 [ib_uverbs]\n? __lock_acquire+0x64e/0x2080\n? mark_held_locks+0x48/0x80\n? find_held_lock+0x2d/0xa0\n? lock_acquire+0xc1/0x2f0\n? ib_uverbs_ioctl+0xcb/0x170 [ib_uverbs]\n? __fget_files+0xc3/0x1b0\nib_uverbs_ioctl+0xe7/0x170 [ib_uverbs]\n? ib_uverbs_ioctl+0xcb/0x170 [ib_uverbs]\n__x64_sys_ioctl+0x1b0/0xa70\ndo_syscall_64+0x6b/0x140\nentry_SYSCALL_64_after_hwframe+0x76/0x7e\nRIP: 0033:0x7f99c918b17b\nRSP: 002b:00007ffc766d0468 EFLAGS: 00000246 ORIG_RAX:\n 0000000000000010\nRAX: ffffffffffffffda RBX: 00007ffc766d0578 RCX:\n 00007f99c918b17b\nRDX: 00007ffc766d0560 RSI: 00000000c0181b01 RDI:\n 0000000000000003\nRBP: 00007ffc766d0540 R08: 00007f99c8f99010 R09:\n 000000000000bd7e\nR10: 00007f99c94c1c70 R11: 0000000000000246 R12:\n 00007ffc766d0530\nR13: 000000000000001c R14: 0000000040246a80 R15:\n 0000000000000000\n\u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21892",
"url": "https://www.suse.com/security/cve/CVE-2025-21892"
},
{
"category": "external",
"summary": "SUSE Bug 1240175 for CVE-2025-21892",
"url": "https://bugzilla.suse.com/1240175"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21892"
},
{
"cve": "CVE-2025-21894",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21894"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: enetc: VFs do not support HWTSTAMP_TX_ONESTEP_SYNC\n\nActually ENETC VFs do not support HWTSTAMP_TX_ONESTEP_SYNC because only\nENETC PF can access PMa_SINGLE_STEP registers. And there will be a crash\nif VFs are used to test one-step timestamp, the crash log as follows.\n\n[ 129.110909] Unable to handle kernel paging request at virtual address 00000000000080c0\n[ 129.287769] Call trace:\n[ 129.290219] enetc_port_mac_wr+0x30/0xec (P)\n[ 129.294504] enetc_start_xmit+0xda4/0xe74\n[ 129.298525] enetc_xmit+0x70/0xec\n[ 129.301848] dev_hard_start_xmit+0x98/0x118",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21894",
"url": "https://www.suse.com/security/cve/CVE-2025-21894"
},
{
"category": "external",
"summary": "SUSE Bug 1240581 for CVE-2025-21894",
"url": "https://bugzilla.suse.com/1240581"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21894"
},
{
"cve": "CVE-2025-21895",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21895"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf/core: Order the PMU list to fix warning about unordered pmu_ctx_list\n\nSyskaller triggers a warning due to prev_epc-\u003epmu != next_epc-\u003epmu in\nperf_event_swap_task_ctx_data(). vmcore shows that two lists have the same\nperf_event_pmu_context, but not in the same order.\n\nThe problem is that the order of pmu_ctx_list for the parent is impacted by\nthe time when an event/PMU is added. While the order for a child is\nimpacted by the event order in the pinned_groups and flexible_groups. So\nthe order of pmu_ctx_list in the parent and child may be different.\n\nTo fix this problem, insert the perf_event_pmu_context to its proper place\nafter iteration of the pmu_ctx_list.\n\nThe follow testcase can trigger above warning:\n\n # perf record -e cycles --call-graph lbr -- taskset -c 3 ./a.out \u0026\n # perf stat -e cpu-clock,cs -p xxx // xxx is the pid of a.out\n\n test.c\n\n void main() {\n int count = 0;\n pid_t pid;\n\n printf(\"%d running\\n\", getpid());\n sleep(30);\n printf(\"running\\n\");\n\n pid = fork();\n if (pid == -1) {\n printf(\"fork error\\n\");\n return;\n }\n if (pid == 0) {\n while (1) {\n count++;\n }\n } else {\n while (1) {\n count++;\n }\n }\n }\n\nThe testcase first opens an LBR event, so it will allocate task_ctx_data,\nand then open tracepoint and software events, so the parent context will\nhave 3 different perf_event_pmu_contexts. On inheritance, child ctx will\ninsert the perf_event_pmu_context in another order and the warning will\ntrigger.\n\n[ mingo: Tidied up the changelog. ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21895",
"url": "https://www.suse.com/security/cve/CVE-2025-21895"
},
{
"category": "external",
"summary": "SUSE Bug 1240585 for CVE-2025-21895",
"url": "https://bugzilla.suse.com/1240585"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21895"
},
{
"cve": "CVE-2025-21905",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21905"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: limit printed string from FW file\n\nThere\u0027s no guarantee here that the file is always with a\nNUL-termination, so reading the string may read beyond the\nend of the TLV. If that\u0027s the last TLV in the file, it can\nperhaps even read beyond the end of the file buffer.\n\nFix that by limiting the print format to the size of the\nbuffer we have.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21905",
"url": "https://www.suse.com/security/cve/CVE-2025-21905"
},
{
"category": "external",
"summary": "SUSE Bug 1240575 for CVE-2025-21905",
"url": "https://bugzilla.suse.com/1240575"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21905"
},
{
"cve": "CVE-2025-21906",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21906"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: clean up ROC on failure\n\nIf the firmware fails to start the session protection, then we\ndo call iwl_mvm_roc_finished() here, but that won\u0027t do anything\nat all because IWL_MVM_STATUS_ROC_P2P_RUNNING was never set.\nSet IWL_MVM_STATUS_ROC_P2P_RUNNING in the failure/stop path.\nIf it started successfully before, it\u0027s already set, so that\ndoesn\u0027t matter, and if it didn\u0027t start it needs to be set to\nclean up.\n\nNot doing so will lead to a WARN_ON() later on a fresh remain-\non-channel, since the link is already active when activated as\nit was never deactivated.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21906",
"url": "https://www.suse.com/security/cve/CVE-2025-21906"
},
{
"category": "external",
"summary": "SUSE Bug 1240587 for CVE-2025-21906",
"url": "https://bugzilla.suse.com/1240587"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21906"
},
{
"cve": "CVE-2025-21908",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21908"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFS: fix nfs_release_folio() to not deadlock via kcompactd writeback\n\nAdd PF_KCOMPACTD flag and current_is_kcompactd() helper to check for it so\nnfs_release_folio() can skip calling nfs_wb_folio() from kcompactd.\n\nOtherwise NFS can deadlock waiting for kcompactd enduced writeback which\nrecurses back to NFS (which triggers writeback to NFSD via NFS loopback\nmount on the same host, NFSD blocks waiting for XFS\u0027s call to\n__filemap_get_folio):\n\n6070.550357] INFO: task kcompactd0:58 blocked for more than 4435 seconds.\n\n{---\n[58] \"kcompactd0\"\n[\u003c0\u003e] folio_wait_bit+0xe8/0x200\n[\u003c0\u003e] folio_wait_writeback+0x2b/0x80\n[\u003c0\u003e] nfs_wb_folio+0x80/0x1b0 [nfs]\n[\u003c0\u003e] nfs_release_folio+0x68/0x130 [nfs]\n[\u003c0\u003e] split_huge_page_to_list_to_order+0x362/0x840\n[\u003c0\u003e] migrate_pages_batch+0x43d/0xb90\n[\u003c0\u003e] migrate_pages_sync+0x9a/0x240\n[\u003c0\u003e] migrate_pages+0x93c/0x9f0\n[\u003c0\u003e] compact_zone+0x8e2/0x1030\n[\u003c0\u003e] compact_node+0xdb/0x120\n[\u003c0\u003e] kcompactd+0x121/0x2e0\n[\u003c0\u003e] kthread+0xcf/0x100\n[\u003c0\u003e] ret_from_fork+0x31/0x40\n[\u003c0\u003e] ret_from_fork_asm+0x1a/0x30\n---}\n\n[akpm@linux-foundation.org: fix build]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21908",
"url": "https://www.suse.com/security/cve/CVE-2025-21908"
},
{
"category": "external",
"summary": "SUSE Bug 1240600 for CVE-2025-21908",
"url": "https://bugzilla.suse.com/1240600"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21908"
},
{
"cve": "CVE-2025-21909",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21909"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: nl80211: reject cooked mode if it is set along with other flags\n\nIt is possible to set both MONITOR_FLAG_COOK_FRAMES and MONITOR_FLAG_ACTIVE\nflags simultaneously on the same monitor interface from the userspace. This\ncauses a sub-interface to be created with no IEEE80211_SDATA_IN_DRIVER bit\nset because the monitor interface is in the cooked state and it takes\nprecedence over all other states. When the interface is then being deleted\nthe kernel calls WARN_ONCE() from check_sdata_in_driver() because of missing\nthat bit.\n\nFix this by rejecting MONITOR_FLAG_COOK_FRAMES if it is set along with\nother flags.\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21909",
"url": "https://www.suse.com/security/cve/CVE-2025-21909"
},
{
"category": "external",
"summary": "SUSE Bug 1240590 for CVE-2025-21909",
"url": "https://bugzilla.suse.com/1240590"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21909"
},
{
"cve": "CVE-2025-21910",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21910"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: cfg80211: regulatory: improve invalid hints checking\n\nSyzbot keeps reporting an issue [1] that occurs when erroneous symbols\nsent from userspace get through into user_alpha2[] via\nregulatory_hint_user() call. Such invalid regulatory hints should be\nrejected.\n\nWhile a sanity check from commit 47caf685a685 (\"cfg80211: regulatory:\nreject invalid hints\") looks to be enough to deter these very cases,\nthere is a way to get around it due to 2 reasons.\n\n1) The way isalpha() works, symbols other than latin lower and\nupper letters may be used to determine a country/domain.\nFor instance, greek letters will also be considered upper/lower\nletters and for such characters isalpha() will return true as well.\nHowever, ISO-3166-1 alpha2 codes should only hold latin\ncharacters.\n\n2) While processing a user regulatory request, between\nreg_process_hint_user() and regulatory_hint_user() there happens to\nbe a call to queue_regulatory_request() which modifies letters in\nrequest-\u003ealpha2[] with toupper(). This works fine for latin symbols,\nless so for weird letter characters from the second part of _ctype[].\n\nSyzbot triggers a warning in is_user_regdom_saved() by first sending\nover an unexpected non-latin letter that gets malformed by toupper()\ninto a character that ends up failing isalpha() check.\n\nPrevent this by enhancing is_an_alpha2() to ensure that incoming\nsymbols are latin letters and nothing else.\n\n[1] Syzbot report:\n------------[ cut here ]------------\nUnexpected user alpha2: A\ufffd\nWARNING: CPU: 1 PID: 964 at net/wireless/reg.c:442 is_user_regdom_saved net/wireless/reg.c:440 [inline]\nWARNING: CPU: 1 PID: 964 at net/wireless/reg.c:442 restore_alpha2 net/wireless/reg.c:3424 [inline]\nWARNING: CPU: 1 PID: 964 at net/wireless/reg.c:442 restore_regulatory_settings+0x3c0/0x1e50 net/wireless/reg.c:3516\nModules linked in:\nCPU: 1 UID: 0 PID: 964 Comm: kworker/1:2 Not tainted 6.12.0-rc5-syzkaller-00044-gc1e939a21eb1 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nWorkqueue: events_power_efficient crda_timeout_work\nRIP: 0010:is_user_regdom_saved net/wireless/reg.c:440 [inline]\nRIP: 0010:restore_alpha2 net/wireless/reg.c:3424 [inline]\nRIP: 0010:restore_regulatory_settings+0x3c0/0x1e50 net/wireless/reg.c:3516\n...\nCall Trace:\n \u003cTASK\u003e\n crda_timeout_work+0x27/0x50 net/wireless/reg.c:542\n process_one_work kernel/workqueue.c:3229 [inline]\n process_scheduled_works+0xa65/0x1850 kernel/workqueue.c:3310\n worker_thread+0x870/0xd30 kernel/workqueue.c:3391\n kthread+0x2f2/0x390 kernel/kthread.c:389\n ret_from_fork+0x4d/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21910",
"url": "https://www.suse.com/security/cve/CVE-2025-21910"
},
{
"category": "external",
"summary": "SUSE Bug 1240583 for CVE-2025-21910",
"url": "https://bugzilla.suse.com/1240583"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21910"
},
{
"cve": "CVE-2025-21912",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21912"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpio: rcar: Use raw_spinlock to protect register access\n\nUse raw_spinlock in order to fix spurious messages about invalid context\nwhen spinlock debugging is enabled. The lock is only used to serialize\nregister access.\n\n [ 4.239592] =============================\n [ 4.239595] [ BUG: Invalid wait context ]\n [ 4.239599] 6.13.0-rc7-arm64-renesas-05496-gd088502a519f #35 Not tainted\n [ 4.239603] -----------------------------\n [ 4.239606] kworker/u8:5/76 is trying to lock:\n [ 4.239609] ffff0000091898a0 (\u0026p-\u003elock){....}-{3:3}, at: gpio_rcar_config_interrupt_input_mode+0x34/0x164\n [ 4.239641] other info that might help us debug this:\n [ 4.239643] context-{5:5}\n [ 4.239646] 5 locks held by kworker/u8:5/76:\n [ 4.239651] #0: ffff0000080fb148 ((wq_completion)async){+.+.}-{0:0}, at: process_one_work+0x190/0x62c\n [ 4.250180] OF: /soc/sound@ec500000/ports/port@0/endpoint: Read of boolean property \u0027frame-master\u0027 with a value.\n [ 4.254094] #1: ffff80008299bd80 ((work_completion)(\u0026entry-\u003ework)){+.+.}-{0:0}, at: process_one_work+0x1b8/0x62c\n [ 4.254109] #2: ffff00000920c8f8\n [ 4.258345] OF: /soc/sound@ec500000/ports/port@1/endpoint: Read of boolean property \u0027bitclock-master\u0027 with a value.\n [ 4.264803] (\u0026dev-\u003emutex){....}-{4:4}, at: __device_attach_async_helper+0x3c/0xdc\n [ 4.264820] #3: ffff00000a50ca40 (request_class#2){+.+.}-{4:4}, at: __setup_irq+0xa0/0x690\n [ 4.264840] #4:\n [ 4.268872] OF: /soc/sound@ec500000/ports/port@1/endpoint: Read of boolean property \u0027frame-master\u0027 with a value.\n [ 4.273275] ffff00000a50c8c8 (lock_class){....}-{2:2}, at: __setup_irq+0xc4/0x690\n [ 4.296130] renesas_sdhi_internal_dmac ee100000.mmc: mmc1 base at 0x00000000ee100000, max clock rate 200 MHz\n [ 4.304082] stack backtrace:\n [ 4.304086] CPU: 1 UID: 0 PID: 76 Comm: kworker/u8:5 Not tainted 6.13.0-rc7-arm64-renesas-05496-gd088502a519f #35\n [ 4.304092] Hardware name: Renesas Salvator-X 2nd version board based on r8a77965 (DT)\n [ 4.304097] Workqueue: async async_run_entry_fn\n [ 4.304106] Call trace:\n [ 4.304110] show_stack+0x14/0x20 (C)\n [ 4.304122] dump_stack_lvl+0x6c/0x90\n [ 4.304131] dump_stack+0x14/0x1c\n [ 4.304138] __lock_acquire+0xdfc/0x1584\n [ 4.426274] lock_acquire+0x1c4/0x33c\n [ 4.429942] _raw_spin_lock_irqsave+0x5c/0x80\n [ 4.434307] gpio_rcar_config_interrupt_input_mode+0x34/0x164\n [ 4.440061] gpio_rcar_irq_set_type+0xd4/0xd8\n [ 4.444422] __irq_set_trigger+0x5c/0x178\n [ 4.448435] __setup_irq+0x2e4/0x690\n [ 4.452012] request_threaded_irq+0xc4/0x190\n [ 4.456285] devm_request_threaded_irq+0x7c/0xf4\n [ 4.459398] ata1: link resume succeeded after 1 retries\n [ 4.460902] mmc_gpiod_request_cd_irq+0x68/0xe0\n [ 4.470660] mmc_start_host+0x50/0xac\n [ 4.474327] mmc_add_host+0x80/0xe4\n [ 4.477817] tmio_mmc_host_probe+0x2b0/0x440\n [ 4.482094] renesas_sdhi_probe+0x488/0x6f4\n [ 4.486281] renesas_sdhi_internal_dmac_probe+0x60/0x78\n [ 4.491509] platform_probe+0x64/0xd8\n [ 4.495178] really_probe+0xb8/0x2a8\n [ 4.498756] __driver_probe_device+0x74/0x118\n [ 4.503116] driver_probe_device+0x3c/0x154\n [ 4.507303] __device_attach_driver+0xd4/0x160\n [ 4.511750] bus_for_each_drv+0x84/0xe0\n [ 4.515588] __device_attach_async_helper+0xb0/0xdc\n [ 4.520470] async_run_entry_fn+0x30/0xd8\n [ 4.524481] process_one_work+0x210/0x62c\n [ 4.528494] worker_thread+0x1ac/0x340\n [ 4.532245] kthread+0x10c/0x110\n [ 4.535476] ret_from_fork+0x10/0x20",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21912",
"url": "https://www.suse.com/security/cve/CVE-2025-21912"
},
{
"category": "external",
"summary": "SUSE Bug 1240584 for CVE-2025-21912",
"url": "https://bugzilla.suse.com/1240584"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21912"
},
{
"cve": "CVE-2025-21913",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21913"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/amd_nb: Use rdmsr_safe() in amd_get_mmconfig_range()\n\nXen doesn\u0027t offer MSR_FAM10H_MMIO_CONF_BASE to all guests. This results\nin the following warning:\n\n unchecked MSR access error: RDMSR from 0xc0010058 at rIP: 0xffffffff8101d19f (xen_do_read_msr+0x7f/0xa0)\n Call Trace:\n xen_read_msr+0x1e/0x30\n amd_get_mmconfig_range+0x2b/0x80\n quirk_amd_mmconfig_area+0x28/0x100\n pnp_fixup_device+0x39/0x50\n __pnp_add_device+0xf/0x150\n pnp_add_device+0x3d/0x100\n pnpacpi_add_device_handler+0x1f9/0x280\n acpi_ns_get_device_callback+0x104/0x1c0\n acpi_ns_walk_namespace+0x1d0/0x260\n acpi_get_devices+0x8a/0xb0\n pnpacpi_init+0x50/0x80\n do_one_initcall+0x46/0x2e0\n kernel_init_freeable+0x1da/0x2f0\n kernel_init+0x16/0x1b0\n ret_from_fork+0x30/0x50\n ret_from_fork_asm+0x1b/0x30\n\nbased on quirks for a \"PNP0c01\" device. Treating MMCFG as disabled is the\nright course of action, so no change is needed there.\n\nThis was most likely exposed by fixing the Xen MSR accessors to not be\nsilently-safe.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21913",
"url": "https://www.suse.com/security/cve/CVE-2025-21913"
},
{
"category": "external",
"summary": "SUSE Bug 1240591 for CVE-2025-21913",
"url": "https://bugzilla.suse.com/1240591"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21913"
},
{
"cve": "CVE-2025-21914",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21914"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nslimbus: messaging: Free transaction ID in delayed interrupt scenario\n\nIn case of interrupt delay for any reason, slim_do_transfer()\nreturns timeout error but the transaction ID (TID) is not freed.\nThis results into invalid memory access inside\nqcom_slim_ngd_rx_msgq_cb() due to invalid TID.\n\nFix the issue by freeing the TID in slim_do_transfer() before\nreturning timeout error to avoid invalid memory access.\n\nCall trace:\n__memcpy_fromio+0x20/0x190\nqcom_slim_ngd_rx_msgq_cb+0x130/0x290 [slim_qcom_ngd_ctrl]\nvchan_complete+0x2a0/0x4a0\ntasklet_action_common+0x274/0x700\ntasklet_action+0x28/0x3c\n_stext+0x188/0x620\nrun_ksoftirqd+0x34/0x74\nsmpboot_thread_fn+0x1d8/0x464\nkthread+0x178/0x238\nret_from_fork+0x10/0x20\nCode: aa0003e8 91000429 f100044a 3940002b (3800150b)\n---[ end trace 0fe00bec2b975c99 ]---\nKernel panic - not syncing: Oops: Fatal exception in interrupt.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21914",
"url": "https://www.suse.com/security/cve/CVE-2025-21914"
},
{
"category": "external",
"summary": "SUSE Bug 1240595 for CVE-2025-21914",
"url": "https://bugzilla.suse.com/1240595"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21914"
},
{
"cve": "CVE-2025-21915",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21915"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncdx: Fix possible UAF error in driver_override_show()\n\nFixed a possible UAF problem in driver_override_show() in drivers/cdx/cdx.c\n\nThis function driver_override_show() is part of DEVICE_ATTR_RW, which\nincludes both driver_override_show() and driver_override_store().\nThese functions can be executed concurrently in sysfs.\n\nThe driver_override_store() function uses driver_set_override() to\nupdate the driver_override value, and driver_set_override() internally\nlocks the device (device_lock(dev)). If driver_override_show() reads\ncdx_dev-\u003edriver_override without locking, it could potentially access\na freed pointer if driver_override_store() frees the string\nconcurrently. This could lead to printing a kernel address, which is a\nsecurity risk since DEVICE_ATTR can be read by all users.\n\nAdditionally, a similar pattern is used in drivers/amba/bus.c, as well\nas many other bus drivers, where device_lock() is taken in the show\nfunction, and it has been working without issues.\n\nThis potential bug was detected by our experimental static analysis\ntool, which analyzes locking APIs and paired functions to identify\ndata races and atomicity violations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21915",
"url": "https://www.suse.com/security/cve/CVE-2025-21915"
},
{
"category": "external",
"summary": "SUSE Bug 1240594 for CVE-2025-21915",
"url": "https://bugzilla.suse.com/1240594"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21915"
},
{
"cve": "CVE-2025-21916",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21916"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: atm: cxacru: fix a flaw in existing endpoint checks\n\nSyzbot once again identified a flaw in usb endpoint checking, see [1].\nThis time the issue stems from a commit authored by me (2eabb655a968\n(\"usb: atm: cxacru: fix endpoint checking in cxacru_bind()\")).\n\nWhile using usb_find_common_endpoints() may usually be enough to\ndiscard devices with wrong endpoints, in this case one needs more\nthan just finding and identifying the sufficient number of endpoints\nof correct types - one needs to check the endpoint\u0027s address as well.\n\nSince cxacru_bind() fills URBs with CXACRU_EP_CMD address in mind,\nswitch the endpoint verification approach to usb_check_XXX_endpoints()\ninstead to fix incomplete ep testing.\n\n[1] Syzbot report:\nusb 5-1: BOGUS urb xfer, pipe 3 != type 1\nWARNING: CPU: 0 PID: 1378 at drivers/usb/core/urb.c:504 usb_submit_urb+0xc4e/0x18c0 drivers/usb/core/urb.c:503\n...\nRIP: 0010:usb_submit_urb+0xc4e/0x18c0 drivers/usb/core/urb.c:503\n...\nCall Trace:\n \u003cTASK\u003e\n cxacru_cm+0x3c8/0xe50 drivers/usb/atm/cxacru.c:649\n cxacru_card_status drivers/usb/atm/cxacru.c:760 [inline]\n cxacru_bind+0xcf9/0x1150 drivers/usb/atm/cxacru.c:1223\n usbatm_usb_probe+0x314/0x1d30 drivers/usb/atm/usbatm.c:1058\n cxacru_usb_probe+0x184/0x220 drivers/usb/atm/cxacru.c:1377\n usb_probe_interface+0x641/0xbb0 drivers/usb/core/driver.c:396\n really_probe+0x2b9/0xad0 drivers/base/dd.c:658\n __driver_probe_device+0x1a2/0x390 drivers/base/dd.c:800\n driver_probe_device+0x50/0x430 drivers/base/dd.c:830\n...",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21916",
"url": "https://www.suse.com/security/cve/CVE-2025-21916"
},
{
"category": "external",
"summary": "SUSE Bug 1240582 for CVE-2025-21916",
"url": "https://bugzilla.suse.com/1240582"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21916"
},
{
"cve": "CVE-2025-21917",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21917"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: renesas_usbhs: Flush the notify_hotplug_work\n\nWhen performing continuous unbind/bind operations on the USB drivers\navailable on the Renesas RZ/G2L SoC, a kernel crash with the message\n\"Unable to handle kernel NULL pointer dereference at virtual address\"\nmay occur. This issue points to the usbhsc_notify_hotplug() function.\n\nFlush the delayed work to avoid its execution when driver resources are\nunavailable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21917",
"url": "https://www.suse.com/security/cve/CVE-2025-21917"
},
{
"category": "external",
"summary": "SUSE Bug 1240596 for CVE-2025-21917",
"url": "https://bugzilla.suse.com/1240596"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21917"
},
{
"cve": "CVE-2025-21918",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21918"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: typec: ucsi: Fix NULL pointer access\n\nResources should be released only after all threads that utilize them\nhave been destroyed.\nThis commit ensures that resources are not released prematurely by waiting\nfor the associated workqueue to complete before deallocating them.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21918",
"url": "https://www.suse.com/security/cve/CVE-2025-21918"
},
{
"category": "external",
"summary": "SUSE Bug 1240592 for CVE-2025-21918",
"url": "https://bugzilla.suse.com/1240592"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21918"
},
{
"cve": "CVE-2025-21922",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21922"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nppp: Fix KMSAN uninit-value warning with bpf\n\nSyzbot caught an \"KMSAN: uninit-value\" warning [1], which is caused by the\nppp driver not initializing a 2-byte header when using socket filter.\n\nThe following code can generate a PPP filter BPF program:\n\u0027\u0027\u0027\nstruct bpf_program fp;\npcap_t *handle;\nhandle = pcap_open_dead(DLT_PPP_PPPD, 65535);\npcap_compile(handle, \u0026fp, \"ip and outbound\", 0, 0);\nbpf_dump(\u0026fp, 1);\n\u0027\u0027\u0027\nIts output is:\n\u0027\u0027\u0027\n(000) ldh [2]\n(001) jeq #0x21 jt 2 jf 5\n(002) ldb [0]\n(003) jeq #0x1 jt 4 jf 5\n(004) ret #65535\n(005) ret #0\n\u0027\u0027\u0027\nWen can find similar code at the following link:\nhttps://github.com/ppp-project/ppp/blob/master/pppd/options.c#L1680\nThe maintainer of this code repository is also the original maintainer\nof the ppp driver.\n\nAs you can see the BPF program skips 2 bytes of data and then reads the\n\u0027Protocol\u0027 field to determine if it\u0027s an IP packet. Then it read the first\nbyte of the first 2 bytes to determine the direction.\n\nThe issue is that only the first byte indicating direction is initialized\nin current ppp driver code while the second byte is not initialized.\n\nFor normal BPF programs generated by libpcap, uninitialized data won\u0027t be\nused, so it\u0027s not a problem. However, for carefully crafted BPF programs,\nsuch as those generated by syzkaller [2], which start reading from offset\n0, the uninitialized data will be used and caught by KMSAN.\n\n[1] https://syzkaller.appspot.com/bug?extid=853242d9c9917165d791\n[2] https://syzkaller.appspot.com/text?tag=ReproC\u0026x=11994913980000",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21922",
"url": "https://www.suse.com/security/cve/CVE-2025-21922"
},
{
"category": "external",
"summary": "SUSE Bug 1240639 for CVE-2025-21922",
"url": "https://bugzilla.suse.com/1240639"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21922"
},
{
"cve": "CVE-2025-21923",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21923"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: hid-steam: Fix use-after-free when detaching device\n\nWhen a hid-steam device is removed it must clean up the client_hdev used for\nintercepting hidraw access. This can lead to scheduling deferred work to\nreattach the input device. Though the cleanup cancels the deferred work, this\nwas done before the client_hdev itself is cleaned up, so it gets rescheduled.\nThis patch fixes the ordering to make sure the deferred work is properly\ncanceled.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21923",
"url": "https://www.suse.com/security/cve/CVE-2025-21923"
},
{
"category": "external",
"summary": "SUSE Bug 1240691 for CVE-2025-21923",
"url": "https://bugzilla.suse.com/1240691"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21923"
},
{
"cve": "CVE-2025-21924",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21924"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hns3: make sure ptp clock is unregister and freed if hclge_ptp_get_cycle returns an error\n\nDuring the initialization of ptp, hclge_ptp_get_cycle might return an error\nand returned directly without unregister clock and free it. To avoid that,\ncall hclge_ptp_destroy_clock to unregist and free clock if\nhclge_ptp_get_cycle failed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21924",
"url": "https://www.suse.com/security/cve/CVE-2025-21924"
},
{
"category": "external",
"summary": "SUSE Bug 1240720 for CVE-2025-21924",
"url": "https://bugzilla.suse.com/1240720"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21924"
},
{
"cve": "CVE-2025-21927",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21927"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu()\n\nnvme_tcp_recv_pdu() doesn\u0027t check the validity of the header length.\nWhen header digests are enabled, a target might send a packet with an\ninvalid header length (e.g. 255), causing nvme_tcp_verify_hdgst()\nto access memory outside the allocated area and cause memory corruptions\nby overwriting it with the calculated digest.\n\nFix this by rejecting packets with an unexpected header length.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21927",
"url": "https://www.suse.com/security/cve/CVE-2025-21927"
},
{
"category": "external",
"summary": "SUSE Bug 1240714 for CVE-2025-21927",
"url": "https://bugzilla.suse.com/1240714"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21927"
},
{
"cve": "CVE-2025-21928",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21928"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove()\n\nThe system can experience a random crash a few minutes after the driver is\nremoved. This issue occurs due to improper handling of memory freeing in\nthe ishtp_hid_remove() function.\n\nThe function currently frees the `driver_data` directly within the loop\nthat destroys the HID devices, which can lead to accessing freed memory.\nSpecifically, `hid_destroy_device()` uses `driver_data` when it calls\n`hid_ishtp_set_feature()` to power off the sensor, so freeing\n`driver_data` beforehand can result in accessing invalid memory.\n\nThis patch resolves the issue by storing the `driver_data` in a temporary\nvariable before calling `hid_destroy_device()`, and then freeing the\n`driver_data` after the device is destroyed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21928",
"url": "https://www.suse.com/security/cve/CVE-2025-21928"
},
{
"category": "external",
"summary": "SUSE Bug 1240722 for CVE-2025-21928",
"url": "https://bugzilla.suse.com/1240722"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21928"
},
{
"cve": "CVE-2025-21930",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21930"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: don\u0027t try to talk to a dead firmware\n\nThis fixes:\n\n bad state = 0\n WARNING: CPU: 10 PID: 702 at drivers/net/wireless/inel/iwlwifi/iwl-trans.c:178 iwl_trans_send_cmd+0xba/0xe0 [iwlwifi]\n Call Trace:\n \u003cTASK\u003e\n ? __warn+0xca/0x1c0\n ? iwl_trans_send_cmd+0xba/0xe0 [iwlwifi 64fa9ad799a0e0d2ba53d4af93a53ad9a531f8d4]\n iwl_fw_dbg_clear_monitor_buf+0xd7/0x110 [iwlwifi 64fa9ad799a0e0d2ba53d4af93a53ad9a531f8d4]\n _iwl_dbgfs_fw_dbg_clear_write+0xe2/0x120 [iwlmvm 0e8adb18cea92d2c341766bcc10b18699290068a]\n\nAsk whether the firmware is alive before sending a command.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21930",
"url": "https://www.suse.com/security/cve/CVE-2025-21930"
},
{
"category": "external",
"summary": "SUSE Bug 1240715 for CVE-2025-21930",
"url": "https://bugzilla.suse.com/1240715"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21930"
},
{
"cve": "CVE-2025-21934",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21934"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nrapidio: fix an API misues when rio_add_net() fails\n\nrio_add_net() calls device_register() and fails when device_register()\nfails. Thus, put_device() should be used rather than kfree(). Add\n\"mport-\u003enet = NULL;\" to avoid a use after free issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21934",
"url": "https://www.suse.com/security/cve/CVE-2025-21934"
},
{
"category": "external",
"summary": "SUSE Bug 1240708 for CVE-2025-21934",
"url": "https://bugzilla.suse.com/1240708"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21934"
},
{
"cve": "CVE-2025-21935",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21935"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nrapidio: add check for rio_add_net() in rio_scan_alloc_net()\n\nThe return value of rio_add_net() should be checked. If it fails,\nput_device() should be called to free the memory and give up the reference\ninitialized in rio_add_net().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21935",
"url": "https://www.suse.com/security/cve/CVE-2025-21935"
},
{
"category": "external",
"summary": "SUSE Bug 1240700 for CVE-2025-21935",
"url": "https://bugzilla.suse.com/1240700"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21935"
},
{
"cve": "CVE-2025-21936",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21936"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: Add check for mgmt_alloc_skb() in mgmt_device_connected()\n\nAdd check for the return value of mgmt_alloc_skb() in\nmgmt_device_connected() to prevent null pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21936",
"url": "https://www.suse.com/security/cve/CVE-2025-21936"
},
{
"category": "external",
"summary": "SUSE Bug 1240716 for CVE-2025-21936",
"url": "https://bugzilla.suse.com/1240716"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21936"
},
{
"cve": "CVE-2025-21937",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21937"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: Add check for mgmt_alloc_skb() in mgmt_remote_name()\n\nAdd check for the return value of mgmt_alloc_skb() in\nmgmt_remote_name() to prevent null pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21937",
"url": "https://www.suse.com/security/cve/CVE-2025-21937"
},
{
"category": "external",
"summary": "SUSE Bug 1240643 for CVE-2025-21937",
"url": "https://bugzilla.suse.com/1240643"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21937"
},
{
"cve": "CVE-2025-21941",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21941"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix null check for pipe_ctx-\u003eplane_state in resource_build_scaling_params\n\nNull pointer dereference issue could occur when pipe_ctx-\u003eplane_state\nis null. The fix adds a check to ensure \u0027pipe_ctx-\u003eplane_state\u0027 is not\nnull before accessing. This prevents a null pointer dereference.\n\nFound by code review.\n\n(cherry picked from commit 63e6a77ccf239337baa9b1e7787cde9fa0462092)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21941",
"url": "https://www.suse.com/security/cve/CVE-2025-21941"
},
{
"category": "external",
"summary": "SUSE Bug 1240701 for CVE-2025-21941",
"url": "https://bugzilla.suse.com/1240701"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21941"
},
{
"cve": "CVE-2025-21943",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21943"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpio: aggregator: protect driver attr handlers against module unload\n\nBoth new_device_store and delete_device_store touch module global\nresources (e.g. gpio_aggregator_lock). To prevent race conditions with\nmodule unload, a reference needs to be held.\n\nAdd try_module_get() in these handlers.\n\nFor new_device_store, this eliminates what appears to be the most dangerous\nscenario: if an id is allocated from gpio_aggregator_idr but\nplatform_device_register has not yet been called or completed, a concurrent\nmodule unload could fail to unregister/delete the device, leaving behind a\ndangling platform device/GPIO forwarder. This can result in various issues.\nThe following simple reproducer demonstrates these problems:\n\n #!/bin/bash\n while :; do\n # note: whether \u0027gpiochip0 0\u0027 exists or not does not matter.\n echo \u0027gpiochip0 0\u0027 \u003e /sys/bus/platform/drivers/gpio-aggregator/new_device\n done \u0026\n while :; do\n modprobe gpio-aggregator\n modprobe -r gpio-aggregator\n done \u0026\n wait\n\n Starting with the following warning, several kinds of warnings will appear\n and the system may become unstable:\n\n ------------[ cut here ]------------\n list_del corruption, ffff888103e2e980-\u003enext is LIST_POISON1 (dead000000000100)\n WARNING: CPU: 1 PID: 1327 at lib/list_debug.c:56 __list_del_entry_valid_or_report+0xa3/0x120\n [...]\n RIP: 0010:__list_del_entry_valid_or_report+0xa3/0x120\n [...]\n Call Trace:\n \u003cTASK\u003e\n ? __list_del_entry_valid_or_report+0xa3/0x120\n ? __warn.cold+0x93/0xf2\n ? __list_del_entry_valid_or_report+0xa3/0x120\n ? report_bug+0xe6/0x170\n ? __irq_work_queue_local+0x39/0xe0\n ? handle_bug+0x58/0x90\n ? exc_invalid_op+0x13/0x60\n ? asm_exc_invalid_op+0x16/0x20\n ? __list_del_entry_valid_or_report+0xa3/0x120\n gpiod_remove_lookup_table+0x22/0x60\n new_device_store+0x315/0x350 [gpio_aggregator]\n kernfs_fop_write_iter+0x137/0x1f0\n vfs_write+0x262/0x430\n ksys_write+0x60/0xd0\n do_syscall_64+0x6c/0x180\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n [...]\n \u003c/TASK\u003e\n ---[ end trace 0000000000000000 ]---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21943",
"url": "https://www.suse.com/security/cve/CVE-2025-21943"
},
{
"category": "external",
"summary": "SUSE Bug 1240647 for CVE-2025-21943",
"url": "https://bugzilla.suse.com/1240647"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21943"
},
{
"cve": "CVE-2025-21948",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21948"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: appleir: Fix potential NULL dereference at raw event handle\n\nSyzkaller reports a NULL pointer dereference issue in input_event().\n\nBUG: KASAN: null-ptr-deref in instrument_atomic_read include/linux/instrumented.h:68 [inline]\nBUG: KASAN: null-ptr-deref in _test_bit include/asm-generic/bitops/instrumented-non-atomic.h:141 [inline]\nBUG: KASAN: null-ptr-deref in is_event_supported drivers/input/input.c:67 [inline]\nBUG: KASAN: null-ptr-deref in input_event+0x42/0xa0 drivers/input/input.c:395\nRead of size 8 at addr 0000000000000028 by task syz-executor199/2949\n\nCPU: 0 UID: 0 PID: 2949 Comm: syz-executor199 Not tainted 6.13.0-rc4-syzkaller-00076-gf097a36ef88d #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nCall Trace:\n \u003cIRQ\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120\n kasan_report+0xd9/0x110 mm/kasan/report.c:602\n check_region_inline mm/kasan/generic.c:183 [inline]\n kasan_check_range+0xef/0x1a0 mm/kasan/generic.c:189\n instrument_atomic_read include/linux/instrumented.h:68 [inline]\n _test_bit include/asm-generic/bitops/instrumented-non-atomic.h:141 [inline]\n is_event_supported drivers/input/input.c:67 [inline]\n input_event+0x42/0xa0 drivers/input/input.c:395\n input_report_key include/linux/input.h:439 [inline]\n key_down drivers/hid/hid-appleir.c:159 [inline]\n appleir_raw_event+0x3e5/0x5e0 drivers/hid/hid-appleir.c:232\n __hid_input_report.constprop.0+0x312/0x440 drivers/hid/hid-core.c:2111\n hid_ctrl+0x49f/0x550 drivers/hid/usbhid/hid-core.c:484\n __usb_hcd_giveback_urb+0x389/0x6e0 drivers/usb/core/hcd.c:1650\n usb_hcd_giveback_urb+0x396/0x450 drivers/usb/core/hcd.c:1734\n dummy_timer+0x17f7/0x3960 drivers/usb/gadget/udc/dummy_hcd.c:1993\n __run_hrtimer kernel/time/hrtimer.c:1739 [inline]\n __hrtimer_run_queues+0x20a/0xae0 kernel/time/hrtimer.c:1803\n hrtimer_run_softirq+0x17d/0x350 kernel/time/hrtimer.c:1820\n handle_softirqs+0x206/0x8d0 kernel/softirq.c:561\n __do_softirq kernel/softirq.c:595 [inline]\n invoke_softirq kernel/softirq.c:435 [inline]\n __irq_exit_rcu+0xfa/0x160 kernel/softirq.c:662\n irq_exit_rcu+0x9/0x30 kernel/softirq.c:678\n instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline]\n sysvec_apic_timer_interrupt+0x90/0xb0 arch/x86/kernel/apic/apic.c:1049\n \u003c/IRQ\u003e\n \u003cTASK\u003e\n asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702\n __mod_timer+0x8f6/0xdc0 kernel/time/timer.c:1185\n add_timer+0x62/0x90 kernel/time/timer.c:1295\n schedule_timeout+0x11f/0x280 kernel/time/sleep_timeout.c:98\n usbhid_wait_io+0x1c7/0x380 drivers/hid/usbhid/hid-core.c:645\n usbhid_init_reports+0x19f/0x390 drivers/hid/usbhid/hid-core.c:784\n hiddev_ioctl+0x1133/0x15b0 drivers/hid/usbhid/hiddev.c:794\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:906 [inline]\n __se_sys_ioctl fs/ioctl.c:892 [inline]\n __x64_sys_ioctl+0x190/0x200 fs/ioctl.c:892\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n \u003c/TASK\u003e\n\nThis happens due to the malformed report items sent by the emulated device\nwhich results in a report, that has no fields, being added to the report list.\nDue to this appleir_input_configured() is never called, hidinput_connect()\nfails which results in the HID_CLAIMED_INPUT flag is not being set. However,\nit does not make appleir_probe() fail and lets the event callback to be\ncalled without the associated input device.\n\nThus, add a check for the HID_CLAIMED_INPUT flag and leave the event hook\nearly if the driver didn\u0027t claim any input_dev for some reason. Moreover,\nsome other hid drivers accessing input_dev in their event callbacks do have\nsimilar checks, too.\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21948",
"url": "https://www.suse.com/security/cve/CVE-2025-21948"
},
{
"category": "external",
"summary": "SUSE Bug 1240703 for CVE-2025-21948",
"url": "https://bugzilla.suse.com/1240703"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21948"
},
{
"cve": "CVE-2025-21950",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21950"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrivers: virt: acrn: hsm: Use kzalloc to avoid info leak in pmcmd_ioctl\n\nIn the \"pmcmd_ioctl\" function, three memory objects allocated by\nkmalloc are initialized by \"hcall_get_cpu_state\", which are then\ncopied to user space. The initializer is indeed implemented in\n\"acrn_hypercall2\" (arch/x86/include/asm/acrn.h). There is a risk of\ninformation leakage due to uninitialized bytes.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21950",
"url": "https://www.suse.com/security/cve/CVE-2025-21950"
},
{
"category": "external",
"summary": "SUSE Bug 1240719 for CVE-2025-21950",
"url": "https://bugzilla.suse.com/1240719"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21950"
},
{
"cve": "CVE-2025-21951",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21951"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbus: mhi: host: pci_generic: Use pci_try_reset_function() to avoid deadlock\n\nThere are multiple places from where the recovery work gets scheduled\nasynchronously. Also, there are multiple places where the caller waits\nsynchronously for the recovery to be completed. One such place is during\nthe PM shutdown() callback.\n\nIf the device is not alive during recovery_work, it will try to reset the\ndevice using pci_reset_function(). This function internally will take the\ndevice_lock() first before resetting the device. By this time, if the lock\nhas already been acquired, then recovery_work will get stalled while\nwaiting for the lock. And if the lock was already acquired by the caller\nwhich waits for the recovery_work to be completed, it will lead to\ndeadlock.\n\nThis is what happened on the X1E80100 CRD device when the device died\nbefore shutdown() callback. Driver core calls the driver\u0027s shutdown()\ncallback while holding the device_lock() leading to deadlock.\n\nAnd this deadlock scenario can occur on other paths as well, like during\nthe PM suspend() callback, where the driver core would hold the\ndevice_lock() before calling driver\u0027s suspend() callback. And if the\nrecovery_work was already started, it could lead to deadlock. This is also\nobserved on the X1E80100 CRD.\n\nSo to fix both issues, use pci_try_reset_function() in recovery_work. This\nfunction first checks for the availability of the device_lock() before\ntrying to reset the device. If the lock is available, it will acquire it\nand reset the device. Otherwise, it will return -EAGAIN. If that happens,\nrecovery_work will fail with the error message \"Recovery failed\" as not\nmuch could be done.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21951",
"url": "https://www.suse.com/security/cve/CVE-2025-21951"
},
{
"category": "external",
"summary": "SUSE Bug 1240718 for CVE-2025-21951",
"url": "https://bugzilla.suse.com/1240718"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21951"
},
{
"cve": "CVE-2025-21953",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21953"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mana: cleanup mana struct after debugfs_remove()\n\nWhen on a MANA VM hibernation is triggered, as part of hibernate_snapshot(),\nmana_gd_suspend() and mana_gd_resume() are called. If during this\nmana_gd_resume(), a failure occurs with HWC creation, mana_port_debugfs\npointer does not get reinitialized and ends up pointing to older,\ncleaned-up dentry.\nFurther in the hibernation path, as part of power_down(), mana_gd_shutdown()\nis triggered. This call, unaware of the failures in resume, tries to cleanup\nthe already cleaned up mana_port_debugfs value and hits the following bug:\n\n[ 191.359296] mana 7870:00:00.0: Shutdown was called\n[ 191.359918] BUG: kernel NULL pointer dereference, address: 0000000000000098\n[ 191.360584] #PF: supervisor write access in kernel mode\n[ 191.361125] #PF: error_code(0x0002) - not-present page\n[ 191.361727] PGD 1080ea067 P4D 0\n[ 191.362172] Oops: Oops: 0002 [#1] SMP NOPTI\n[ 191.362606] CPU: 11 UID: 0 PID: 1674 Comm: bash Not tainted 6.14.0-rc5+ #2\n[ 191.363292] Hardware name: Microsoft Corporation Virtual Machine/Virtual Machine, BIOS Hyper-V UEFI Release v4.1 11/21/2024\n[ 191.364124] RIP: 0010:down_write+0x19/0x50\n[ 191.364537] Code: 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 44 00 00 55 48 89 e5 53 48 89 fb e8 de cd ff ff 31 c0 ba 01 00 00 00 \u003cf0\u003e 48 0f b1 13 75 16 65 48 8b 05 88 24 4c 6a 48 89 43 08 48 8b 5d\n[ 191.365867] RSP: 0000:ff45fbe0c1c037b8 EFLAGS: 00010246\n[ 191.366350] RAX: 0000000000000000 RBX: 0000000000000098 RCX: ffffff8100000000\n[ 191.366951] RDX: 0000000000000001 RSI: 0000000000000064 RDI: 0000000000000098\n[ 191.367600] RBP: ff45fbe0c1c037c0 R08: 0000000000000000 R09: 0000000000000001\n[ 191.368225] R10: ff45fbe0d2b01000 R11: 0000000000000008 R12: 0000000000000000\n[ 191.368874] R13: 000000000000000b R14: ff43dc27509d67c0 R15: 0000000000000020\n[ 191.369549] FS: 00007dbc5001e740(0000) GS:ff43dc663f380000(0000) knlGS:0000000000000000\n[ 191.370213] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 191.370830] CR2: 0000000000000098 CR3: 0000000168e8e002 CR4: 0000000000b73ef0\n[ 191.371557] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 191.372192] DR3: 0000000000000000 DR6: 00000000fffe07f0 DR7: 0000000000000400\n[ 191.372906] Call Trace:\n[ 191.373262] \u003cTASK\u003e\n[ 191.373621] ? show_regs+0x64/0x70\n[ 191.374040] ? __die+0x24/0x70\n[ 191.374468] ? page_fault_oops+0x290/0x5b0\n[ 191.374875] ? do_user_addr_fault+0x448/0x800\n[ 191.375357] ? exc_page_fault+0x7a/0x160\n[ 191.375971] ? asm_exc_page_fault+0x27/0x30\n[ 191.376416] ? down_write+0x19/0x50\n[ 191.376832] ? down_write+0x12/0x50\n[ 191.377232] simple_recursive_removal+0x4a/0x2a0\n[ 191.377679] ? __pfx_remove_one+0x10/0x10\n[ 191.378088] debugfs_remove+0x44/0x70\n[ 191.378530] mana_detach+0x17c/0x4f0\n[ 191.378950] ? __flush_work+0x1e2/0x3b0\n[ 191.379362] ? __cond_resched+0x1a/0x50\n[ 191.379787] mana_remove+0xf2/0x1a0\n[ 191.380193] mana_gd_shutdown+0x3b/0x70\n[ 191.380642] pci_device_shutdown+0x3a/0x80\n[ 191.381063] device_shutdown+0x13e/0x230\n[ 191.381480] kernel_power_off+0x35/0x80\n[ 191.381890] hibernate+0x3c6/0x470\n[ 191.382312] state_store+0xcb/0xd0\n[ 191.382734] kobj_attr_store+0x12/0x30\n[ 191.383211] sysfs_kf_write+0x3e/0x50\n[ 191.383640] kernfs_fop_write_iter+0x140/0x1d0\n[ 191.384106] vfs_write+0x271/0x440\n[ 191.384521] ksys_write+0x72/0xf0\n[ 191.384924] __x64_sys_write+0x19/0x20\n[ 191.385313] x64_sys_call+0x2b0/0x20b0\n[ 191.385736] do_syscall_64+0x79/0x150\n[ 191.386146] ? __mod_memcg_lruvec_state+0xe7/0x240\n[ 191.386676] ? __lruvec_stat_mod_folio+0x79/0xb0\n[ 191.387124] ? __pfx_lru_add+0x10/0x10\n[ 191.387515] ? queued_spin_unlock+0x9/0x10\n[ 191.387937] ? do_anonymous_page+0x33c/0xa00\n[ 191.388374] ? __handle_mm_fault+0xcf3/0x1210\n[ 191.388805] ? __count_memcg_events+0xbe/0x180\n[ 191.389235] ? handle_mm_fault+0xae/0x300\n[ 19\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21953",
"url": "https://www.suse.com/security/cve/CVE-2025-21953"
},
{
"category": "external",
"summary": "SUSE Bug 1240727 for CVE-2025-21953",
"url": "https://bugzilla.suse.com/1240727"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21953"
},
{
"cve": "CVE-2025-21956",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21956"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Assign normalized_pix_clk when color depth = 14\n\n[WHY \u0026 HOW]\nA warning message \"WARNING: CPU: 4 PID: 459 at ... /dc_resource.c:3397\ncalculate_phy_pix_clks+0xef/0x100 [amdgpu]\" occurs because the\ndisplay_color_depth == COLOR_DEPTH_141414 is not handled. This is\nobserved in Radeon RX 6600 XT.\n\nIt is fixed by assigning pix_clk * (14 * 3) / 24 - same as the rests.\n\nAlso fixes the indentation in get_norm_pix_clk.\n\n(cherry picked from commit 274a87eb389f58eddcbc5659ab0b180b37e92775)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21956",
"url": "https://www.suse.com/security/cve/CVE-2025-21956"
},
{
"category": "external",
"summary": "SUSE Bug 1240739 for CVE-2025-21956",
"url": "https://bugzilla.suse.com/1240739"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 0,
"baseSeverity": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21956"
},
{
"cve": "CVE-2025-21957",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21957"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla1280: Fix kernel oops when debug level \u003e 2\n\nA null dereference or oops exception will eventually occur when qla1280.c\ndriver is compiled with DEBUG_QLA1280 enabled and ql_debug_level \u003e 2. I\nthink its clear from the code that the intention here is sg_dma_len(s) not\nlength of sg_next(s) when printing the debug info.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21957",
"url": "https://www.suse.com/security/cve/CVE-2025-21957"
},
{
"category": "external",
"summary": "SUSE Bug 1240742 for CVE-2025-21957",
"url": "https://bugzilla.suse.com/1240742"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21957"
},
{
"cve": "CVE-2025-21960",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21960"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\neth: bnxt: do not update checksum in bnxt_xdp_build_skb()\n\nThe bnxt_rx_pkt() updates ip_summed value at the end if checksum offload\nis enabled.\nWhen the XDP-MB program is attached and it returns XDP_PASS, the\nbnxt_xdp_build_skb() is called to update skb_shared_info.\nThe main purpose of bnxt_xdp_build_skb() is to update skb_shared_info,\nbut it updates ip_summed value too if checksum offload is enabled.\nThis is actually duplicate work.\n\nWhen the bnxt_rx_pkt() updates ip_summed value, it checks if ip_summed\nis CHECKSUM_NONE or not.\nIt means that ip_summed should be CHECKSUM_NONE at this moment.\nBut ip_summed may already be updated to CHECKSUM_UNNECESSARY in the\nXDP-MB-PASS path.\nSo the by skb_checksum_none_assert() WARNS about it.\n\nThis is duplicate work and updating ip_summed in the\nbnxt_xdp_build_skb() is not needed.\n\nSplat looks like:\nWARNING: CPU: 3 PID: 5782 at ./include/linux/skbuff.h:5155 bnxt_rx_pkt+0x479b/0x7610 [bnxt_en]\nModules linked in: bnxt_re bnxt_en rdma_ucm rdma_cm iw_cm ib_cm ib_uverbs veth xt_nat xt_tcpudp xt_conntrack nft_chain_nat xt_MASQUERADE nf_]\nCPU: 3 UID: 0 PID: 5782 Comm: socat Tainted: G W 6.14.0-rc4+ #27\nTainted: [W]=WARN\nHardware name: ASUS System Product Name/PRIME Z690-P D4, BIOS 0603 11/01/2021\nRIP: 0010:bnxt_rx_pkt+0x479b/0x7610 [bnxt_en]\nCode: 54 24 0c 4c 89 f1 4c 89 ff c1 ea 1f ff d3 0f 1f 00 49 89 c6 48 85 c0 0f 84 4c e5 ff ff 48 89 c7 e8 ca 3d a0 c8 e9 8f f4 ff ff \u003c0f\u003e 0b f\nRSP: 0018:ffff88881ba09928 EFLAGS: 00010202\nRAX: 0000000000000000 RBX: 00000000c7590303 RCX: 0000000000000000\nRDX: 1ffff1104e7d1610 RSI: 0000000000000001 RDI: ffff8881c91300b8\nRBP: ffff88881ba09b28 R08: ffff888273e8b0d0 R09: ffff888273e8b070\nR10: ffff888273e8b010 R11: ffff888278b0f000 R12: ffff888273e8b080\nR13: ffff8881c9130e00 R14: ffff8881505d3800 R15: ffff888273e8b000\nFS: 00007f5a2e7be080(0000) GS:ffff88881ba00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007fff2e708ff8 CR3: 000000013e3b0000 CR4: 00000000007506f0\nPKRU: 55555554\nCall Trace:\n \u003cIRQ\u003e\n ? __warn+0xcd/0x2f0\n ? bnxt_rx_pkt+0x479b/0x7610\n ? report_bug+0x326/0x3c0\n ? handle_bug+0x53/0xa0\n ? exc_invalid_op+0x14/0x50\n ? asm_exc_invalid_op+0x16/0x20\n ? bnxt_rx_pkt+0x479b/0x7610\n ? bnxt_rx_pkt+0x3e41/0x7610\n ? __pfx_bnxt_rx_pkt+0x10/0x10\n ? napi_complete_done+0x2cf/0x7d0\n __bnxt_poll_work+0x4e8/0x1220\n ? __pfx___bnxt_poll_work+0x10/0x10\n ? __pfx_mark_lock.part.0+0x10/0x10\n bnxt_poll_p5+0x36a/0xfa0\n ? __pfx_bnxt_poll_p5+0x10/0x10\n __napi_poll.constprop.0+0xa0/0x440\n net_rx_action+0x899/0xd00\n...\n\nFollowing ping.py patch adds xdp-mb-pass case. so ping.py is going\nto be able to reproduce this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21960",
"url": "https://www.suse.com/security/cve/CVE-2025-21960"
},
{
"category": "external",
"summary": "SUSE Bug 1240815 for CVE-2025-21960",
"url": "https://bugzilla.suse.com/1240815"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 0,
"baseSeverity": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21960"
},
{
"cve": "CVE-2025-21961",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21961"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\neth: bnxt: fix truesize for mb-xdp-pass case\n\nWhen mb-xdp is set and return is XDP_PASS, packet is converted from\nxdp_buff to sk_buff with xdp_update_skb_shared_info() in\nbnxt_xdp_build_skb().\nbnxt_xdp_build_skb() passes incorrect truesize argument to\nxdp_update_skb_shared_info().\nThe truesize is calculated as BNXT_RX_PAGE_SIZE * sinfo-\u003enr_frags but\nthe skb_shared_info was wiped by napi_build_skb() before.\nSo it stores sinfo-\u003enr_frags before bnxt_xdp_build_skb() and use it\ninstead of getting skb_shared_info from xdp_get_shared_info_from_buff().\n\nSplat looks like:\n ------------[ cut here ]------------\n WARNING: CPU: 2 PID: 0 at net/core/skbuff.c:6072 skb_try_coalesce+0x504/0x590\n Modules linked in: xt_nat xt_tcpudp veth af_packet xt_conntrack nft_chain_nat xt_MASQUERADE nf_conntrack_netlink xfrm_user xt_addrtype nft_coms\n CPU: 2 UID: 0 PID: 0 Comm: swapper/2 Not tainted 6.14.0-rc2+ #3\n RIP: 0010:skb_try_coalesce+0x504/0x590\n Code: 4b fd ff ff 49 8b 34 24 40 80 e6 40 0f 84 3d fd ff ff 49 8b 74 24 48 40 f6 c6 01 0f 84 2e fd ff ff 48 8d 4e ff e9 25 fd ff ff \u003c0f\u003e 0b e99\n RSP: 0018:ffffb62c4120caa8 EFLAGS: 00010287\n RAX: 0000000000000003 RBX: ffffb62c4120cb14 RCX: 0000000000000ec0\n RDX: 0000000000001000 RSI: ffffa06e5d7dc000 RDI: 0000000000000003\n RBP: ffffa06e5d7ddec0 R08: ffffa06e6120a800 R09: ffffa06e7a119900\n R10: 0000000000002310 R11: ffffa06e5d7dcec0 R12: ffffe4360575f740\n R13: ffffe43600000000 R14: 0000000000000002 R15: 0000000000000002\n FS: 0000000000000000(0000) GS:ffffa0755f700000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f147b76b0f8 CR3: 00000001615d4000 CR4: 00000000007506f0\n PKRU: 55555554\n Call Trace:\n \u003cIRQ\u003e\n ? __warn+0x84/0x130\n ? skb_try_coalesce+0x504/0x590\n ? report_bug+0x18a/0x1a0\n ? handle_bug+0x53/0x90\n ? exc_invalid_op+0x14/0x70\n ? asm_exc_invalid_op+0x16/0x20\n ? skb_try_coalesce+0x504/0x590\n inet_frag_reasm_finish+0x11f/0x2e0\n ip_defrag+0x37a/0x900\n ip_local_deliver+0x51/0x120\n ip_sublist_rcv_finish+0x64/0x70\n ip_sublist_rcv+0x179/0x210\n ip_list_rcv+0xf9/0x130\n\nHow to reproduce:\n\u003cNode A\u003e\nip link set $interface1 xdp obj xdp_pass.o\nip link set $interface1 mtu 9000 up\nip a a 10.0.0.1/24 dev $interface1\n\u003cNode B\u003e\nip link set $interfac2 mtu 9000 up\nip a a 10.0.0.2/24 dev $interface2\nping 10.0.0.1 -s 65000\n\nFollowing ping.py patch adds xdp-mb-pass case. so ping.py is going to be\nable to reproduce this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21961",
"url": "https://www.suse.com/security/cve/CVE-2025-21961"
},
{
"category": "external",
"summary": "SUSE Bug 1240816 for CVE-2025-21961",
"url": "https://bugzilla.suse.com/1240816"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21961"
},
{
"cve": "CVE-2025-21966",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21966"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm-flakey: Fix memory corruption in optional corrupt_bio_byte feature\n\nFix memory corruption due to incorrect parameter being passed to bio_init",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21966",
"url": "https://www.suse.com/security/cve/CVE-2025-21966"
},
{
"category": "external",
"summary": "SUSE Bug 1240779 for CVE-2025-21966",
"url": "https://bugzilla.suse.com/1240779"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21966"
},
{
"cve": "CVE-2025-21968",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21968"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix slab-use-after-free on hdcp_work\n\n[Why]\nA slab-use-after-free is reported when HDCP is destroyed but the\nproperty_validate_dwork queue is still running.\n\n[How]\nCancel the delayed work when destroying workqueue.\n\n(cherry picked from commit 725a04ba5a95e89c89633d4322430cfbca7ce128)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21968",
"url": "https://www.suse.com/security/cve/CVE-2025-21968"
},
{
"category": "external",
"summary": "SUSE Bug 1240783 for CVE-2025-21968",
"url": "https://bugzilla.suse.com/1240783"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21968"
},
{
"cve": "CVE-2025-21969",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21969"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: Fix slab-use-after-free Read in l2cap_send_cmd\n\nAfter the hci sync command releases l2cap_conn, the hci receive data work\nqueue references the released l2cap_conn when sending to the upper layer.\nAdd hci dev lock to the hci receive data work queue to synchronize the two.\n\n[1]\nBUG: KASAN: slab-use-after-free in l2cap_send_cmd+0x187/0x8d0 net/bluetooth/l2cap_core.c:954\nRead of size 8 at addr ffff8880271a4000 by task kworker/u9:2/5837\n\nCPU: 0 UID: 0 PID: 5837 Comm: kworker/u9:2 Not tainted 6.13.0-rc5-syzkaller-00163-gab75170520d4 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nWorkqueue: hci1 hci_rx_work\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:489\n kasan_report+0x143/0x180 mm/kasan/report.c:602\n l2cap_build_cmd net/bluetooth/l2cap_core.c:2964 [inline]\n l2cap_send_cmd+0x187/0x8d0 net/bluetooth/l2cap_core.c:954\n l2cap_sig_send_rej net/bluetooth/l2cap_core.c:5502 [inline]\n l2cap_sig_channel net/bluetooth/l2cap_core.c:5538 [inline]\n l2cap_recv_frame+0x221f/0x10db0 net/bluetooth/l2cap_core.c:6817\n hci_acldata_packet net/bluetooth/hci_core.c:3797 [inline]\n hci_rx_work+0x508/0xdb0 net/bluetooth/hci_core.c:4040\n process_one_work kernel/workqueue.c:3229 [inline]\n process_scheduled_works+0xa66/0x1840 kernel/workqueue.c:3310\n worker_thread+0x870/0xd30 kernel/workqueue.c:3391\n kthread+0x2f0/0x390 kernel/kthread.c:389\n ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n \u003c/TASK\u003e\n\nAllocated by task 5837:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0x98/0xb0 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __kmalloc_cache_noprof+0x243/0x390 mm/slub.c:4329\n kmalloc_noprof include/linux/slab.h:901 [inline]\n kzalloc_noprof include/linux/slab.h:1037 [inline]\n l2cap_conn_add+0xa9/0x8e0 net/bluetooth/l2cap_core.c:6860\n l2cap_connect_cfm+0x115/0x1090 net/bluetooth/l2cap_core.c:7239\n hci_connect_cfm include/net/bluetooth/hci_core.h:2057 [inline]\n hci_remote_features_evt+0x68e/0xac0 net/bluetooth/hci_event.c:3726\n hci_event_func net/bluetooth/hci_event.c:7473 [inline]\n hci_event_packet+0xac2/0x1540 net/bluetooth/hci_event.c:7525\n hci_rx_work+0x3f3/0xdb0 net/bluetooth/hci_core.c:4035\n process_one_work kernel/workqueue.c:3229 [inline]\n process_scheduled_works+0xa66/0x1840 kernel/workqueue.c:3310\n worker_thread+0x870/0xd30 kernel/workqueue.c:3391\n kthread+0x2f0/0x390 kernel/kthread.c:389\n ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n\nFreed by task 54:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:582\n poison_slab_object mm/kasan/common.c:247 [inline]\n __kasan_slab_free+0x59/0x70 mm/kasan/common.c:264\n kasan_slab_free include/linux/kasan.h:233 [inline]\n slab_free_hook mm/slub.c:2353 [inline]\n slab_free mm/slub.c:4613 [inline]\n kfree+0x196/0x430 mm/slub.c:4761\n l2cap_connect_cfm+0xcc/0x1090 net/bluetooth/l2cap_core.c:7235\n hci_connect_cfm include/net/bluetooth/hci_core.h:2057 [inline]\n hci_conn_failed+0x287/0x400 net/bluetooth/hci_conn.c:1266\n hci_abort_conn_sync+0x56c/0x11f0 net/bluetooth/hci_sync.c:5603\n hci_cmd_sync_work+0x22b/0x400 net/bluetooth/hci_sync.c:332\n process_one_work kernel/workqueue.c:3229 [inline]\n process_scheduled_works+0xa66/0x1840 kernel/workqueue.c:3310\n worker_thread+0x870/0xd30 kernel/workqueue.c:3391\n kthread+0x2f0/0x390 kernel/kthread.c:389\n ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entr\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21969",
"url": "https://www.suse.com/security/cve/CVE-2025-21969"
},
{
"category": "external",
"summary": "SUSE Bug 1240784 for CVE-2025-21969",
"url": "https://bugzilla.suse.com/1240784"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21969"
},
{
"cve": "CVE-2025-21970",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21970"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Bridge, fix the crash caused by LAG state check\n\nWhen removing LAG device from bridge, NETDEV_CHANGEUPPER event is\ntriggered. Driver finds the lower devices (PFs) to flush all the\noffloaded entries. And mlx5_lag_is_shared_fdb is checked, it returns\nfalse if one of PF is unloaded. In such case,\nmlx5_esw_bridge_lag_rep_get() and its caller return NULL, instead of\nthe alive PF, and the flush is skipped.\n\nBesides, the bridge fdb entry\u0027s lastuse is updated in mlx5 bridge\nevent handler. But this SWITCHDEV_FDB_ADD_TO_BRIDGE event can be\nignored in this case because the upper interface for bond is deleted,\nand the entry will never be aged because lastuse is never updated.\n\nTo make things worse, as the entry is alive, mlx5 bridge workqueue\nkeeps sending that event, which is then handled by kernel bridge\nnotifier. It causes the following crash when accessing the passed bond\nnetdev which is already destroyed.\n\nTo fix this issue, remove such checks. LAG state is already checked in\ncommit 15f8f168952f (\"net/mlx5: Bridge, verify LAG state when adding\nbond to bridge\"), driver still need to skip offload if LAG becomes\ninvalid state after initialization.\n\n Oops: stack segment: 0000 [#1] SMP\n CPU: 3 UID: 0 PID: 23695 Comm: kworker/u40:3 Tainted: G OE 6.11.0_mlnx #1\n Tainted: [O]=OOT_MODULE, [E]=UNSIGNED_MODULE\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\n Workqueue: mlx5_bridge_wq mlx5_esw_bridge_update_work [mlx5_core]\n RIP: 0010:br_switchdev_event+0x2c/0x110 [bridge]\n Code: 44 00 00 48 8b 02 48 f7 00 00 02 00 00 74 69 41 54 55 53 48 83 ec 08 48 8b a8 08 01 00 00 48 85 ed 74 4a 48 83 fe 02 48 89 d3 \u003c4c\u003e 8b 65 00 74 23 76 49 48 83 fe 05 74 7e 48 83 fe 06 75 2f 0f b7\n RSP: 0018:ffffc900092cfda0 EFLAGS: 00010297\n RAX: ffff888123bfe000 RBX: ffffc900092cfe08 RCX: 00000000ffffffff\n RDX: ffffc900092cfe08 RSI: 0000000000000001 RDI: ffffffffa0c585f0\n RBP: 6669746f6e690a30 R08: 0000000000000000 R09: ffff888123ae92c8\n R10: 0000000000000000 R11: fefefefefefefeff R12: ffff888123ae9c60\n R13: 0000000000000001 R14: ffffc900092cfe08 R15: 0000000000000000\n FS: 0000000000000000(0000) GS:ffff88852c980000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f15914c8734 CR3: 0000000002830005 CR4: 0000000000770ef0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n PKRU: 55555554\n Call Trace:\n \u003cTASK\u003e\n ? __die_body+0x1a/0x60\n ? die+0x38/0x60\n ? do_trap+0x10b/0x120\n ? do_error_trap+0x64/0xa0\n ? exc_stack_segment+0x33/0x50\n ? asm_exc_stack_segment+0x22/0x30\n ? br_switchdev_event+0x2c/0x110 [bridge]\n ? sched_balance_newidle.isra.149+0x248/0x390\n notifier_call_chain+0x4b/0xa0\n atomic_notifier_call_chain+0x16/0x20\n mlx5_esw_bridge_update+0xec/0x170 [mlx5_core]\n mlx5_esw_bridge_update_work+0x19/0x40 [mlx5_core]\n process_scheduled_works+0x81/0x390\n worker_thread+0x106/0x250\n ? bh_worker+0x110/0x110\n kthread+0xb7/0xe0\n ? kthread_park+0x80/0x80\n ret_from_fork+0x2d/0x50\n ? kthread_park+0x80/0x80\n ret_from_fork_asm+0x11/0x20\n \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21970",
"url": "https://www.suse.com/security/cve/CVE-2025-21970"
},
{
"category": "external",
"summary": "SUSE Bug 1240819 for CVE-2025-21970",
"url": "https://bugzilla.suse.com/1240819"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21970"
},
{
"cve": "CVE-2025-21971",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21971"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: Prevent creation of classes with TC_H_ROOT\n\nThe function qdisc_tree_reduce_backlog() uses TC_H_ROOT as a termination\ncondition when traversing up the qdisc tree to update parent backlog\ncounters. However, if a class is created with classid TC_H_ROOT, the\ntraversal terminates prematurely at this class instead of reaching the\nactual root qdisc, causing parent statistics to be incorrectly maintained.\nIn case of DRR, this could lead to a crash as reported by Mingi Cho.\n\nPrevent the creation of any Qdisc class with classid TC_H_ROOT\n(0xFFFFFFFF) across all qdisc types, as suggested by Jamal.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21971",
"url": "https://www.suse.com/security/cve/CVE-2025-21971"
},
{
"category": "external",
"summary": "SUSE Bug 1240799 for CVE-2025-21971",
"url": "https://bugzilla.suse.com/1240799"
},
{
"category": "external",
"summary": "SUSE Bug 1245794 for CVE-2025-21971",
"url": "https://bugzilla.suse.com/1245794"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2025-21971"
},
{
"cve": "CVE-2025-21972",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21972"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mctp: unshare packets when reassembling\n\nEnsure that the frag_list used for reassembly isn\u0027t shared with other\npackets. This avoids incorrect reassembly when packets are cloned, and\nprevents a memory leak due to circular references between fragments and\ntheir skb_shared_info.\n\nThe upcoming MCTP-over-USB driver uses skb_clone which can trigger the\nproblem - other MCTP drivers don\u0027t share SKBs.\n\nA kunit test is added to reproduce the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21972",
"url": "https://www.suse.com/security/cve/CVE-2025-21972"
},
{
"category": "external",
"summary": "SUSE Bug 1240813 for CVE-2025-21972",
"url": "https://bugzilla.suse.com/1240813"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21972"
},
{
"cve": "CVE-2025-21975",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21975"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: handle errors in mlx5_chains_create_table()\n\nIn mlx5_chains_create_table(), the return value of mlx5_get_fdb_sub_ns()\nand mlx5_get_flow_namespace() must be checked to prevent NULL pointer\ndereferences. If either function fails, the function should log error\nmessage with mlx5_core_warn() and return error pointer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21975",
"url": "https://www.suse.com/security/cve/CVE-2025-21975"
},
{
"category": "external",
"summary": "SUSE Bug 1240812 for CVE-2025-21975",
"url": "https://bugzilla.suse.com/1240812"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21975"
},
{
"cve": "CVE-2025-21978",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21978"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/hyperv: Fix address space leak when Hyper-V DRM device is removed\n\nWhen a Hyper-V DRM device is probed, the driver allocates MMIO space for\nthe vram, and maps it cacheable. If the device removed, or in the error\npath for device probing, the MMIO space is released but no unmap is done.\nConsequently the kernel address space for the mapping is leaked.\n\nFix this by adding iounmap() calls in the device removal path, and in the\nerror path during device probing.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21978",
"url": "https://www.suse.com/security/cve/CVE-2025-21978"
},
{
"category": "external",
"summary": "SUSE Bug 1240806 for CVE-2025-21978",
"url": "https://bugzilla.suse.com/1240806"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21978"
},
{
"cve": "CVE-2025-21979",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21979"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: cfg80211: cancel wiphy_work before freeing wiphy\n\nA wiphy_work can be queued from the moment the wiphy is allocated and\ninitialized (i.e. wiphy_new_nm). When a wiphy_work is queued, the\nrdev::wiphy_work is getting queued.\n\nIf wiphy_free is called before the rdev::wiphy_work had a chance to run,\nthe wiphy memory will be freed, and then when it eventally gets to run\nit\u0027ll use invalid memory.\n\nFix this by canceling the work before freeing the wiphy.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21979",
"url": "https://www.suse.com/security/cve/CVE-2025-21979"
},
{
"category": "external",
"summary": "SUSE Bug 1240808 for CVE-2025-21979",
"url": "https://bugzilla.suse.com/1240808"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21979"
},
{
"cve": "CVE-2025-21981",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21981"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: fix memory leak in aRFS after reset\n\nFix aRFS (accelerated Receive Flow Steering) structures memory leak by\nadding a checker to verify if aRFS memory is already allocated while\nconfiguring VSI. aRFS objects are allocated in two cases:\n- as part of VSI initialization (at probe), and\n- as part of reset handling\n\nHowever, VSI reconfiguration executed during reset involves memory\nallocation one more time, without prior releasing already allocated\nresources. This led to the memory leak with the following signature:\n\n[root@os-delivery ~]# cat /sys/kernel/debug/kmemleak\nunreferenced object 0xff3c1ca7252e6000 (size 8192):\n comm \"kworker/0:0\", pid 8, jiffies 4296833052\n hex dump (first 32 bytes):\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace (crc 0):\n [\u003cffffffff991ec485\u003e] __kmalloc_cache_noprof+0x275/0x340\n [\u003cffffffffc0a6e06a\u003e] ice_init_arfs+0x3a/0xe0 [ice]\n [\u003cffffffffc09f1027\u003e] ice_vsi_cfg_def+0x607/0x850 [ice]\n [\u003cffffffffc09f244b\u003e] ice_vsi_setup+0x5b/0x130 [ice]\n [\u003cffffffffc09c2131\u003e] ice_init+0x1c1/0x460 [ice]\n [\u003cffffffffc09c64af\u003e] ice_probe+0x2af/0x520 [ice]\n [\u003cffffffff994fbcd3\u003e] local_pci_probe+0x43/0xa0\n [\u003cffffffff98f07103\u003e] work_for_cpu_fn+0x13/0x20\n [\u003cffffffff98f0b6d9\u003e] process_one_work+0x179/0x390\n [\u003cffffffff98f0c1e9\u003e] worker_thread+0x239/0x340\n [\u003cffffffff98f14abc\u003e] kthread+0xcc/0x100\n [\u003cffffffff98e45a6d\u003e] ret_from_fork+0x2d/0x50\n [\u003cffffffff98e083ba\u003e] ret_from_fork_asm+0x1a/0x30\n ...",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21981",
"url": "https://www.suse.com/security/cve/CVE-2025-21981"
},
{
"category": "external",
"summary": "SUSE Bug 1240612 for CVE-2025-21981",
"url": "https://bugzilla.suse.com/1240612"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21981"
},
{
"cve": "CVE-2025-21991",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21991"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes\n\nCurrently, load_microcode_amd() iterates over all NUMA nodes, retrieves their\nCPU masks and unconditionally accesses per-CPU data for the first CPU of each\nmask.\n\nAccording to Documentation/admin-guide/mm/numaperf.rst:\n\n \"Some memory may share the same node as a CPU, and others are provided as\n memory only nodes.\"\n\nTherefore, some node CPU masks may be empty and wouldn\u0027t have a \"first CPU\".\n\nOn a machine with far memory (and therefore CPU-less NUMA nodes):\n- cpumask_of_node(nid) is 0\n- cpumask_first(0) is CONFIG_NR_CPUS\n- cpu_data(CONFIG_NR_CPUS) accesses the cpu_info per-CPU array at an\n index that is 1 out of bounds\n\nThis does not have any security implications since flashing microcode is\na privileged operation but I believe this has reliability implications by\npotentially corrupting memory while flashing a microcode update.\n\nWhen booting with CONFIG_UBSAN_BOUNDS=y on an AMD machine that flashes\na microcode update. I get the following splat:\n\n UBSAN: array-index-out-of-bounds in arch/x86/kernel/cpu/microcode/amd.c:X:Y\n index 512 is out of range for type \u0027unsigned long[512]\u0027\n [...]\n Call Trace:\n dump_stack\n __ubsan_handle_out_of_bounds\n load_microcode_amd\n request_microcode_amd\n reload_store\n kernfs_fop_write_iter\n vfs_write\n ksys_write\n do_syscall_64\n entry_SYSCALL_64_after_hwframe\n\nChange the loop to go over only NUMA nodes which have CPUs before determining\nwhether the first CPU on the respective node needs microcode update.\n\n [ bp: Massage commit message, fix typo. ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21991",
"url": "https://www.suse.com/security/cve/CVE-2025-21991"
},
{
"category": "external",
"summary": "SUSE Bug 1240795 for CVE-2025-21991",
"url": "https://bugzilla.suse.com/1240795"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21991"
},
{
"cve": "CVE-2025-21992",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21992"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: ignore non-functional sensor in HP 5MP Camera\n\nThe HP 5MP Camera (USB ID 0408:5473) reports a HID sensor interface that\nis not actually implemented. Attempting to access this non-functional\nsensor via iio_info causes system hangs as runtime PM tries to wake up\nan unresponsive sensor.\n\n [453] hid-sensor-hub 0003:0408:5473.0003: Report latency attributes: ffffffff:ffffffff\n [453] hid-sensor-hub 0003:0408:5473.0003: common attributes: 5:1, 2:1, 3:1 ffffffff:ffffffff\n\nAdd this device to the HID ignore list since the sensor interface is\nnon-functional by design and should not be exposed to userspace.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21992",
"url": "https://www.suse.com/security/cve/CVE-2025-21992"
},
{
"category": "external",
"summary": "SUSE Bug 1240796 for CVE-2025-21992",
"url": "https://bugzilla.suse.com/1240796"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21992"
},
{
"cve": "CVE-2025-21993",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21993"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic()\n\nWhen performing an iSCSI boot using IPv6, iscsistart still reads the\n/sys/firmware/ibft/ethernetX/subnet-mask entry. Since the IPv6 prefix\nlength is 64, this causes the shift exponent to become negative,\ntriggering a UBSAN warning. As the concept of a subnet mask does not\napply to IPv6, the value is set to ~0 to suppress the warning message.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21993",
"url": "https://www.suse.com/security/cve/CVE-2025-21993"
},
{
"category": "external",
"summary": "SUSE Bug 1240797 for CVE-2025-21993",
"url": "https://bugzilla.suse.com/1240797"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21993"
},
{
"cve": "CVE-2025-21995",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21995"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/sched: Fix fence reference count leak\n\nThe last_scheduled fence leaks when an entity is being killed and adding\nthe cleanup callback fails.\n\nDecrement the reference count of prev when dma_fence_add_callback()\nfails, ensuring proper balance.\n\n[phasta: add git tag info for stable kernel]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21995",
"url": "https://www.suse.com/security/cve/CVE-2025-21995"
},
{
"category": "external",
"summary": "SUSE Bug 1240821 for CVE-2025-21995",
"url": "https://bugzilla.suse.com/1240821"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21995"
},
{
"cve": "CVE-2025-21996",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21996"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/radeon: fix uninitialized size issue in radeon_vce_cs_parse()\n\nOn the off chance that command stream passed from userspace via\nioctl() call to radeon_vce_cs_parse() is weirdly crafted and\nfirst command to execute is to encode (case 0x03000001), the function\nin question will attempt to call radeon_vce_cs_reloc() with size\nargument that has not been properly initialized. Specifically, \u0027size\u0027\nwill point to \u0027tmp\u0027 variable before the latter had a chance to be\nassigned any value.\n\nPlay it safe and init \u0027tmp\u0027 with 0, thus ensuring that\nradeon_vce_cs_reloc() will catch an early error in cases like these.\n\nFound by Linux Verification Center (linuxtesting.org) with static\nanalysis tool SVACE.\n\n(cherry picked from commit 2d52de55f9ee7aaee0e09ac443f77855989c6b68)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21996",
"url": "https://www.suse.com/security/cve/CVE-2025-21996"
},
{
"category": "external",
"summary": "SUSE Bug 1240801 for CVE-2025-21996",
"url": "https://bugzilla.suse.com/1240801"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21996"
},
{
"cve": "CVE-2025-22001",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22001"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\naccel/qaic: Fix integer overflow in qaic_validate_req()\n\nThese are u64 variables that come from the user via\nqaic_attach_slice_bo_ioctl(). Use check_add_overflow() to ensure that\nthe math doesn\u0027t have an integer wrapping bug.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22001",
"url": "https://www.suse.com/security/cve/CVE-2025-22001"
},
{
"category": "external",
"summary": "SUSE Bug 1240873 for CVE-2025-22001",
"url": "https://bugzilla.suse.com/1240873"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-22001"
},
{
"cve": "CVE-2025-22003",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22003"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: ucan: fix out of bound read in strscpy() source\n\nCommit 7fdaf8966aae (\"can: ucan: use strscpy() to instead of strncpy()\")\nunintentionally introduced a one byte out of bound read on strscpy()\u0027s\nsource argument (which is kind of ironic knowing that strscpy() is meant\nto be a more secure alternative :)).\n\nLet\u0027s consider below buffers:\n\n dest[len + 1]; /* will be NUL terminated */\n src[len]; /* may not be NUL terminated */\n\nWhen doing:\n\n strncpy(dest, src, len);\n dest[len] = \u0027\\0\u0027;\n\nstrncpy() will read up to len bytes from src.\n\nOn the other hand:\n\n strscpy(dest, src, len + 1);\n\nwill read up to len + 1 bytes from src, that is to say, an out of bound\nread of one byte will occur on src if it is not NUL terminated. Note\nthat the src[len] byte is never copied, but strscpy() still needs to\nread it to check whether a truncation occurred or not.\n\nThis exact pattern happened in ucan.\n\nThe root cause is that the source is not NUL terminated. Instead of\ndoing a copy in a local buffer, directly NUL terminate it as soon as\nusb_control_msg() returns. With this, the local firmware_str[] variable\ncan be removed.\n\nOn top of this do a couple refactors:\n\n - ucan_ctl_payload-\u003eraw is only used for the firmware string, so\n rename it to ucan_ctl_payload-\u003efw_str and change its type from u8 to\n char.\n\n - ucan_device_request_in() is only used to retrieve the firmware\n string, so rename it to ucan_get_fw_str() and refactor it to make it\n directly handle all the string termination logic.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22003",
"url": "https://www.suse.com/security/cve/CVE-2025-22003"
},
{
"category": "external",
"summary": "SUSE Bug 1240825 for CVE-2025-22003",
"url": "https://bugzilla.suse.com/1240825"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-22003"
},
{
"cve": "CVE-2025-22007",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22007"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: Fix error code in chan_alloc_skb_cb()\n\nThe chan_alloc_skb_cb() function is supposed to return error pointers on\nerror. Returning NULL will lead to a NULL dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22007",
"url": "https://www.suse.com/security/cve/CVE-2025-22007"
},
{
"category": "external",
"summary": "SUSE Bug 1240829 for CVE-2025-22007",
"url": "https://bugzilla.suse.com/1240829"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-22007"
},
{
"cve": "CVE-2025-22008",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22008"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nregulator: check that dummy regulator has been probed before using it\n\nDue to asynchronous driver probing there is a chance that the dummy\nregulator hasn\u0027t already been probed when first accessing it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22008",
"url": "https://www.suse.com/security/cve/CVE-2025-22008"
},
{
"category": "external",
"summary": "SUSE Bug 1240942 for CVE-2025-22008",
"url": "https://bugzilla.suse.com/1240942"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-22008"
},
{
"cve": "CVE-2025-22009",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22009"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nregulator: dummy: force synchronous probing\n\nSometimes I get a NULL pointer dereference at boot time in kobject_get()\nwith the following call stack:\n\nanatop_regulator_probe()\n devm_regulator_register()\n regulator_register()\n regulator_resolve_supply()\n kobject_get()\n\nBy placing some extra BUG_ON() statements I could verify that this is\nraised because probing of the \u0027dummy\u0027 regulator driver is not completed\n(\u0027dummy_regulator_rdev\u0027 is still NULL).\n\nIn the JTAG debugger I can see that dummy_regulator_probe() and\nanatop_regulator_probe() can be run by different kernel threads\n(kworker/u4:*). I haven\u0027t further investigated whether this can be\nchanged or if there are other possibilities to force synchronization\nbetween these two probe routines. On the other hand I don\u0027t expect much\nboot time penalty by probing the \u0027dummy\u0027 regulator synchronously.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22009",
"url": "https://www.suse.com/security/cve/CVE-2025-22009"
},
{
"category": "external",
"summary": "SUSE Bug 1240940 for CVE-2025-22009",
"url": "https://bugzilla.suse.com/1240940"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-22009"
},
{
"cve": "CVE-2025-22010",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22010"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/hns: Fix soft lockup during bt pages loop\n\nDriver runs a for-loop when allocating bt pages and mapping them with\nbuffer pages. When a large buffer (e.g. MR over 100GB) is being allocated,\nit may require a considerable loop count. This will lead to soft lockup:\n\n watchdog: BUG: soft lockup - CPU#27 stuck for 22s!\n ...\n Call trace:\n hem_list_alloc_mid_bt+0x124/0x394 [hns_roce_hw_v2]\n hns_roce_hem_list_request+0xf8/0x160 [hns_roce_hw_v2]\n hns_roce_mtr_create+0x2e4/0x360 [hns_roce_hw_v2]\n alloc_mr_pbl+0xd4/0x17c [hns_roce_hw_v2]\n hns_roce_reg_user_mr+0xf8/0x190 [hns_roce_hw_v2]\n ib_uverbs_reg_mr+0x118/0x290\n\n watchdog: BUG: soft lockup - CPU#35 stuck for 23s!\n ...\n Call trace:\n hns_roce_hem_list_find_mtt+0x7c/0xb0 [hns_roce_hw_v2]\n mtr_map_bufs+0xc4/0x204 [hns_roce_hw_v2]\n hns_roce_mtr_create+0x31c/0x3c4 [hns_roce_hw_v2]\n alloc_mr_pbl+0xb0/0x160 [hns_roce_hw_v2]\n hns_roce_reg_user_mr+0x108/0x1c0 [hns_roce_hw_v2]\n ib_uverbs_reg_mr+0x120/0x2bc\n\nAdd a cond_resched() to fix soft lockup during these loops. In order not\nto affect the allocation performance of normal-size buffer, set the loop\ncount of a 100GB MR as the threshold to call cond_resched().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22010",
"url": "https://www.suse.com/security/cve/CVE-2025-22010"
},
{
"category": "external",
"summary": "SUSE Bug 1240943 for CVE-2025-22010",
"url": "https://bugzilla.suse.com/1240943"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-22010"
},
{
"cve": "CVE-2025-22013",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22013"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: arm64: Unconditionally save+flush host FPSIMD/SVE/SME state\n\nThere are several problems with the way hyp code lazily saves the host\u0027s\nFPSIMD/SVE state, including:\n\n* Host SVE being discarded unexpectedly due to inconsistent\n configuration of TIF_SVE and CPACR_ELx.ZEN. This has been seen to\n result in QEMU crashes where SVE is used by memmove(), as reported by\n Eric Auger:\n\n https://issues.redhat.com/browse/RHEL-68997\n\n* Host SVE state is discarded *after* modification by ptrace, which was an\n unintentional ptrace ABI change introduced with lazy discarding of SVE state.\n\n* The host FPMR value can be discarded when running a non-protected VM,\n where FPMR support is not exposed to a VM, and that VM uses\n FPSIMD/SVE. In these cases the hyp code does not save the host\u0027s FPMR\n before unbinding the host\u0027s FPSIMD/SVE/SME state, leaving a stale\n value in memory.\n\nAvoid these by eagerly saving and \"flushing\" the host\u0027s FPSIMD/SVE/SME\nstate when loading a vCPU such that KVM does not need to save any of the\nhost\u0027s FPSIMD/SVE/SME state. For clarity, fpsimd_kvm_prepare() is\nremoved and the necessary call to fpsimd_save_and_flush_cpu_state() is\nplaced in kvm_arch_vcpu_load_fp(). As \u0027fpsimd_state\u0027 and \u0027fpmr_ptr\u0027\nshould not be used, they are set to NULL; all uses of these will be\nremoved in subsequent patches.\n\nHistorical problems go back at least as far as v5.17, e.g. erroneous\nassumptions about TIF_SVE being clear in commit:\n\n 8383741ab2e773a9 (\"KVM: arm64: Get rid of host SVE tracking/saving\")\n\n... and so this eager save+flush probably needs to be backported to ALL\nstable trees.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22013",
"url": "https://www.suse.com/security/cve/CVE-2025-22013"
},
{
"category": "external",
"summary": "SUSE Bug 1240938 for CVE-2025-22013",
"url": "https://bugzilla.suse.com/1240938"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-22013"
},
{
"cve": "CVE-2025-22014",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22014"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: qcom: pdr: Fix the potential deadlock\n\nWhen some client process A call pdr_add_lookup() to add the look up for\nthe service and does schedule locator work, later a process B got a new\nserver packet indicating locator is up and call pdr_locator_new_server()\nwhich eventually sets pdr-\u003elocator_init_complete to true which process A\nsees and takes list lock and queries domain list but it will timeout due\nto deadlock as the response will queued to the same qmi-\u003ewq and it is\nordered workqueue and process B is not able to complete new server\nrequest work due to deadlock on list lock.\n\nFix it by removing the unnecessary list iteration as the list iteration\nis already being done inside locator work, so avoid it here and just\ncall schedule_work() here.\n\n Process A Process B\n\n process_scheduled_works()\npdr_add_lookup() qmi_data_ready_work()\n process_scheduled_works() pdr_locator_new_server()\n pdr-\u003elocator_init_complete=true;\n pdr_locator_work()\n mutex_lock(\u0026pdr-\u003elist_lock);\n\n pdr_locate_service() mutex_lock(\u0026pdr-\u003elist_lock);\n\n pdr_get_domain_list()\n pr_err(\"PDR: %s get domain list\n txn wait failed: %d\\n\",\n req-\u003eservice_name,\n ret);\n\nTimeout error log due to deadlock:\n\n\"\n PDR: tms/servreg get domain list txn wait failed: -110\n PDR: service lookup for msm/adsp/sensor_pd:tms/servreg failed: -110\n\"\n\nThanks to Bjorn and Johan for letting me know that this commit also fixes\nan audio regression when using the in-kernel pd-mapper as that makes it\neasier to hit this race. [1]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22014",
"url": "https://www.suse.com/security/cve/CVE-2025-22014"
},
{
"category": "external",
"summary": "SUSE Bug 1240937 for CVE-2025-22014",
"url": "https://bugzilla.suse.com/1240937"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-22014"
},
{
"cve": "CVE-2025-2312",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-2312"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in cifs-utils. When trying to obtain Kerberos credentials, the cifs.upcall program from the cifs-utils package makes an upcall to the wrong namespace in containerized environments. This issue may lead to disclosing sensitive data from the host\u0027s Kerberos credentials cache.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-2312",
"url": "https://www.suse.com/security/cve/CVE-2025-2312"
},
{
"category": "external",
"summary": "SUSE Bug 1239680 for CVE-2025-2312",
"url": "https://bugzilla.suse.com/1239680"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-2312"
}
]
}
SUSE-SU-2025:20260-1
Vulnerability from csaf_suse - Published: 2025-04-17 09:25 - Updated: 2025-04-17 09:25Summary
Security update for the Linux Kernel
Notes
Title of the patch
Security update for the Linux Kernel
Description of the patch
The SUSE Linux Enterprise Micro 6.0 and 6.1 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2023-52927: netfilter: allow exp not to be removed in nf_ct_find_expectation (bsc#1239644).
- CVE-2024-26708: mptcp: fix inconsistent state on fastopen race (bsc#1222672).
- CVE-2024-35910: tcp: properly terminate timers for kernel sockets (bsc#1224489).
- CVE-2024-40980: drop_monitor: replace spin_lock by raw_spin_lock (bsc#1227937).
- CVE-2024-41005: netpoll: Fix race condition in netpoll_owner_active (bsc#1227858).
- CVE-2024-44974: mptcp: pm: avoid possible UaF when selecting endp (bsc#1230235).
- CVE-2024-45009: mptcp: pm: only decrement add_addr_accepted for MPJ req (bsc#1230438).
- CVE-2024-45010: mptcp: pm: only mark 'subflow' endp as available (bsc#1230439).
- CVE-2024-46782: ila: call nf_unregister_net_hooks() sooner (bsc#1230769).
- CVE-2024-46858: mptcp: pm: Fix uaf in __timer_delete_sync (bsc#1231088).
- CVE-2024-47408: net/smc: check smcd_v2_ext_offset when receiving proposal msg (bsc#1235711).
- CVE-2024-47794: kABI: bpf: Prevent tailcall infinite loop caused by freplace kABI workaround (bsc#1235712).
- CVE-2024-49571: net/smc: check iparea_offset and ipv6_prefixes_cnt when receiving proposal msg (bsc#1235733).
- CVE-2024-49940: kABI fix for l2tp: prevent possible tunnel refcount underflow (bsc#1232812).
- CVE-2024-50029: Bluetooth: hci_conn: Fix UAF in hci_enhanced_setup_sync (bsc#1231949).
- CVE-2024-50036: net: do not delay dst_entries_add() in dst_release() (bsc#1231912).
- CVE-2024-50056: usb: gadget: uvc: Fix ERR_PTR dereference in uvc_v4l2.c (bsc#1232389).
- CVE-2024-50085: mptcp: pm: fix UaF read in mptcp_pm_nl_rm_addr_or_subflow (bsc#1232508).
- CVE-2024-50140: net: sched: use RCU read-side critical section in taprio_dump() (bsc#1233060).
- CVE-2024-50142: xfrm: validate new SA's prefixlen using SA family when sel.family is unset (bsc#1233028).
- CVE-2024-50185: kABI fix for mptcp: handle consistently DSS corruption (bsc#1233109).
- CVE-2024-50251: netfilter: nft_payload: sanitize offset and length before calling skb_checksum() (bsc#1233248).
- CVE-2024-50258: net: fix crash when config small gso_max_size/gso_ipv4_max_size (bsc#1233221).
- CVE-2024-50294: rxrpc: Fix missing locking causing hanging calls (bsc#1233483).
- CVE-2024-50304: ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_find() (bsc#1233522).
- CVE-2024-53057: net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT (bsc#1233551).
- CVE-2024-53123: mptcp: error out earlier on disconnect (bsc#1234070).
- CVE-2024-53140: netlink: terminate outstanding dump on socket close (bsc#1234222).
- CVE-2024-53147: exfat: fix out-of-bounds access of directory entries (bsc#1234857).
- CVE-2024-53176: smb: During unmount, ensure all cached dir instances drop their dentry (bsc#1234894).
- CVE-2024-53177: smb: prevent use-after-free due to open_cached_dir error paths (bsc#1234896).
- CVE-2024-53178: smb: Do not leak cfid when reconnect races with open_cached_dir (bsc#1234895).
- CVE-2024-53680: ipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init() (bsc#1235715).
- CVE-2024-54683: netfilter: IDLETIMER: Fix for possible ABBA deadlock (bsc#1235729).
- CVE-2024-56592: bpf: Call free_htab_elem() after htab_unlock_bucket() (bsc#1235244).
- CVE-2024-56633: selftests/bpf: Add apply_bytes test to test_txmsg_redir_wait_sndmem in test_sockmap (bsc#1235485).
- CVE-2024-56638: kABI fix for "netfilter: nft_inner: incorrect percpu area handling under softirq" (bsc#1235524).
- CVE-2024-56640: net/smc: fix LGR and link use-after-free issue (bsc#1235436).
- CVE-2024-56647: net: Fix icmp host relookup triggering ip_rt_bug (bsc#1235435).
- CVE-2024-56658: net: defer final 'struct net' free in netns dismantle (bsc#1235441).
- CVE-2024-56702: bpf: Add tracepoints with null-able arguments (bsc#1235501).
- CVE-2024-56703: ipv6: Fix soft lockups in fib6_select_path under high next hop churn (bsc#1235455).
- CVE-2024-56718: net/smc: protect link down work from execute after lgr freed (bsc#1235589).
- CVE-2024-56719: net: stmmac: fix TSO DMA API usage causing oops (bsc#1235591).
- CVE-2024-56720: bpf, sockmap: Several fixes to bpf_msg_pop_data (bsc#1235592).
- CVE-2024-56751: ipv6: release nexthop on device removal (bsc#1234936).
- CVE-2024-56758: btrfs: check folio mapping after unlock in relocate_one_folio() (bsc#1235621).
- CVE-2024-56770: net/sched: netem: account for backlog updates from child qdisc (bsc#1235637).
- CVE-2024-57882: mptcp: fix TCP options overflow. (bsc#1235914).
- CVE-2024-57900: ila: serialize calls to nf_register_net_hooks() (bsc#1235973).
- CVE-2024-57947: netfilter: nf_set_pipapo: fix initial map fill (bsc#1236333).
- CVE-2024-57974: udp: Deal with race between UDP socket address change and rehash (bsc#1238532).
- CVE-2024-57979: kABI workaround for pps changes (bsc#1238521).
- CVE-2024-57994: ptr_ring: do not block hard interrupts in ptr_ring_resize_multiple() (bsc#1237901).
- CVE-2024-57996: net_sched: sch_sfq: do not allow 1 packet limit (bsc#1239076).
- CVE-2024-58012: ASoC: SOF: Intel: hda-dai: Ensure DAI widget is valid during params (bsc#1239104).
- CVE-2024-58019: nvkm/gsp: correctly advance the read pointer of GSP message queue (bsc#1238997).
- CVE-2024-58083: KVM: Explicitly verify target vCPU is online in kvm_get_vcpu() (bsc#1239036).
- CVE-2025-21635: rds: sysctl: rds_tcp_{rcv,snd}buf: avoid using current->nsproxy (bsc#1236111).
- CVE-2025-21636: sctp: sysctl: plpmtud_probe_interval: avoid using current->nsproxy (bsc#1236113).
- CVE-2025-21637: sctp: sysctl: udp_port: avoid using current->nsproxy (bsc#1236114).
- CVE-2025-21638: sctp: sysctl: auth_enable: avoid using current->nsproxy (bsc#1236115).
- CVE-2025-21639: sctp: sysctl: rto_min/max: avoid using current->nsproxy (bsc#1236122).
- CVE-2025-21640: sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy (bsc#1236123).
- CVE-2025-21647: sched: sch_cake: add bounds checks to host bulk flow fairness counts (bsc#1236133).
- CVE-2025-21659: netdev: prevent accessing NAPI instances from another namespace (bsc#1236206).
- CVE-2025-21665: filemap: avoid truncating 64-bit offset to 32 bits (bsc#1236684).
- CVE-2025-21666: vsock: prevent null-ptr-deref in vsock_*[has_data|has_space] (bsc#1236680).
- CVE-2025-21667: iomap: avoid avoid truncating 64-bit offset to 32 bits (bsc#1236681).
- CVE-2025-21668: pmdomain: imx8mp-blk-ctrl: add missing loop break condition (bsc#1236682).
- CVE-2025-21669: vsock/virtio: discard packets if the transport changes (bsc#1236683).
- CVE-2025-21670: vsock/bpf: return early if transport is not assigned (bsc#1236685).
- CVE-2025-21673: smb: client: fix double free of TCP_Server_Info::hostname (bsc#1236689).
- CVE-2025-21675: net/mlx5: Clear port select structure when fail to create (bsc#1236694).
- CVE-2025-21678: gtp: Destroy device along with udp socket's netns dismantle (bsc#1236698).
- CVE-2025-21680: pktgen: Avoid out-of-bounds access in get_imix_entries (bsc#1236700).
- CVE-2025-21681: openvswitch: fix lockup on tx to unregistering netdev with carrier (bsc#1236702).
- CVE-2025-21687: vfio/platform: check the bounds of read/write syscalls (bsc#1237045).
- CVE-2025-21692: net: sched: fix ets qdisc OOB Indexing (bsc#1237028).
- CVE-2025-21693: mm: zswap: properly synchronize freeing resources during CPU hotunplug (bsc#1237029).
- CVE-2025-21700: net: sched: Disallow replacing of child qdisc from one parent to another (bsc#1237159).
- CVE-2025-21701: net: avoid race between device unregistration and ethnl ops (bsc#1237164).
- CVE-2025-21703: netem: Update sch->q.qlen before qdisc_tree_reduce_backlog() (bsc#1237313).
- CVE-2025-21705: mptcp: handle fastopen disconnect correctly (bsc#1238525).
- CVE-2025-21706: mptcp: pm: only set fullmesh for subflow endp (bsc#1238528).
- CVE-2025-21715: net: davicom: fix UAF in dm9000_drv_remove (bsc#1237889).
- CVE-2025-21716: vxlan: Fix uninit-value in vxlan_vnifilter_dump() (bsc#1237891).
- CVE-2025-21719: ipmr: do not call mr_mfc_uses_dev() for unres entries (bsc#1238860).
- CVE-2025-21724: iommufd/iova_bitmap: Fix shift-out-of-bounds in iova_bitmap_offset_to_index() (bsc#1238863).
- CVE-2025-21725: smb: client: fix oops due to unset link speed (bsc#1238877).
- CVE-2025-21728: bpf: Send signals asynchronously if !preemptible (bsc#1237879).
- CVE-2025-21733: tracing/osnoise: Fix resetting of tracepoints (bsc#1238494).
- CVE-2025-21739: kABI: ufshcd: add ufshcd_dealloc_host back (bsc#1238506).
- CVE-2025-21753: btrfs: fix use-after-free when attempting to join an aborted transaction (bsc#1237875).
- CVE-2025-21754: btrfs: fix assertion failure when splitting ordered extent after transaction abort (bsc#1238496).
- CVE-2025-21759: ipv6: mcast: extend RCU protection in igmp6_send() (bsc#1238738).
- CVE-2025-21760: ndisc: extend RCU protection in ndisc_send_skb() (bsc#1238763).
- CVE-2025-21761: openvswitch: use RCU protection in ovs_vport_cmd_fill_info() (bsc#1238775).
- CVE-2025-21762: arp: use RCU protection in arp_xmit() (bsc#1238780).
- CVE-2025-21763: neighbour: use RCU protection in __neigh_notify() (bsc#1237897).
- CVE-2025-21765: ipv6: use RCU protection in ip6_default_advmss() (bsc#1237906).
- CVE-2025-21766: ipv4: use RCU protection in __ip_rt_update_pmtu() (bsc#1238754).
- CVE-2025-21767: clocksource: Use migrate_disable() to avoid calling get_random_u32() in atomic context (bsc#1238509).
- CVE-2025-21790: vxlan: check vxlan_vnigroup_init() return value (bsc#1238753).
- CVE-2025-21791: vrf: use RCU protection in l3mdev_l3_out() (bsc#1238512).
- CVE-2025-21795: NFSD: fix hang in nfsd4_shutdown_callback (bsc#1238759).
- CVE-2025-21799: net: ethernet: ti: am65-cpsw: fix freeing IRQ in am65_cpsw_nuss_remove_tx_chns() (bsc#1238739).
- CVE-2025-21802: net: hns3: fix oops when unload drivers paralleling (bsc#1238751).
- CVE-2025-21825: selftests/bpf: Add test case for the freeing of bpf_timer (bsc#1238971).
- CVE-2025-21844: smb: client: Add check for next_buffer in receive_encrypted_standard() (bsc#1239512).
- CVE-2025-21848: nfp: bpf: Add check for nfp_app_ctrl_msg_alloc() (bsc#1239479).
- CVE-2025-21856: s390/ism: add release function for struct device (bsc#1239486).
- CVE-2025-21857: net/sched: cls_api: fix error handling causing NULL dereference (bsc#1239478).
- CVE-2025-21861: mm/migrate_device: do not add folio to be freed to LRU in migrate_device_finalize() (bsc#1239483).
- CVE-2025-21862: drop_monitor: fix incorrect initialization order (bsc#1239474).
- CVE-2025-21864: kABI fix for tcp: drop secpath at the same time as we currently drop (bsc#1239482).
- CVE-2025-21865: gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl() (bsc#1239481).
- CVE-2025-21870: ASoC: SOF: ipc4-topology: Harden loops for looking up ALH copiers (bsc#1240191).
- CVE-2025-21871: tee: optee: Fix supplicant wait loop (bsc#1240183).
- CVE-2025-21883: ice: Fix deinitializing VF in error path (bsc#1240189).
- CVE-2025-21890: idpf: fix checksums set in idpf_rx_rsc() (bsc#1240173).
- CVE-2025-21891: ipvlan: ensure network headers are in skb linear part (bsc#1240186).
The following non-security bugs were fixed:
- ACPI: PRM: Remove unnecessary strict handler address checks (git-fixes).
- ACPI: processor: idle: Return an error if both P_LVL{2,3} idle states are invalid (bsc#1237530).
- ACPI: property: Fix return value for nval == 0 in acpi_data_prop_read() (git-fixes).
- ACPI: resource: IRQ override for Eluktronics MECH-17 (stable-fixes).
- ACPI: x86: Add skip i2c clients quirk for Vexia EDU ATLA 10 tablet 5V (stable-fixes).
- ALSA: hda/cirrus: Correct the full scale volume set logic (git-fixes).
- ALSA: hda/conexant: Add quirk for HP ProBook 450 G4 mute LED (stable-fixes).
- ALSA: hda/realtek - add supported Mic Mute LED for Lenovo platform (stable-fixes).
- ALSA: hda/realtek: Add mute LED quirk for HP Pavilion x360 14-dy1xxx (stable-fixes).
- ALSA: hda/realtek: Add support for ASUS B3405 and B3605 Laptops using CS35L41 HDA (stable-fixes).
- ALSA: hda/realtek: Add support for ASUS B5405 and B5605 Laptops using CS35L41 HDA (stable-fixes).
- ALSA: hda/realtek: Add support for ASUS ROG Strix G614 Laptops using CS35L41 HDA (stable-fixes).
- ALSA: hda/realtek: Add support for ASUS ROG Strix G814 Laptop using CS35L41 HDA (stable-fixes).
- ALSA: hda/realtek: Add support for ASUS ROG Strix GA603 Laptops using CS35L41 HDA (stable-fixes).
- ALSA: hda/realtek: Add support for ASUS Zenbook UM3406KA Laptops using CS35L41 HDA (stable-fixes).
- ALSA: hda/realtek: Add support for various ASUS Laptops using CS35L41 HDA (stable-fixes).
- ALSA: hda/realtek: Add support for various HP Laptops using CS35L41 HDA (stable-fixes).
- ALSA: hda/realtek: Always honor no_shutup_pins (git-fixes).
- ALSA: hda/realtek: Fix Asus Z13 2025 audio (stable-fixes).
- ALSA: hda/realtek: Fix built-in mic assignment on ASUS VivoBook X515UA (git-fixes).
- ALSA: hda/realtek: Fix microphone regression on ASUS N705UD (git-fixes).
- ALSA: hda/realtek: Fix wrong mic setup for ASUS VivoBook 15 (git-fixes).
- ALSA: hda/realtek: Fixup ALC225 depop procedure (git-fixes).
- ALSA: hda/realtek: Limit mic boost on Positivo ARN50 (stable-fixes).
- ALSA: hda/realtek: Remove (revert) duplicate Ally X config (git-fixes).
- ALSA: hda/realtek: Support mute LED on HP Laptop 15s-du3xxx (stable-fixes).
- ALSA: hda/realtek: update ALC222 depop optimize (stable-fixes).
- ALSA: hda: Add error check for snd_ctl_rename_id() in snd_hda_create_dig_out_ctls() (git-fixes).
- ALSA: hda: Fix speakers on ASUS EXPERTBOOK P5405CSA 1.0 (stable-fixes).
- ALSA: hda: intel: Add Dell ALC3271 to power_save denylist (stable-fixes).
- ALSA: hda: realtek: fix incorrect IS_REACHABLE() usage (git-fixes).
- ALSA: pcm: Drop superfluous NULL check in snd_pcm_format_set_silence() (git-fixes).
- ALSA: seq: Avoid module auto-load handling at event delivery (stable-fixes).
- ALSA: seq: Drop UMP events when no UMP-conversion is set (git-fixes).
- ALSA: seq: Make dependency on UMP clearer (git-fixes).
- ALSA: seq: remove redundant 'tristate' for SND_SEQ_UMP_CLIENT (stable-fixes).
- ALSA: usb-audio: Add quirk for Plantronics headsets to fix control names (stable-fixes).
- ALSA: usb-audio: Avoid dropping MIDI events at closing multiple ports (git-fixes).
- ALSA: usb-audio: Re-add sample rate quirk for Pioneer DJM-900NXS2 (stable-fixes).
- ALSA: usb-audio: separate DJM-A9 cap lvl options (git-fixes).
- ALSA: usx2y: validate nrpacks module parameter on probe (git-fixes).
- APEI: GHES: Have GHES honor the panic= setting (stable-fixes).
- ASoC: Intel: avs: Abstract IPC handling (stable-fixes).
- ASoC: Intel: avs: Do not readq() u32 registers (git-fixes).
- ASoC: Intel: avs: Prefix SKL/APL-specific members (stable-fixes).
- ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet 5V (stable-fixes).
- ASoC: SOF: Intel: hda: add softdep pre to snd-hda-codec-hdmi module (stable-fixes).
- ASoC: SOF: amd: Handle IPC replies before FW_BOOT_COMPLETE (stable-fixes).
- ASoC: SOF: pcm: Clear the susbstream pointer to NULL on close (git-fixes).
- ASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data() (git-fixes).
- ASoC: amd: Add ACPI dependency to fix build error (stable-fixes).
- ASoC: amd: yc: Support mic on another Lenovo ThinkPad E16 Gen 2 model (stable-fixes).
- ASoC: arizona/madera: use fsleep() in up/down DAPM event delays (stable-fixes).
- ASoC: codecs: wm0010: Fix error handling path in wm0010_spi_probe() (git-fixes).
- ASoC: cs35l41: check the return value from spi_setup() (git-fixes).
- ASoC: es8328: fix route from DAC to output (git-fixes).
- ASoC: fsl_micfil: Enable default case in micfil_set_quality() (git-fixes).
- ASoC: ops: Consistently treat platform_max as control value (git-fixes).
- ASoC: rockchip: i2s-tdm: fix shift config for SND_SOC_DAIFMT_DSP_[AB] (git-fixes).
- ASoC: rt722-sdca: add missing readable registers (git-fixes).
- ASoC: tas2764: Fix power control mask (stable-fixes).
- ASoC: tas2764: Set the SDOUT polarity correctly (stable-fixes).
- ASoC: tas2770: Fix volume scale (stable-fixes).
- ASoC: ti: j721e-evm: Fix clock configuration for ti,j7200-cpb-audio compatible (git-fixes).
- Bluetooth: Add check for mgmt_alloc_skb() in mgmt_device_connected() (git-fixes).
- Bluetooth: Add check for mgmt_alloc_skb() in mgmt_remote_name() (git-fixes).
- Bluetooth: Fix error code in chan_alloc_skb_cb() (git-fixes).
- Bluetooth: HCI: Add definition of hci_rp_remote_name_req_cancel (git-fixes).
- Bluetooth: Improve setsockopt() handling of malformed user input (git-fixes).
- Bluetooth: L2CAP: Fix L2CAP_ECRED_CONN_RSP response (git-fixes).
- Bluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync (stable-fixes).
- Bluetooth: hci_event: Fix connection regression between LE and non-LE adapters (git-fixes).
- Bluetooth: hci_event: Fix enabling passive scanning (git-fixes).
- Documentation: qat: fix auto_reset attribute details (git-fixes).
- Documentation: qat: fix auto_reset section (git-fixes).
- Drivers: hv: vmbus: Do not release fb_mmio resource in vmbus_free_mmio() (git-fixes).
- Fix memory-hotplug regression (bsc#1237504)
- Grab mm lock before grabbing pt lock (git-fixes).
- HID: Enable playstation driver independently of sony driver (git-fixes).
- HID: Wacom: Add PCI Wacom device support (stable-fixes).
- HID: apple: disable Fn key handling on the Omoton KB066 (git-fixes).
- HID: apple: fix up the F6 key on the Omoton KB066 keyboard (stable-fixes).
- HID: appleir: Fix potential NULL dereference at raw event handle (git-fixes).
- HID: google: fix unused variable warning under !CONFIG_ACPI (git-fixes).
- HID: hid-apple: Apple Magic Keyboard a3203 USB-C support (stable-fixes).
- HID: hid-steam: Add Deck IMU support (stable-fixes).
- HID: hid-steam: Add gamepad-only mode switched to by holding options (stable-fixes).
- HID: hid-steam: Avoid overwriting smoothing parameter (stable-fixes).
- HID: hid-steam: Clean up locking (stable-fixes).
- HID: hid-steam: Disable watchdog instead of using a heartbeat (stable-fixes).
- HID: hid-steam: Do not use cancel_delayed_work_sync in IRQ context (git-fixes).
- HID: hid-steam: Fix cleanup in probe() (git-fixes).
- HID: hid-steam: Fix use-after-free when detaching device (git-fixes).
- HID: hid-steam: Make sure rumble work is canceled on removal (stable-fixes).
- HID: hid-steam: Move hidraw input (un)registering to work (git-fixes).
- HID: hid-steam: Update list of identifiers from SDL (stable-fixes).
- HID: hid-steam: remove pointless error message (stable-fixes).
- HID: hid-thrustmaster: fix stack-out-of-bounds read in usb_check_int_endpoints() (git-fixes).
- HID: i2c-hid: Skip SET_POWER SLEEP for Cirque touchpad on system suspend (stable-fixes).
- HID: ignore non-functional sensor in HP 5MP Camera (stable-fixes).
- HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() (git-fixes).
- HID: intel-ish-hid: Send clock sync message immediately after reset (stable-fixes).
- HID: intel-ish-hid: fix the length of MNG_SYNC_FW_CLOCK in doorbell (stable-fixes).
- HID: multitouch: Add NULL check in mt_input_configured (git-fixes).
- HID: remove superfluous (and wrong) Makefile entry for CONFIG_INTEL_ISH_FIRMWARE_DOWNLOADER (git-fixes).
- HID: topre: Fix n-key rollover on Realforce R3S TKL boards (stable-fixes).
- IB/mad: Check available slots before posting receive WRs (git-fixes)
- IB/mlx5: Set and get correct qp_num for a DCT QP (git-fixes)
- Input: ads7846 - fix gpiod allocation (git-fixes).
- Input: allocate keycode for phone linking (stable-fixes).
- Input: i8042 - add required quirks for missing old boardnames (stable-fixes).
- Input: i8042 - swap old quirk combination with new quirk for NHxxRZQ (stable-fixes).
- Input: i8042 - swap old quirk combination with new quirk for more devices (stable-fixes).
- Input: i8042 - swap old quirk combination with new quirk for several devices (stable-fixes).
- Input: iqs7222 - add support for Azoteq IQS7222D (git-fixes).
- Input: iqs7222 - add support for IQS7222D v1.1 and v1.2 (git-fixes).
- Input: iqs7222 - preserve system status register (git-fixes).
- Input: xpad - add 8BitDo SN30 Pro, Hyperkin X91 and Gamesir G7 SE controllers (stable-fixes).
- Input: xpad - add multiple supported devices (stable-fixes).
- Input: xpad - add support for TECNO Pocket Go (stable-fixes).
- Input: xpad - add support for ZOTAC Gaming Zone (stable-fixes).
- Input: xpad - rename QH controller to Legion Go S (stable-fixes).
- KVM: VMX: Allow toggling bits in MSR_IA32_RTIT_CTL when enable bit is cleared (git-fixes).
- KVM: VMX: Fix comment of handle_vmx_instruction() (git-fixes).
- KVM: VMX: reset the segment cache after segment init in vmx_vcpu_reset() (jsc#PED-348 git-fixes).
- KVM: arm64: Do not eagerly teardown the vgic on init error (git-fixes).
- KVM: arm64: Ensure vgic_ready() is ordered against MMIO registration (git-fixes).
- KVM: arm64: Fix alignment of kvm_hyp_memcache allocations (git-fixes).
- KVM: arm64: Flush hyp bss section after initialization of variables in bss (git-fixes).
- KVM: arm64: Unconditionally save+flush host FPSIMD/SVE/SME state (git-fixes)
- KVM: arm64: vgic-v3: Sanitise guest writes to GICR_INVLPIR (git-fixes).
- KVM: nSVM: Enter guest mode before initializing nested NPT MMU (git-fixes).
- KVM: nVMX: Treat vpid01 as current if L2 is active, but with VPID disabled (jsc#PED-348 git-fixes).
- KVM: s390: vsie: fix some corner-cases when grabbing vsie pages (git-fixes bsc#1237155).
- KVM: x86/mmu: Skip the "try unsync" path iff the old SPTE was a leaf SPTE (git-fixes).
- KVM: x86: AMD's IBPB is not equivalent to Intel's IBPB (git-fixes).
- KVM: x86: Account for KVM-reserved CR4 bits when passing through CR4 on VMX (git-fixes).
- KVM: x86: Advertise SRSO_USER_KERNEL_NO to userspace (git-fixes).
- KVM: x86: Avoid double RDPKRU when loading host/guest PKRU (git-fixes).
- KVM: x86: Cache CPUID.0xD XSTATE offsets+sizes during module init (git-fixes).
- KVM: x86: Fix a comment inside __kvm_set_or_clear_apicv_inhibit() (git-fixes).
- KVM: x86: Reject Hyper-V's SEND_IPI hypercalls if local APIC isn't in-kernel (git-fixes).
- KVM: x86: Unconditionally set irr_pending when updating APICv state (jsc#PED-348).
- KVM: x86: Zero out PV features cache when the CPUID leaf is not present (git-fixes).
- Move upstreamed ACPI patch into sorted section
- Move upstreamed PCI and initramfs patches into sorted section
- Move upstreamed nfsd and sunrpc patches into sorted section
- Move upstreamed powerpc and SCSI patches into sorted section
- PCI/ACS: Fix 'pci=config_acs=' parameter (git-fixes).
- PCI/ASPM: Fix link state exit during switch upstream function removal (git-fixes).
- PCI/DOE: Poll DOE Busy bit for up to 1 second in pci_doe_send_req() (bsc#1237853)
- PCI/DOE: Support discovery version 2 (bsc#1237853)
- PCI/DPC: Quirk PIO log size for Intel Raptor Lake-P (stable-fixes).
- PCI/portdrv: Only disable pciehp interrupts early when needed (git-fixes).
- PCI: Avoid reset when disabled via sysfs (git-fixes).
- PCI: Fix reference leak in pci_alloc_child_bus() (git-fixes).
- PCI: Remove stray put_device() in pci_register_host_bridge() (git-fixes).
- PCI: Use downstream bridges for distributing resources (bsc#1237325).
- PCI: brcmstb: Fix error path after a call to regulator_bulk_get() (git-fixes).
- PCI: brcmstb: Fix missing of_node_put() in brcm_pcie_probe() (git-fixes).
- PCI: brcmstb: Fix potential premature regulator disabling (git-fixes).
- PCI: brcmstb: Set generation limit before PCIe link up (git-fixes).
- PCI: brcmstb: Use internal register to change link capability (git-fixes).
- PCI: cadence-ep: Fix the driver to send MSG TLP for INTx without data payload (git-fixes).
- PCI: dwc: ep: Return -ENOMEM for allocation failures (git-fixes).
- PCI: hookup irq_get_affinity callback (bsc#1236896).
- PCI: imx6: Simplify clock handling by using clk_bulk*() function (git-fixes).
- PCI: pciehp: Do not enable HPIE when resuming in poll mode (git-fixes).
- PCI: switchtec: Add Microchip PCI100X device IDs (stable-fixes).
- PCI: xilinx-cpm: Fix IRQ domain leak in error path of probe (git-fixes).
- PM: sleep: Adjust check before setting power.must_resume (git-fixes).
- PM: sleep: Fix handling devices with direct_complete set on errors (git-fixes).
- RAS: Avoid build errors when CONFIG_DEBUG_FS=n (jsc#PED-7619).
- RDMA/bnxt_re: Add missing paranthesis in map_qp_id_to_tbl_indx (git-fixes)
- RDMA/bnxt_re: Avoid clearing VLAN_ID mask in modify qp path (git-fixes)
- RDMA/bnxt_re: Fix the page details for the srq created by kernel consumers (git-fixes)
- RDMA/bnxt_re: Fix the statistics for Gen P7 VF (git-fixes)
- RDMA/core: Do not expose hw_counters outside of init net namespace (git-fixes)
- RDMA/efa: Reset device on probe failure (git-fixes)
- RDMA/erdma: Prevent use-after-free in erdma_accept_newconn() (git-fixes)
- RDMA/hns: Fix a missing rollback in error path of hns_roce_create_qp_common() (git-fixes)
- RDMA/hns: Fix mbox timing out by adding retry mechanism (git-fixes)
- RDMA/hns: Fix missing xa_destroy() (git-fixes)
- RDMA/hns: Fix soft lockup during bt pages loop (git-fixes)
- RDMA/hns: Fix unmatched condition in error path of alloc_user_qp_db() (git-fixes)
- RDMA/hns: Fix wrong value of max_sge_rd (git-fixes)
- RDMA/mana_ib: Allocate PAGE aligned doorbell index (git-fixes).
- RDMA/mana_ib: Prefer struct_size over open coded arithmetic (bsc#1239016).
- RDMA/mlx5: Fix AH static rate parsing (git-fixes)
- RDMA/mlx5: Fix MR cache initialization error flow (git-fixes)
- RDMA/mlx5: Fix a WARN during dereg_mr for DM type (git-fixes)
- RDMA/mlx5: Fix a race for DMABUF MR which can lead to CQE with error (git-fixes)
- RDMA/mlx5: Fix bind QP error cleanup flow (git-fixes)
- RDMA/mlx5: Fix cache entry update on dereg error (git-fixes)
- RDMA/mlx5: Fix calculation of total invalidated pages (git-fixes)
- RDMA/mlx5: Fix implicit ODP hang on parent deregistration (git-fixes)
- RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow (git-fixes)
- RDMA/mlx5: Fix the recovery flow of the UMR QP (git-fixes)
- RDMA/mlx5: Handle errors returned from mlx5r_ib_rate() (git-fixes)
- RDMA/rxe: Fix the failure of ibv_query_device() and ibv_query_device_ex() tests (git-fixes)
- RDMA/rxe: Improve newline in printing messages (git-fixes)
- Reapply "wifi: ath11k: restore country code during resume" (bsc#1207948).
- Revert "blk-throttle: Fix IO hang for a corner case" (git-fixes).
- Revert "dm: requeue IO if mapping table not yet available" (git-fixes).
- Revert "drivers/card_reader/rtsx_usb: Restore interrupt based detection" (git-fixes).
- Revert "drm/amd/display: Use HW lock mgr for PSR1" (stable-fixes).
- Revert "leds-pca955x: Remove the unused function pca95xx_num_led_regs()" (stable-fixes).
- Revert "wifi: ath11k: restore country code during resume" (bsc#1207948).
- Revert "wifi: ath11k: support hibernation" (bsc#1207948).
- SUNRPC: Handle -ETIMEDOUT return from tlshd (git-fixes).
- SUNRPC: Prevent looping due to rpc_signal_task() races (git-fixes).
- SUNRPC: convert RPC_TASK_* constants to enum (git-fixes).
- UPSTREAM: tcp: fix DSACK undo in fast recovery to call tcp_try_to_open() (git-fixes).
- USB: Add USB_QUIRK_NO_LPM quirk for sony xperia xz1 smartphone (stable-fixes).
- USB: Fix the issue of task recovery failure caused by USB status when S4 wakes up (git-fixes).
- USB: cdc-acm: Fill in Renesas R-Car D3 USB Download mode quirk (git-fixes).
- USB: gadget: f_midi: f_midi_complete to call queue_work (git-fixes).
- USB: hub: Ignore non-compliant devices with too many configs or interfaces (stable-fixes).
- USB: pci-quirks: Fix HCCPARAMS register error for LS7A EHCI (stable-fixes).
- USB: quirks: add USB_QUIRK_NO_LPM quirk for Teclast dist (stable-fixes).
- USB: serial: ftdi_sio: add support for Altera USB Blaster 3 (stable-fixes).
- USB: serial: option: add MeiG Smart SLM828 (stable-fixes).
- USB: serial: option: add Telit Cinterion FE990B compositions (stable-fixes).
- USB: serial: option: add Telit Cinterion FN990B compositions (stable-fixes).
- USB: serial: option: drop MeiG Smart defines (stable-fixes).
- USB: serial: option: fix Telit Cinterion FE990A name (stable-fixes).
- USB: serial: option: fix Telit Cinterion FN990A name (stable-fixes).
- USB: serial: option: match on interface class for Telit FN990B (stable-fixes).
- Update "drm/mgag200: Added support for the new device G200eH5" (jsc#PED-12094)
- Use gcc-13 for build on SLE16 (jsc#PED-10028).
- accel/qaic: Fix integer overflow in qaic_validate_req() (git-fixes).
- accel/qaic: Fix possible data corruption in BOs > 2G (git-fixes).
- acct: block access to kernel internal filesystems (git-fixes).
- acct: perform last write from workqueue (git-fixes).
- add nf_tables for iptables non-legacy network handling.
- af_packet: do not call packet_read_pending() from tpacket_destruct_skb() (bsc#1237849).
- af_unix: Annotate data-race of sk->sk_state in unix_stream_read_skb() (bsc#1239435).
- af_unix: Disable MSG_OOB handling for sockets in sockmap/sockhash (bsc#1239435).
- af_unix: Remove put_pid()/put_cred() in copy_peercred() (bsc#1240334).
- amdgpu/pm/legacy: fix suspend/resume issues (git-fixes).
- arm64/mm: Ensure adequate HUGE_MAX_HSTATE (git-fixes)
- arm64: Handle .ARM.attributes section in linker scripts (git-fixes)
- arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array (git-fixes)
- arm64: cputype: Add MIDR_CORTEX_A76AE (git-fixes)
- arm64: dts: freescale: imx8mm-verdin-dahlia: add Microphone Jack to (git-fixes)
- arm64: dts: freescale: tqma8mpql: Fix vqmmc-supply (git-fixes)
- arm64: dts: rockchip: Add avdd HDMI supplies to RockPro64 board dtsi (git-fixes)
- arm64: dts: rockchip: Add missing PCIe supplies to RockPro64 board (git-fixes)
- arm64: dts: rockchip: Fix PWM pinctrl names (git-fixes)
- arm64: dts: rockchip: Remove bluetooth node from rock-3a (git-fixes)
- arm64: dts: rockchip: Remove undocumented sdmmc property from (git-fixes)
- arm64: dts: rockchip: add rs485 support on uart5 of (git-fixes)
- arm64: dts: rockchip: fix pinmux of UART0 for PX30 Ringneck on Haikou (git-fixes)
- arm64: dts: rockchip: fix pinmux of UART5 for PX30 Ringneck on Haikou (git-fixes)
- arm64: errata: Add KRYO 2XX/3XX/4XX silver cores to Spectre BHB safe (git-fixes)
- arm64: errata: Add QCOM_KRYO_4XX_GOLD to the spectre_bhb_k24_list (git-fixes)
- arm64: errata: Add newer ARM cores to the spectre_bhb_loop_affected() (git-fixes)
- arm64: errata: Assume that unknown CPUs _are_ vulnerable to Spectre (git-fixes)
- arm64: hugetlb: Fix flush_hugetlb_tlb_range() invalidation level (git-fixes)
- arm64: hugetlb: Fix huge_ptep_get_and_clear() for non-present ptes (git-fixes)
- arm64: hugetlb: enable __HAVE_ARCH_FLUSH_HUGETLB_TLB_RANGE (git-fixes)
- arm64: mm: Populate vmemmap at the page level if not section aligned (git-fixes)
- arm64: tegra: Remove the Orin NX/Nano suspend key (git-fixes)
- ata: ahci: Add mask_port_map module parameter (git-fixes).
- ata: libata-scsi: Check ATA_QCFLAG_RTF_FILLED before using result_tf (git-fixes).
- ata: libata-scsi: Remove redundant sense_buffer memsets (git-fixes).
- ata: libata-sff: Ensure that we cannot write outside the allocated buffer (stable-fixes).
- ata: libata: Fix NCQ Non-Data log not supported print (git-fixes).
- ata: pata_parport: add custom version of wait_after_reset (git-fixes).
- ata: pata_parport: fit3: implement IDE command set registers (git-fixes).
- ata: pata_serverworks: Do not use the term blacklist (git-fixes).
- ata: sata_highbank: fix OF node reference leak in highbank_initialize_phys() (git-fixes).
- ata: sata_sil: Rename sil_blacklist to sil_quirks (git-fixes).
- auxdisplay: panel: Fix an API misuse in panel.c (git-fixes).
- backlight: led_bl: Hold led_access lock when calling led_sysfs_disable() (git-fixes).
- batman-adv: Drop unmanaged ELP metric worker (git-fixes).
- batman-adv: Ignore neighbor throughput metrics in error case (stable-fixes).
- batman-adv: Ignore own maximum aggregation size during RX (git-fixes).
- batman-adv: fix panic during interface removal (git-fixes).
- bio-integrity: do not restrict the size of integrity metadata (git-fixes).
- bitmap: introduce generic optimized bitmap_size() (git-fixes).
- blk-cgroup: Fix class @block_class's subsystem refcount leakage (bsc#1237558).
- blk-cgroup: Properly propagate the iostat update up the hierarchy (bsc#1225606).
- blk-iocost: Avoid using clamp() on inuse in __propagate_weights() (git-fixes).
- blk-mq: Make blk_mq_quiesce_tagset() hold the tag list mutex less long (git-fixes).
- blk-mq: add number of queue calc helper (bsc#1236897).
- blk-mq: create correct map for fallback case (bsc#1236896).
- blk-mq: do not count completed flush data request as inflight in case of quiesce (git-fixes).
- blk-mq: introduce blk_mq_map_hw_queues (bsc#1236896).
- blk-mq: issue warning when offlining hctx with online isolcpus (bsc#1236897).
- blk-mq: move cpuhp callback registering out of q->sysfs_lock (git-fixes).
- blk-mq: register cpuhp callback after hctx is added to xarray table (git-fixes).
- blk-mq: use hk cpus only when isolcpus=managed_irq is enabled (bsc#1236897).
- blk_iocost: remove some duplicate irq disable/enables (git-fixes).
- block, bfq: fix waker_bfqq UAF after bfq_split_bfqq() (git-fixes).
- block: Clear zone limits for a non-zoned stacked queue (git-fixes).
- block: Fix elevator_get_default() checking for NULL q->tag_set (git-fixes).
- block: Fix lockdep warning in blk_mq_mark_tag_wait (git-fixes).
- block: Fix page refcounts for unaligned buffers in __bio_release_pages() (git-fixes).
- block: Provide bdev_open_* functions (git-fixes).
- block: Remove special-casing of compound pages (git-fixes).
- block: Set memalloc_noio to false on device_add_disk() error path (git-fixes).
- block: add a disk_has_partscan helper (git-fixes).
- block: add a partscan sysfs attribute for disks (git-fixes).
- block: add check of 'minors' and 'first_minor' in device_add_disk() (git-fixes).
- block: avoid to reuse `hctx` not removed from cpuhp callback list (git-fixes).
- block: change rq_integrity_vec to respect the iterator (git-fixes).
- block: cleanup and fix batch completion adding conditions (git-fixes).
- block: copy back bounce buffer to user-space correctly in case of split (git-fixes).
- block: do not revert iter for -EIOCBQUEUED (git-fixes).
- block: ensure we hold a queue reference when using queue limits (git-fixes).
- block: fix and simplify blkdevparts= cmdline parsing (git-fixes).
- block: fix bio_split_rw_at to take zone_write_granularity into account (git-fixes).
- block: fix integer overflow in BLKSECDISCARD (git-fixes).
- block: fix missing dispatching request when queue is started or unquiesced (git-fixes).
- block: fix ordering between checking BLK_MQ_S_STOPPED request adding (git-fixes).
- block: fix ordering between checking QUEUE_FLAG_QUIESCED request adding (git-fixes).
- block: fix sanity checks in blk_rq_map_user_bvec (git-fixes).
- block: propagate partition scanning errors to the BLKRRPART ioctl (git-fixes).
- block: remove the blk_flush_integrity call in blk_integrity_unregister (git-fixes).
- block: retry call probe after request_module in blk_request_module (git-fixes).
- block: return unsigned int from bdev_io_min (git-fixes).
- block: sed-opal: avoid possible wrong address reference in read_sed_opal_key() (git-fixes).
- block: support to account io_ticks precisely (git-fixes).
- block: use the right type for stub rq_integrity_vec() (git-fixes).
- bluetooth: btusb: Initialize .owner field of force_poll_sync_fops (git-fixes).
- bnxt_en: Fix possible memory leak when hwrm_req_replace fails (git-fixes).
- bnxt_en: Refactor bnxt_ptp_init() (git-fixes).
- bnxt_en: Unregister PTP during PCI shutdown and suspend (git-fixes).
- bpf: Avoid kfree_rcu() under lock in bpf_lpm_trie (git-fixes).
- bpf: Fix a verifier verbose message (git-fixes).
- bpf: Replace bpf_lpm_trie_key 0-length array with flexible array (git-fixes).
- bpf: Use -Wno-error in certain tests when building with GCC (git-fixes).
- bpf: prevent r10 register from being marked as precise (git-fixes).
- broadcom: fix supported flag check in periodic output function (git-fixes).
- btrfs: check delayed refs when we're checking if a ref exists (bsc#1239605).
- btrfs: do not use btrfs_bio_ctrl for extent buffer writing (bsc#1239045).
- btrfs: drop the backref cache during relocation if we commit (bsc#1239605).
- btrfs: fix defrag not merging contiguous extents due to merged extent maps (bsc#1237232).
- btrfs: fix extent map merging not happening for adjacent extents (bsc#1237232).
- btrfs: remove the mirror_num argument to btrfs_submit_compressed_read (bsc#1239045).
- btrfs: subpage: fix error handling in end_bio_subpage_eb_writepage (bsc#1239045).
- btrfs: use a separate end_io handler for extent_buffer writing (bsc#1239045).
- bus: mhi: host: Fix race between unprepare and queue_buf (git-fixes).
- bus: mhi: host: pci_generic: Use pci_try_reset_function() to avoid deadlock (git-fixes).
- bus: qcom-ssc-block-bus: Fix the error handling path of qcom_ssc_block_bus_probe() (git-fixes).
- bus: qcom-ssc-block-bus: Remove some duplicated iounmap() calls (git-fixes).
- bus: simple-pm-bus: fix forced runtime PM use (git-fixes).
- can: c_can: fix unbalanced runtime PM disable in error path (git-fixes).
- can: ctucanfd: handle skb allocation failure (git-fixes).
- can: etas_es58x: fix potential NULL pointer dereference on udev->serial (git-fixes).
- can: flexcan: disable transceiver during system PM (git-fixes).
- can: flexcan: only change CAN state when link up in system PM (git-fixes).
- can: j1939: j1939_sk_send_loop(): fix unable to send messages with data length zero (git-fixes).
- can: rcar_canfd: Fix page entries in the AFL list (git-fixes).
- can: ucan: fix out of bound read in strscpy() source (git-fixes).
- cdx: Fix possible UAF error in driver_override_show() (git-fixes).
- char: misc: deallocate static minor in error path (git-fixes).
- chelsio/chtls: prevent potential integer overflow on 32bit (git-fixes).
- cifs: Fix parsing reparse point with native symlink in SMB1 non-UNICODE session (git-fixes).
- cifs: Remove intermediate object of failed create reparse call (git-fixes).
- cifs: commands that are retried should have replay flag set (bsc#1231432).
- cifs: fix potential null pointer use in destroy_workqueue in init_cifs error path (bsc#1231432).
- cifs: helper function to check replayable error codes (bsc#1231432).
- cifs: new mount option called retrans (bsc#1231432).
- cifs: open_cached_dir should not rely on primary channel (bsc#1231432).
- cifs: open_cached_dir(): add FILE_READ_EA to desired access (git-fixes).
- cifs: update desired access while requesting for directory lease (git-fixes).
- cifs: update the same create_guid on replay (git-fixes).
- clk: mediatek: mt2701-aud: fix conversion to mtk_clk_simple_probe (git-fixes).
- clk: mediatek: mt2701-bdp: add missing dummy clk (git-fixes).
- clk: mediatek: mt2701-img: add missing dummy clk (git-fixes).
- clk: mediatek: mt2701-mm: add missing dummy clk (git-fixes).
- clk: mediatek: mt2701-vdec: fix conversion to mtk_clk_simple_probe (git-fixes).
- clk: qcom: clk-alpha-pll: fix alpha mode configuration (git-fixes).
- clk: qcom: clk-rpmh: prevent integer overflow in recalc_rate (git-fixes).
- clk: qcom: dispcc-sm6350: Add missing parent_map for a clock (git-fixes).
- clk: qcom: gcc-mdm9607: Fix cmd_rcgr offset for blsp1_uart6 rcg (git-fixes).
- clk: qcom: gcc-sm6350: Add missing parent_map for two clocks (git-fixes).
- clk: qcom: gcc-sm8550: Do not turn off PCIe GDSCs during gdsc_disable() (git-fixes).
- clk: sunxi-ng: a100: enable MMC clock reparenting (git-fixes).
- clockevents/drivers/i8253: Fix stop sequence for timer 0 (git-fixes).
- config: Set gcc version (jsc#PED-12251).
- coredump: Fixes core_pipe_limit sysctl proc_handler (git-fixes).
- cppc_cpufreq: Use desired perf if feedback ctrs are 0 or unchanged (bsc#1237856)
- cpu/hotplug: Do not offline the last non-isolated CPU (bsc#1237562).
- cpu/hotplug: Prevent self deadlock on CPU hot-unplug (bsc#1237562).
- cpufreq/amd-pstate: Fix max_perf updation with schedutil (bsc#1239707).
- cpufreq/cppc: Do not compare desired_perf in target() (bsc#1237856)
- cpufreq/cppc: Move and rename (bsc#1237856)
- cpufreq: cppc: Set fie_disabled to FIE_DISABLED if fails to create (bsc#1237856)
- cpufreq: cppc: cppc_cpufreq_get_rate() returns zero in all error (bsc#1237856)
- cpufreq: imx6q: Do not disable 792 Mhz OPP unnecessarily (git-fixes).
- cpufreq: imx6q: do not warn for disabling a non-existing frequency (git-fixes).
- cpufreq: mediatek-hw: Do not error out if supply is not found (git-fixes).
- cpufreq: mediatek-hw: Wait for CPU supplies before probing (git-fixes).
- cpufreq: qcom-nvmem: Enable virtual power domain devices (git-fixes).
- cpufreq: qcom-nvmem: Simplify driver data allocation (stable-fixes).
- cpufreq: qcom-nvmem: add support for IPQ8064 (git-fixes).
- cpufreq: qcom-nvmem: drop pvs_ver for format a fuses (git-fixes).
- cpufreq: qcom-nvmem: fix memory leaks in probe error paths (git-fixes).
- cpufreq: qcom-nvmem: use SoC ID-s from bindings (git-fixes).
- cpufreq: qcom-nvmem: use helper to get SMEM SoC ID (git-fixes).
- cpufreq: qcom: Fix qcom_cpufreq_hw_recalc_rate() to query LUT if LMh IRQ is not available (git-fixes).
- cpufreq: qcom: Implement clk_ops::determine_rate() for qcom_cpufreq* clocks (git-fixes).
- cpufreq: s3c64xx: Fix compilation warning (stable-fixes).
- cpumask: add cpumask_weight_andnot() (bsc#1239015).
- cpumask: define cleanup function for cpumasks (bsc#1239015).
- crypto: ccp - Fix check for the primary ASP device (git-fixes).
- crypto: ccp - Fix uAPI definitions of PSP errors (git-fixes).
- crypto: hisilicon/sec2 - fix for aead auth key length (git-fixes).
- crypto: hisilicon/sec2 - fix for aead authsize alignment (git-fixes).
- crypto: hisilicon/sec2 - fix for aead icv error (git-fixes).
- crypto: hisilicon/sec2 - fix for aead invalid authsize (git-fixes).
- crypto: hisilicon/sec2 - fix for sec spec check (git-fixes).
- crypto: hisilicon/sec2 - optimize the error return process (stable-fixes).
- crypto: iaa - Add global_stats file and remove individual stat files (jsc#PED-12416).
- crypto: iaa - Change desc->priv to 0 (jsc#PED-12416).
- crypto: iaa - Change iaa statistics to atomic64_t (jsc#PED-12416).
- crypto: iaa - Fix comp/decomp delay statistics (jsc#PED-12416).
- crypto: iaa - Remove comp/decomp delay statistics (jsc#PED-12416).
- crypto: iaa - Remove header table code (jsc#PED-12416).
- crypto: iaa - Remove potential infinite loop in check_completion() (jsc#PED-12416).
- crypto: iaa - Remove unnecessary debugfs_create_dir() error check in iaa_crypto_debugfs_init() (jsc#PED-12416).
- crypto: iaa - Remove unneeded newline in update_max_adecomp_delay_ns() (jsc#PED-12416).
- crypto: iaa - Test the correct request flag (git-fixes).
- crypto: iaa - Use cpumask_weight() when rebalancing (jsc#PED-12416).
- crypto: iaa - Use kmemdup() instead of kzalloc() and memcpy() (jsc#PED-12416).
- crypto: iaa - fix decomp_bytes_in stats (jsc#PED-12416).
- crypto: iaa - fix the missing CRYPTO_ALG_ASYNC in cra_flags (jsc#PED-12416).
- crypto: iaa - remove unneeded semicolon (jsc#PED-12416).
- crypto: nx - Fix uninitialised hv_nxc on error (git-fixes).
- crypto: qat - Avoid -Wflex-array-member-not-at-end warnings (jsc#PED-12416).
- crypto: qat - Constify struct pm_status_row (jsc#PED-12416).
- crypto: qat - Fix missing destroy_workqueue in adf_init_aer() (jsc#PED-12416).
- crypto: qat - Fix spelling mistake "Invalide" -> "Invalid" (jsc#PED-12416).
- crypto: qat - Fix typo "accelaration" (jsc#PED-12416).
- crypto: qat - Fix typo (jsc#PED-12416).
- crypto: qat - Remove trailing space after \n newline (jsc#PED-12416).
- crypto: qat - Use static_assert() to check struct sizes (jsc#PED-12416).
- crypto: qat - add admin msgs for telemetry (jsc#PED-12416).
- crypto: qat - add auto reset on error (jsc#PED-12416).
- crypto: qat - add bank save and restore flows (jsc#PED-12416).
- crypto: qat - add fatal error notification (jsc#PED-12416).
- crypto: qat - add fatal error notify method (jsc#PED-12416).
- crypto: qat - add heartbeat error simulator (jsc#PED-12416).
- crypto: qat - add interface for live migration (jsc#PED-12416).
- crypto: qat - add support for 420xx devices (jsc#PED-12416).
- crypto: qat - add support for device telemetry (jsc#PED-12416).
- crypto: qat - add support for ring pair level telemetry (jsc#PED-12416).
- crypto: qat - adf_get_etr_base() helper (jsc#PED-12416).
- crypto: qat - allow disabling SR-IOV VFs (jsc#PED-12416).
- crypto: qat - avoid memcpy() overflow warning (jsc#PED-12416).
- crypto: qat - change signature of uof_get_num_objs() (jsc#PED-12416).
- crypto: qat - disable arbitration before reset (jsc#PED-12416).
- crypto: qat - ensure correct order in VF restarting handler (jsc#PED-12416).
- crypto: qat - expand CSR operations for QAT GEN4 devices (jsc#PED-12416).
- crypto: qat - fix "Full Going True" macro definition (jsc#PED-12416).
- crypto: qat - fix arbiter mapping generation algorithm for QAT 402xx (jsc#PED-12416).
- crypto: qat - fix comment structure (jsc#PED-12416).
- crypto: qat - fix linking errors when PCI_IOV is disabled (jsc#PED-12416).
- crypto: qat - fix recovery flow for VFs (jsc#PED-12416).
- crypto: qat - fix ring to service map for dcc in 420xx (jsc#PED-12416).
- crypto: qat - generate dynamically arbiter mappings (jsc#PED-12416).
- crypto: qat - implement dh fallback for primes > 4K (jsc#PED-12416).
- crypto: qat - implement interface for live migration (jsc#PED-12416).
- crypto: qat - improve aer error reset handling (jsc#PED-12416).
- crypto: qat - improve error message in adf_get_arbiter_mapping() (jsc#PED-12416).
- crypto: qat - include pci.h for GET_DEV() (jsc#PED-12416).
- crypto: qat - initialize user_input.lock for rate_limiting (jsc#PED-12416).
- crypto: qat - limit heartbeat notifications (jsc#PED-12416).
- crypto: qat - make adf_ctl_class constant (jsc#PED-12416).
- crypto: qat - make ring to service map common for QAT GEN4 (jsc#PED-12416).
- crypto: qat - move PFVF compat checker to a function (jsc#PED-12416).
- crypto: qat - move fw config related structures (jsc#PED-12416).
- crypto: qat - preserve ADF_GENERAL_SEC (jsc#PED-12416).
- crypto: qat - re-enable sriov after pf reset (jsc#PED-12416).
- crypto: qat - relocate CSR access code (jsc#PED-12416).
- crypto: qat - relocate and rename 4xxx PF2VM definitions (jsc#PED-12416).
- crypto: qat - relocate portions of qat_4xxx code (jsc#PED-12416).
- crypto: qat - remove access to parity register for QAT GEN4 (git-fixes).
- crypto: qat - remove unnecessary description from comment (jsc#PED-12416).
- crypto: qat - remove unused adf_devmgr_get_first (jsc#PED-12416).
- crypto: qat - rename get_sla_arr_of_type() (jsc#PED-12416).
- crypto: qat - set parity error mask for qat_420xx (git-fixes).
- crypto: qat - uninitialized variable in adf_hb_error_inject_write() (jsc#PED-12416).
- crypto: qat - update PFVF protocol for recovery (jsc#PED-12416).
- crypto: qat - use kcalloc_node() instead of kzalloc_node() (jsc#PED-12416).
- crypto: qat - validate slices count returned by FW (jsc#PED-12416).
- crypto: qat/qat_420xx - fix off by one in uof_get_name() (jsc#PED-12416).
- cxgb4: Avoid removal of uninserted tid (git-fixes).
- cxgb4: use port number to set mac addr (git-fixes).
- devlink: avoid potential loop in devlink_rel_nested_in_notify_work() (bsc#1237234).
- dlm: fix srcu_read_lock() return type to int (git-fixes).
- dlm: prevent NPD when writing a positive value to event_done (git-fixes).
- dm array: fix cursor index when skipping across block boundaries (git-fixes).
- dm array: fix unreleased btree blocks on closing a faulty array cursor (git-fixes).
- dm init: Handle minors larger than 255 (git-fixes).
- dm integrity: fix out-of-range warning (git-fixes).
- dm persistent data: fix memory allocation failure (git-fixes).
- dm resume: do not return EINVAL when signalled (git-fixes).
- dm suspend: return -ERESTARTSYS instead of -EINTR (git-fixes).
- dm thin: Add missing destroy_work_on_stack() (git-fixes).
- dm-crypt: do not update io->sector after kcryptd_crypt_write_io_submit() (git-fixes).
- dm-crypt: track tag_offset in convert_context (git-fixes).
- dm-delay: fix hung task introduced by kthread mode (git-fixes).
- dm-delay: fix max_delay calculations (git-fixes).
- dm-delay: fix workqueue delay_timer race (git-fixes).
- dm-ebs: do not set the flag DM_TARGET_PASSES_INTEGRITY (git-fixes).
- dm-flakey: Fix memory corruption in optional corrupt_bio_byte feature (git-fixes).
- dm-integrity: align the outgoing bio in integrity_recheck (git-fixes).
- dm-integrity: fix a race condition when accessing recalc_sector (git-fixes).
- dm-raid: Fix WARN_ON_ONCE check for sync_thread in raid_resume (git-fixes).
- dm-unstriped: cast an operand to sector_t to prevent potential uint32_t overflow (git-fixes).
- dm-verity FEC: Fix RS FEC repair for roots unaligned to block size (take 2) (git-fixes).
- dm: Fix typo in error message (git-fixes).
- dma: kmsan: export kmsan_handle_dma() for modules (git-fixes).
- doc/README.SUSE: Point to the updated version of LKMPG
- doc: update managed_irq documentation (bsc#1236897).
- driver core: Remove needless return in void API device_remove_group() (git-fixes).
- driver core: bus: add irq_get_affinity callback to bus_type (bsc#1236896).
- drivers: core: fix device leak in __fw_devlink_relax_cycles() (git-fixes).
- drivers: virt: acrn: hsm: Use kzalloc to avoid info leak in pmcmd_ioctl (git-fixes).
- drm/amd/display: Assign normalized_pix_clk when color depth = 14 (stable-fixes).
- drm/amd/display: Disable PSR-SU on eDP panels (stable-fixes).
- drm/amd/display: Disable unneeded hpd interrupts during dm_init (stable-fixes).
- drm/amd/display: Fix HPD after gpu reset (stable-fixes).
- drm/amd/display: Fix Mode Cutoff in DSC Passthrough to DP2.1 Monitor (stable-fixes).
- drm/amd/display: Fix null check for pipe_ctx->plane_state in resource_build_scaling_params (git-fixes).
- drm/amd/display: Fix slab-use-after-free on hdcp_work (git-fixes).
- drm/amd/display: Restore correct backlight brightness after a GPU reset (stable-fixes).
- drm/amd/display: Use HW lock mgr for PSR1 when only one eDP (git-fixes).
- drm/amd/display: avoid NPD when ASIC does not support DMUB (git-fixes).
- drm/amd/display: fix type mismatch in CalculateDynamicMetadataParameters() (git-fixes).
- drm/amd/pm: Mark MM activity as unsupported (stable-fixes).
- drm/amdgpu/umsch: declare umsch firmware (git-fixes).
- drm/amdgpu: Check extended configuration space register when system uses large bar (stable-fixes).
- drm/amdgpu: Fix JPEG video caps max size for navi1x and raven (stable-fixes).
- drm/amdgpu: Fix MPEG2, MPEG4 and VC1 video caps max size (stable-fixes).
- drm/amdgpu: Replace Mutex with Spinlock for RLCG register access to avoid Priority Inversion in SRIOV (git-fixes).
- drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table() (stable-fixes).
- drm/amdgpu: bail out when failed to load fw in psp_init_cap_microcode() (git-fixes).
- drm/amdgpu: disable BAR resize on Dell G5 SE (git-fixes).
- drm/amdgpu: fix UVD contiguous CS mapping problem (bsc#1236759).
- drm/amdkfd: Fix Circular Locking Dependency in 'svm_range_cpu_invalidate_pagetables' (git-fixes).
- drm/amdkfd: only flush the validate MES contex (stable-fixes).
- drm/atomic: Filter out redundant DPMS calls (stable-fixes).
- drm/bridge: Fix spelling mistake "gettin" -> "getting" (git-fixes).
- drm/bridge: it6505: Change definition MAX_HDCP_DOWN_STREAM_COUNT (stable-fixes).
- drm/bridge: it6505: fix HDCP Bstatus check (stable-fixes).
- drm/bridge: it6505: fix HDCP CTS KSV list wait timer (stable-fixes).
- drm/bridge: it6505: fix HDCP CTS compare V matching (stable-fixes).
- drm/bridge: it6505: fix HDCP V match check is not performed correctly (git-fixes).
- drm/bridge: it6505: fix HDCP encryption when R0 ready (stable-fixes).
- drm/bridge: ti-sn65dsi86: Fix multiple instances (git-fixes).
- drm/dp_mst: Fix drm RAD print (git-fixes).
- drm/dp_mst: Fix locking when skipping CSN before topology probing (git-fixes).
- drm/gma500: Add NULL check for pci_gfx_root in mid_get_vbt_data() (git-fixes).
- drm/hyperv: Fix address space leak when Hyper-V DRM device is removed (git-fixes).
- drm/i915/cdclk: Do cdclk post plane programming later (stable-fixes).
- drm/i915/ddi: Fix HDMI port width programming in DDI_BUF_CTL (git-fixes).
- drm/i915/dp: Fix error handling during 128b/132b link training (stable-fixes).
- drm/i915/dp: Iterate DSC BPP from high to low on all platforms (git-fixes).
- drm/i915/dsi: Use TRANS_DDI_FUNC_CTL's own port width macro (git-fixes).
- drm/i915/guc: Debug print LRC state entries only if the context is pinned (git-fixes).
- drm/i915/pmu: Fix zero delta busyness issue (git-fixes).
- drm/i915/selftests: avoid using uninitialized context (git-fixes).
- drm/i915/xe2lpd: Move D2D enable/disable (stable-fixes).
- drm/i915: Drop 64bpp YUV formats from ICL+ SDR planes (stable-fixes).
- drm/i915: Fix page cleanup on DMA remap failure (git-fixes).
- drm/i915: Make sure all planes in use by the joiner have their crtc included (stable-fixes).
- drm/komeda: Add check for komeda_get_layer_fourcc_list() (git-fixes).
- drm/mediatek: dp: drm_err => dev_err in HPD path to avoid NULL ptr (git-fixes).
- drm/mediatek: dsi: fix error codes in mtk_dsi_host_transfer() (git-fixes).
- drm/mediatek: mtk_hdmi: Fix typo for aud_sampe_size member (git-fixes).
- drm/mediatek: mtk_hdmi: Unregister audio platform device on failure (git-fixes).
- drm/mgag200: Added support for the new device G200eH5 (jsc#PED-12094)
- drm/modeset: Handle tiled displays in pan_display_atomic (stable-fixes).
- drm/msm/a6xx: Fix a6xx indexed-regs in devcoreduump (git-fixes).
- drm/msm/a6xx: Fix stale rpmh votes from GPU (git-fixes).
- drm/msm/dpu: Disable dither in phys encoder cleanup (git-fixes).
- drm/msm/dpu: Do not leak bits_per_component into random DSC_ENC fields (git-fixes).
- drm/msm/dpu: do not use active in atomic_check() (git-fixes).
- drm/msm/dsi: Set PHY usescase (and mode) before registering DSI host (git-fixes).
- drm/msm/dsi: Use existing per-interface slice count in DSC timing (git-fixes).
- drm/msm/gem: Demote userspace errors to DRM_UT_DRIVER (stable-fixes).
- drm/msm/gem: prevent integer overflow in msm_ioctl_gem_submit() (git-fixes).
- drm/msm: Avoid rounding up to one jiffy (git-fixes).
- drm/nouveau/pmu: Fix gp10b firmware guard (git-fixes).
- drm/nouveau: Do not override forced connector status (stable-fixes).
- drm/panel: ilitek-ili9882t: fix GPIO name in error message (git-fixes).
- drm/radeon/ci_dpm: Remove needless NULL checks of dpm tables (git-fixes).
- drm/radeon: Fix rs400_gpu_init for ATI mobility radeon Xpress 200M (stable-fixes).
- drm/radeon: fix uninitialized size issue in radeon_vce_cs_parse() (git-fixes).
- drm/repaper: fix integer overflows in repeat functions (git-fixes).
- drm/rockchip: move output interface related definition to rockchip_drm_drv.h (stable-fixes).
- drm/rockchip: vop2: Fix the windows switch between different layers (git-fixes).
- drm/rockchip: vop2: Set YUV/RGB overlay mode (stable-fixes).
- drm/rockchip: vop2: include rockchip_drm_drv.h (git-fixes).
- drm/rockchip: vop2: set bg dly and prescan dly at vop2_post_config (stable-fixes).
- drm/sched: Fix fence reference count leak (git-fixes).
- drm/sched: Fix preprocessor guard (git-fixes).
- drm/ssd130x: Set SPI .id_table to prevent an SPI core warning (git-fixes).
- drm/ssd130x: ensure ssd132x pitch is correct (git-fixes).
- drm/ssd130x: fix ssd132x encoding (git-fixes).
- drm/v3d: Do not run jobs that have errors flagged in its fence (git-fixes).
- drm/virtio: New fence for every plane update (stable-fixes).
- drm/vkms: Fix use after free and double free on init error (git-fixes).
- drm/vkms: Round fixp2int conversion in lerp_u16 (stable-fixes).
- drm: xlnx: zynqmp: Fix max dma segment size (git-fixes).
- dummycon: fix default rows/cols (git-fixes).
- eeprom: digsy_mtc: Make GPIO lookup table match the device (git-fixes).
- efi/libstub: Bump up EFI_MMAP_NR_SLACK_SLOTS to 32 (bsc#1239349).
- efi: Avoid cold plugged memory for placing the kernel (stable-fixes).
- efi: libstub: Use '-std=gnu11' to fix build with GCC 15 (stable-fixes).
- eth: gve: use appropriate helper to set xdp_features (git-fixes).
- exfat: convert to ctime accessor functions (git-fixes).
- exfat: do not zero the extended part (bsc#1237356).
- exfat: fix appending discontinuous clusters to empty file (bsc#1237356).
- exfat: fix file being changed by unaligned direct write (git-fixes).
- exfat: fix timing of synchronizing bitmap and inode (bsc#1237356).
- exfat: fix zero the unwritten part for dio read (git-fixes).
- fbdev: au1100fb: Move a variable assignment behind a null pointer check (git-fixes).
- fbdev: omap: use threaded IRQ for LCD DMA (stable-fixes).
- fbdev: pxafb: Fix possible use after free in pxafb_task() (stable-fixes).
- fbdev: sm501fb: Add some geometry checks (git-fixes).
- firmware: arm_ffa: Explicitly cast return value from FFA_VERSION before comparison (git-fixes).
- firmware: arm_scmi: use ioread64() instead of ioread64_hi_lo() (git-fixes).
- firmware: cs_dsp: Remove async regmap writes (git-fixes).
- firmware: imx-scu: fix OF node leak in .probe() (git-fixes).
- firmware: iscsi_ibft: fix ISCSI_IBFT Kconfig entry (git-fixes).
- flow_dissector: use RCU protection to fetch dev_net() (bsc#1239994).
- futex: Do not include process MM in futex key on no-MMU (git-fixes).
- gpio: aggregator: protect driver attr handlers against module unload (git-fixes).
- gpio: bcm-kona: Add missing newline to dev_err format string (git-fixes).
- gpio: bcm-kona: Fix GPIO lock/unlock for banks above bank 0 (git-fixes).
- gpio: bcm-kona: Make sure GPIO bits are unlocked when requesting IRQ (git-fixes).
- gpio: pca953x: Improve interrupt support (git-fixes).
- gpio: rcar: Fix missing of_node_put() call (git-fixes).
- gpio: rcar: Use raw_spinlock to protect register access (stable-fixes).
- gpio: stmpe: Check return value of stmpe_reg_read in stmpe_gpio_irq_sync_unlock (git-fixes).
- gpiolib: acpi: Add a quirk for Acer Nitro ANV14 (stable-fixes).
- gpu: drm_dp_cec: fix broken CEC adapter properties check (git-fixes).
- gpu: host1x: Do not assume that a NULL domain means no DMA IOMMU (git-fixes).
- gtp: Use for_each_netdev_rcu() in gtp_genl_dump_pdp() (git-fixes).
- gup: make the stack expansion warning a bit more targeted (bsc#1238214).
- hfs: Sanity check the root record (git-fixes).
- hwmon: (ad7314) Validate leading zero bits and return error (git-fixes).
- hwmon: (ntc_thermistor) Fix the ncpXXxh103 sensor table (git-fixes).
- hwmon: (pmbus) Initialise page count in pmbus_identify() (git-fixes).
- hwmon: fix a NULL vs IS_ERR_OR_NULL() check in xgene_hwmon_probe() (git-fixes).
- i2c: Force ELAN06FA touchpad I2C bus freq to 100KHz (stable-fixes).
- i2c: ali1535: Fix an error handling path in ali1535_probe() (git-fixes).
- i2c: ali15x3: Fix an error handling path in ali15x3_probe() (git-fixes).
- i2c: amd-mp2: drop free_irq() of devm_request_irq() allocated irq (git-fixes).
- i2c: ls2x: Fix frequency division register access (git-fixes).
- i2c: npcm: disable interrupt enable bit before devm_request_irq (git-fixes).
- i2c: omap: fix IRQ storms (git-fixes).
- i2c: sis630: Fix an error handling path in sis630_probe() (git-fixes).
- i3c: Add NULL pointer check in i3c_master_queue_ibi() (git-fixes).
- i3c: master: svc: Fix missing the IBI rules (git-fixes).
- i3c: master: svc: Use readsb helper for reading MDB (git-fixes).
- iavf: allow changing VLAN state without calling PF (git-fixes).
- ice: Remove and readd netdev during devlink reload (bsc#1230497 bsc#1239518).
- ice: Skip PTP HW writes during PTP reset procedure (git-fixes).
- ice: add ice_adapter for shared data across PFs on the same NIC (bsc#1237415).
- ice: avoid the PTP hardware semaphore in gettimex64 path (bsc#1237415).
- ice: check ICE_VSI_DOWN under rtnl_lock when preparing for reset (git-fixes).
- ice: fix incorrect PHY settings for 100 GB/s (git-fixes).
- ice: fix max values for dpll pin phase adjust (git-fixes).
- ice: fold ice_ptp_read_time into ice_ptp_gettimex64 (bsc#1237415).
- ice: gather page_count()'s of each frag right before XDP prog call (git-fixes).
- ice: pass VSI pointer into ice_vc_isvalid_q_id (bsc#1237848 bsc#1230497).
- ice: put Rx buffers after being done with current frame (git-fixes).
- ice: stop storing XDP verdict within ice_rx_buf (git-fixes).
- ice: use internal pf id instead of function number (git-fixes).
- idpf: add read memory barrier when checking descriptor done bit (git-fixes).
- idpf: call set_real_num_queues in idpf_open (bsc#1236661).
- idpf: convert workqueues to unbound (git-fixes).
- idpf: fix VF dynamic interrupt ctl register initialization (git-fixes).
- idpf: fix handling rsc packet with a single segment (git-fixes).
- igc: Fix HW RX timestamp when passed by ZC XDP (git-fixes).
- igc: Set buffer type for empty frames in igc_init_empty_frame (git-fixes).
- igc: return early when failing to read EECD register (git-fixes).
- iio: accel: mma8452: Ensure error return on failure to matching oversampling ratio (git-fixes).
- iio: accel: msa311: Fix failure to release runtime pm if direct mode claim fails (git-fixes).
- iio: adc: ad4130: Fix comparison of channel setups (git-fixes).
- iio: adc: ad7124: Fix comparison of channel configs (git-fixes).
- iio: adc: at91-sama5d2_adc: fix sama7g5 realbits value (git-fixes).
- iio: dac: ad3552r: clear reset status flag (git-fixes).
- iio: filter: admv8818: Force initialization of SDO (git-fixes).
- include/linux/mmzone.h: clean up watermark accessors (bsc#1239600).
- include: net: add static inline dst_dev_overhead() to dst.h (git-fixes).
- init: add initramfs_internal.h (bsc#1232848).
- initcall_blacklist: Does not allow kernel_lockdown be blacklisted (bsc#1237521).
- initramfs: allocate heap buffers together (bsc#1232848).
- initramfs: fix hardlink hash leak without TRAILER (bsc#1232848).
- intel_idle: Add ibrs_off module parameter to force-disable IBRS (git-fixes).
- intel_idle: Use __update_spec_ctrl() in intel_idle_ibrs() (git-fixes).
- intel_th: pci: Add Arrow Lake support (stable-fixes).
- intel_th: pci: Add Panther Lake-H support (stable-fixes).
- intel_th: pci: Add Panther Lake-P/U support (stable-fixes).
- ioam6: improve checks on user data (git-fixes).
- iommu/arm-smmu-v3: Clean up more on probe failure (stable-fixes).
- iommu/vt-d: Fix suspicious RCU usage (git-fixes).
- ipv4: add RCU protection to ip4_dst_hoplimit() (bsc#1239994).
- ipv4: use RCU protection in inet_select_addr() (bsc#1239994).
- ipv4: use RCU protection in ip_dst_mtu_maybe_forward() (bsc#1239994).
- ipv4: use RCU protection in ipv4_default_advmss() (bsc#1239994).
- ipv4: use RCU protection in rt_is_expired() (bsc#1239994).
- ipv6: Ensure natural alignment of const ipv6 loopback and router addresses (git-fixes).
- ipv6: Fix memleak of nhc_pcpu_rth_output in fib_check_nh_v6_gw() (git-fixes).
- ipv6: Set errno after ip_fib_metrics_init() in ip6_route_info_create() (git-fixes).
- ipv6: Use RCU in ip6_input() (bsc#1239994).
- ipv6: annotate data-races around cnf.disable_ipv6 (git-fixes).
- ipv6: avoid atomic fragment on GSO packets (git-fixes).
- ipv6: fib6_rules: flush route cache when rule is changed (git-fixes).
- ipv6: fib: hide unused 'pn' variable (git-fixes).
- ipv6: fix ndisc_is_useropt() handling for PIO (git-fixes).
- ipv6: fix potential NULL deref in fib6_add() (git-fixes).
- ipv6: icmp: convert to dev_net_rcu() (bsc#1239994).
- ipv6: introduce dst_rt6_info() helper (git-fixes).
- ipv6: ioam: block BH from ioam6_output() (git-fixes).
- ipv6: properly combine dev_base_seq and ipv6.dev_addr_genid (git-fixes).
- ipv6: remove hard coded limitation on ipv6_pinfo (git-fixes).
- ipv6: sr: add missing seg6_local_exit (git-fixes).
- ipv6: sr: block BH in seg6_output_core() and seg6_input_core() (git-fixes).
- ipv6: take care of scope when choosing the src addr (git-fixes).
- jfs: add check read-only before truncation in jfs_truncate_nolock() (git-fixes).
- jfs: add check read-only before txBeginAnon() call (git-fixes).
- jfs: add index corruption check to DT_GETPAGE() (git-fixes).
- jfs: fix slab-out-of-bounds read in ea_get() (git-fixes).
- jfs: reject on-disk inodes of an unsupported type (git-fixes).
- kABI fix for RDMA/core: Do not expose hw_counters outside (git-fixes)
- kABI fix for ipv6: remove hard coded limitation on ipv6_pinfo (git-fixes).
- kABI fix for net: ipv6: support reporting otherwise unknown prefix flags in RTM_NEWPREFIX (git-fixes).
- kABI fix for netlink: terminate outstanding dump on socket close (git-fixes).
- kABI fix for tcp: fix cookie_init_timestamp() overflows (git-fixes).
- kABI fix for tcp: replace tcp_time_stamp_raw() (git-fixes).
- kABI workaround for intel-ish-hid (git-fixes).
- kABI workaround for soc_mixer_control changes (git-fixes).
- kabi: fix bus type (bsc#1236896).
- kabi: fix group_cpus_evenly (bsc#1236897).
- kabi: hide adding RCU head into struct netdev_name_node (bsc#1233749).
- kasan: do not call find_vm_area() in a PREEMPT_RT kernel (git-fixes).
- kbuild: hdrcheck: fix cross build with clang (git-fixes).
- kbuild: userprogs: fix bitsize and target detection on clang (git-fixes).
- kernel-source: Also replace bin/env
- kunit: qemu_configs: sparc: use Zilog console (git-fixes).
- l2tp: fix ICMP error handling for UDP-encap sockets (git-fixes).
- l2tp: fix incorrect parameter validation in the pppol2tp_getsockopt() function (git-fixes).
- l2tp: fix lockdep splat (git-fixes).
- leds: rgb: leds-qcom-lpg: Fix calculation of best period Hi-Res PWMs (git-fixes).
- leds: rgb: leds-qcom-lpg: Fix pwm resolution max for Hi-Res PWMs (git-fixes).
- lib/group_cpus: honor housekeeping config when grouping CPUs (bsc#1236897).
- lib/group_cpus: let group_cpu_evenly return number initialized masks (bsc#1236897).
- lib/iov_iter: fix import_iovec_ubuf iovec management (git-fixes).
- lib: 842: Improve error handling in sw842_compress() (git-fixes).
- lib: stackinit: hide never-taken branch from compiler (stable-fixes).
- lockdep: Do not disable interrupts on RT in disable_irq_nosync_lockdep.*() (git-fixes).
- lockdep: Fix upper limit for LOCKDEP_*_BITS configs (stable-fixes).
- lockdep: fix deadlock issue between lockdep and rcu (git-fixes).
- locking/lockdep: Avoid creating new name string literals in lockdep_set_subclass() (git-fixes).
- locking/rwsem: Add __always_inline annotation to __down_write_common() and inlined callers (git-fixes).
- loop: do not set QUEUE_FLAG_NOMERGES (git-fixes).
- md/md-bitmap: Add missing destroy_work_on_stack() (git-fixes).
- md/md-bitmap: add 'sync_size' into struct md_bitmap_stats (git-fixes).
- md/md-bitmap: replace md_bitmap_status() with a new helper md_bitmap_get_stats() (git-fixes).
- md/md-cluster: fix spares warnings for __le64 (git-fixes).
- md/raid0: do not free conf on raid0_run failure (git-fixes).
- md/raid1: do not free conf on raid0_run failure (git-fixes).
- md/raid5: Wait sync io to finish before changing group cnt (git-fixes).
- md: Do not flush sync_work in md_write_start() (git-fixes).
- md: convert comma to semicolon (git-fixes).
- mdacon: rework dependency list (git-fixes).
- media: cxd2841er: fix 64-bit division on gcc-9 (stable-fixes).
- media: dvb: mb86a16: check the return value of mb86a16_read() (git-fixes).
- media: firewire: firedtv-avc.c: replace BUG with proper, error return (git-fixes).
- media: i2c: adv748x: Fix test pattern selection mask (git-fixes).
- media: i2c: ccs: Set the device's runtime PM status correctly in remove (git-fixes).
- media: i2c: ov7251: Introduce 1 ms delay between regulators and en GPIO (git-fixes).
- media: i2c: ov7251: Set enable GPIO low in probe (git-fixes).
- media: ov08x40: Fix hblank out of range issue (git-fixes).
- media: platform: allgro-dvt: unregister v4l2_device on the error path (git-fixes).
- media: platform: stm32: Add check for clk_enable() (git-fixes).
- media: siano: Fix error handling in smsdvb_module_init() (git-fixes).
- media: streamzap: fix race between device disconnection and urb callback (git-fixes).
- media: streamzap: prevent processing IR data on URB failure (git-fixes).
- media: uvcvideo: Add Kurokesu C1 PRO camera (stable-fixes).
- media: uvcvideo: Add new quirk definition for the Sonix Technology Co. 292a camera (stable-fixes).
- media: uvcvideo: Implement dual stream quirk to fix loss of usb packets (stable-fixes).
- media: v4l2-dv-timings: prevent possible overflow in v4l2_detect_gtf() (git-fixes).
- media: venus: hfi: add a check to handle OOB in sfr region (git-fixes).
- media: venus: hfi: add check to handle incorrect queue size (git-fixes).
- media: venus: hfi_parser: add check to avoid out of bound access (git-fixes).
- media: venus: hfi_parser: refactor hfi packet parsing logic (git-fixes).
- media: verisilicon: HEVC: Initialize start_bit field (git-fixes).
- media: vidtv: Fix a null-ptr-deref in vidtv_mux_stop_thread (stable-fixes).
- media: vim2m: print device name after registering device (git-fixes).
- media: visl: Fix ERANGE error when setting enum controls (git-fixes).
- mei: me: add panther lake P DID (stable-fixes).
- memblock tests: fix warning: "__ALIGN_KERNEL" redefined (git-fixes).
- memory: mtk-smi: Add ostd setting for mt8192 (git-fixes).
- memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove (git-fixes).
- mfd: ene-kb3930: Fix a potential NULL pointer dereference (git-fixes).
- mfd: lpc_ich: Add another Gemini Lake ISA bridge PCI device-id (stable-fixes).
- mfd: sm501: Switch to BIT() to mitigate integer overflows (git-fixes).
- mfd: syscon: Add of_syscon_register_regmap() API (stable-fixes).
- mfd: syscon: Fix race in device_node_get_regmap() (git-fixes).
- mfd: syscon: Remove extern from function prototypes (stable-fixes).
- mfd: syscon: Use scoped variables with memory allocators to simplify error paths (stable-fixes).
- mm/compaction: fix UBSAN shift-out-of-bounds warning (git fixes (mm/compaction)).
- mm/page_alloc: fix memory accept before watermarks gets initialized (bsc#1239600).
- mm: accept to promo watermark (bsc#1239600).
- mm: create promo_wmark_pages and clean up open-coded sites (bsc#1239600).
- mm: fix endless reclaim on machines with unaccepted memory (bsc#1239600).
- mm: hugetlb: Add huge page size param to huge_ptep_get_and_clear() (git-fixes)
- mm: zswap: move allocations during CPU init outside the lock (git-fixes).
- mmc: atmel-mci: Add missing clk_disable_unprepare() (git-fixes).
- mmc: core: Respect quirk_max_rate for non-UHS SDIO card (stable-fixes).
- mmc: mtk-sd: Fix register settings for hs400(es) mode (git-fixes).
- mmc: omap: Fix memory leak in mmc_omap_new_slot (git-fixes).
- mmc: sdhci-brcmstb: add cqhci suspend/resume to PM ops (git-fixes).
- mmc: sdhci-msm: Correctly set the load for the regulator (stable-fixes).
- mmc: sdhci-omap: Disable MMC_CAP_AGGRESSIVE_PM for eMMC/SD (git-fixes).
- mptcp: export local_address (git-fixes)
- mptcp: fix NL PM announced address accounting (git-fixes)
- mptcp: fix data races on local_id (git-fixes)
- mptcp: fix inconsistent state on fastopen race (bsc#1222672).
- mptcp: fix recvbuffer adjust on sleeping rcvmsg (git-fixes)
- mptcp: fully established after ADD_ADDR echo on MPJ (git-fixes)
- mptcp: pass addr to mptcp_pm_alloc_anno_list (git-fixes)
- mptcp: pm: check add_addr_accept_max before accepting new ADD_ADDR (git-fixes)
- mptcp: pm: deny endp with signal + subflow + port (git-fixes)
- mptcp: pm: do not ignore 'subflow' if 'signal' flag is also set (git-fixes)
- mptcp: pm: do not try to create sf if alloc failed (git-fixes)
- mptcp: pm: fullmesh: select the right ID later (git-fixes)
- mptcp: pm: inc RmAddr MIB counter once per RM_ADDR ID (git-fixes)
- mptcp: pm: only in-kernel cannot have entries with ID 0 (git-fixes)
- mptcp: pm: re-using ID of unused flushed subflows (git-fixes)
- mptcp: pm: re-using ID of unused removed ADD_ADDR (git-fixes)
- mptcp: pm: re-using ID of unused removed subflows (git-fixes)
- mptcp: pm: reduce indentation blocks (git-fixes)
- mptcp: pm: remove mptcp_pm_remove_subflow (git-fixes)
- mptcp: unify pm get_flags_and_ifindex_by_id (git-fixes)
- mptcp: unify pm get_local_id interfaces (git-fixes)
- mptcp: unify pm set_flags interfaces (git-fixes)
- mtd: Add check for devm_kcalloc() (git-fixes).
- mtd: Replace kcalloc() with devm_kcalloc() (git-fixes).
- mtd: nand: Fix a kdoc comment (git-fixes).
- mtd: rawnand: brcmnand: fix PM resume warning (git-fixes).
- mtd: rawnand: cadence: fix error code in cadence_nand_init() (git-fixes).
- mtd: rawnand: cadence: fix incorrect device in dma_unmap_single (git-fixes).
- mtd: rawnand: cadence: fix unchecked dereference (git-fixes).
- mtd: rawnand: cadence: use dma_map_resource for sdma address (git-fixes).
- nbd: Fix signal handling (git-fixes).
- nbd: Improve the documentation of the locking assumptions (git-fixes).
- nbd: do not allow reconnect after disconnect (git-fixes).
- ndisc: ndisc_send_redirect() must use dev_get_by_index_rcu() (bsc#1239994).
- ndisc: use RCU protection in ndisc_alloc_skb() (bsc#1239994).
- net l2tp: drop flow hash on forward (git-fixes).
- net/mlx5: Correct TASR typo into TSAR (git-fixes).
- net/mlx5: Fix RDMA TX steering prio (git-fixes).
- net/mlx5: Fix msix vectors to respect platform limit (bsc#1225981).
- net/mlx5: SF, Fix add port error handling (git-fixes).
- net/mlx5: Verify support for scheduling element and TSAR type (git-fixes).
- net/mlx5e: Always start IPsec sequence number from 1 (git-fixes).
- net/mlx5e: Rely on reqid in IPsec tunnel mode (git-fixes).
- net/mlx5e: macsec: Maintain TX SA from encoding_sa (git-fixes).
- net/sched: act_api: deny mismatched skip_sw/skip_hw flags for actions created by classifiers (git-fixes).
- net/sched: act_api: rely on rcu in tcf_idr_check_alloc (git-fixes).
- net/sched: adjust device watchdog timer to detect stopped queue at right time (git-fixes).
- net/sched: cbs: Fix integer overflow in cbs_set_port_rate() (git-fixes).
- net/sched: cls_u32: replace int refcounts with proper refcounts (git-fixes).
- net/sched: flower: Add lock protection when remove filter handle (git-fixes).
- net/sched: taprio: make q->picos_per_byte available to fill_sched_entry() (git-fixes).
- net/sched: tbf: correct backlog statistic for GSO packets (git-fixes).
- net/smc: support ipv4 mapped ipv6 addr client for smc-r v2 (bsc#1236994).
- net: Fix undefined behavior in netdev name allocation (bsc#1233749).
- net: add dev_net_rcu() helper (bsc#1239994).
- net: avoid UAF on deleted altname (bsc#1233749).
- net: check for altname conflicts when changing netdev's netns (bsc#1233749).
- net: constify sk_dst_get() and __sk_dst_get() argument (git-fixes).
- net: core: Use the bitmap API to allocate bitmaps (bsc#1233749).
- net: do not send a MOVE event when netdev changes netns (bsc#1233749).
- net: do not use input buffer of __dev_alloc_name() as a scratch space (bsc#1233749).
- net: fix ifname in netlink ntf during netns move (bsc#1233749).
- net: fix removing a namespace with conflicting altnames (bsc#1233749).
- net: free altname using an RCU callback (bsc#1233749).
- net: ipv6: fix dst ref loop in ila lwtunnel (git-fixes).
- net: ipv6: fix dst ref loop on input in rpl lwt (git-fixes).
- net: ipv6: fix dst ref loop on input in seg6 lwt (git-fixes).
- net: ipv6: fix dst refleaks in rpl, seg6 and ioam6 lwtunnels (git-fixes).
- net: ipv6: fix missing dst ref drop in ila lwtunnel (git-fixes).
- net: ipv6: fix wrong start position when receive hop-by-hop fragment (git-fixes).
- net: ipv6: ioam6: code alignment (git-fixes).
- net: ipv6: ioam6: new feature tunsrc (git-fixes).
- net: ipv6: ioam6_iptunnel: mitigate 2-realloc issue (git-fixes).
- net: ipv6: rpl_iptunnel: Fix memory leak in rpl_input (git-fixes).
- net: ipv6: rpl_iptunnel: block BH in rpl_output() and rpl_input() (git-fixes).
- net: ipv6: rpl_iptunnel: mitigate 2-realloc issue (git-fixes).
- net: ipv6: seg6_iptunnel: mitigate 2-realloc issue (git-fixes).
- net: ipv6: select DST_CACHE from IPV6_RPL_LWTUNNEL (git-fixes).
- net: ipv6: support reporting otherwise unknown prefix flags in RTM_NEWPREFIX (git-fixes).
- net: make dev_alloc_name() call dev_prep_valid_name() (bsc#1233749).
- net: mana: Add flex array to struct mana_cfg_rx_steer_req_v2 (bsc#1239016).
- net: mana: Add get_link and get_link_ksettings in ethtool (bsc#1236761).
- net: mana: Allow variable size indirection table (bsc#1239016).
- net: mana: Assigning IRQ affinity on HT cores (bsc#1239015).
- net: mana: Avoid open coded arithmetic (bsc#1239016).
- net: mana: Cleanup "mana" debugfs dir after cleanup of all children (bsc#1236760).
- net: mana: Enable debugfs files for MANA device (bsc#1236758).
- net: mana: Fix irq_contexts memory leak in mana_gd_setup_irqs (bsc#1239015).
- net: mana: Fix memory leak in mana_gd_setup_irqs (bsc#1239015).
- net: mana: Support holes in device list reply msg (git-fixes).
- net: mana: add a function to spread IRQs per CPUs (bsc#1239015).
- net: mana: cleanup mana struct after debugfs_remove() (git-fixes).
- net: move altnames together with the netdevice (bsc#1233749).
- net: netvsc: Update default VMBus channels (bsc#1236757).
- net: reduce indentation of __dev_alloc_name() (bsc#1233749).
- net: remove dev_valid_name() check from __dev_alloc_name() (bsc#1233749).
- net: remove else after return in dev_prep_valid_name() (bsc#1233749).
- net: rose: lock the socket in rose_bind() (git-fixes).
- net: sfc: Correct key_len for efx_tc_ct_zone_ht_params (git-fixes).
- net: smc: fix spurious error message from __sock_release() (bsc#1237126).
- net: trust the bitmap in __dev_alloc_name() (bsc#1233749).
- net: usb: usbnet: restore usb%d name exception for local mac addresses (bsc#1234480).
- net: use unrcu_pointer() helper (git-fixes).
- net: wwan: iosm: Fix hibernation by re-binding the driver around it (stable-fixes).
- net: wwan: mhi_wwan_mbim: Silence sequence number glitch errors (stable-fixes).
- net_sched: Prevent creation of classes with TC_H_ROOT (git-fixes).
- net_sched: sch_sfq: annotate data-races around q->perturb_period (git-fixes).
- net_sched: sch_sfq: handle bigger packets (git-fixes).
- nfsd: clear acl_access/acl_default after releasing them (git-fixes).
- nouveau/svm: fix missing folio unlock + put after make_device_exclusive_range() (git-fixes).
- null_blk: Do not allow runt zone with zone capacity smaller then zone size (git-fixes).
- null_blk: Fix missing mutex_destroy() at module removal (git-fixes).
- null_blk: Fix the WARNING: modpost: missing MODULE_DESCRIPTION() (git-fixes).
- null_blk: Print correct max open zones limit in null_init_zoned_dev() (git-fixes).
- null_blk: Remove usage of the deprecated ida_simple_xx() API (git-fixes).
- null_blk: do not cap max_hw_sectors to BLK_DEF_MAX_SECTORS (git-fixes).
- null_blk: fix validation of block size (git-fixes).
- nvme-fc: do not ignore connectivity loss during connecting (git-fixes bsc#1222649).
- nvme-fc: go straight to connecting state when initializing (git-fixes bsc#1222649).
- nvme-fc: rely on state transitions to handle connectivity loss (git-fixes bsc#1222649).
- nvme-fc: use ctrl state getter (git-fixes).
- nvme-ioctl: fix leaked requests on mapping error (git-fixes).
- nvme-pci: Add TUXEDO IBP Gen9 to Samsung sleep quirk (git-fixes).
- nvme-pci: Add TUXEDO InfinityFlex to Samsung sleep quirk (git-fixes).
- nvme-pci: quirk Acer FA100 for non-uniqueue identifiers (git-fixes).
- nvme-pci: remove stale comment (git-fixes).
- nvme-pci: use block layer helpers to calculate num of queues (bsc#1236897).
- nvme-tcp: Fix a C2HTermReq error message (git-fixes).
- nvme-tcp: add basic support for the C2HTermReq PDU (git-fixes).
- nvme-tcp: fix connect failure on receiving partial ICResp PDU (git-fixes).
- nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu() (git-fixes).
- nvme-tcp: fix signedness bug in nvme_tcp_init_connection() (git-fixes).
- nvme/ioctl: add missing space in err message (git-fixes).
- nvme: handle connectivity loss in nvme_set_queue_count (git-fixes).
- nvme: introduce nvme_disk_is_ns_head helper (git-fixes).
- nvme: make nvme_tls_attrs_group static (git-fixes).
- nvme: move error logging from nvme_end_req() to __nvme_end_req() (git-fixes).
- nvme: move passthrough logging attribute to head (git-fixes).
- nvme: only allow entering LIVE from CONNECTING state (git-fixes bsc#1222649).
- nvme: replace blk_mq_pci_map_queues with blk_mq_map_hw_queues (bsc#1236896).
- nvme: tcp: Fix compilation warning with W=1 (git-fixes).
- nvmet-fc: Remove unused functions (git-fixes).
- nvmet-rdma: recheck queue state is LIVE in state lock in recv done (git-fixes).
- nvmet-tcp: Fix a possible sporadic response drops in weakly ordered arch (git-fixes).
- nvmet: Fix crash when a namespace is disabled (git-fixes).
- nvmet: remove old function prototype (git-fixes).
- ocfs2: check dir i_size in ocfs2_find_entry (git-fixes).
- ocfs2: fix deadlock in ocfs2_get_system_file_inode (git-fixes).
- ocfs2: fix incorrect CPU endianness conversion causing mount failure (bsc#1236138).
- ocfs2: handle a symlink read error correctly (git-fixes).
- ocfs2: mark dquot as inactive if failed to start trans while releasing dquot (git-fixes).
- ocfs2: update seq_file index in ocfs2_dlm_seq_next (git-fixes).
- orangefs: fix a oob in orangefs_debug_write (git-fixes).
- padata: Clean up in padata_do_multithreaded() (bsc#1237563).
- padata: Honor the caller's alignment in case of chunk_size 0 (bsc#1237563).
- padata: fix sysfs store callback check (git-fixes).
- partitions: ldm: remove the initial kernel-doc notation (git-fixes).
- partitions: mac: fix handling of bogus partition table (git-fixes).
- phy: exynos5-usbdrd: fix MPLL_MULTIPLIER and SSC_REFCLKSEL masks in refclk (git-fixes).
- phy: rockchip: naneng-combphy: compatible reset with old DT (git-fixes).
- phy: tegra: xusb: reset VBUS & ID OVERRIDE (git-fixes).
- pinctrl: bcm281xx: Fix incorrect regmap max_registers value (git-fixes).
- pinctrl: cy8c95x0: Respect IRQ trigger settings from firmware (git-fixes).
- pinctrl: intel: Fix wrong bypass assignment in intel_pinctrl_probe_pwm() (git-fixes).
- pinctrl: qcom: Clear latched interrupt status when changing IRQ type (git-fixes).
- pinctrl: renesas: rza2: Fix missing of_node_put() call (git-fixes).
- pinctrl: renesas: rzv2m: Fix missing of_node_put() call (git-fixes).
- pinctrl: tegra: Set SFIO mode to Mux Register (git-fixes).
- platform/x86/intel-uncore-freq: Ignore minor version change (bsc#1237452).
- platform/x86/intel-uncore-freq: Increase minor number support (bsc#1237452).
- platform/x86/intel/tpmi: Add defines to get version information (bsc#1237452).
- platform/x86/intel: pmc: fix ltr decode in pmc_core_ltr_show() (stable-fixes).
- platform/x86: ISST: Ignore minor version change (bsc#1237452).
- platform/x86: acer-wmi: Ignore AC events (stable-fixes).
- platform/x86: dell-ddv: Fix temperature calculation (git-fixes).
- platform/x86: int3472: Check for adev == NULL (stable-fixes).
- platform/x86: thinkpad_acpi: Add battery quirk for ThinkPad X131e (stable-fixes).
- platform/x86: thinkpad_acpi: Fix invalid fan speed on ThinkPad X120e (stable-fixes).
- platform/x86: thinkpad_acpi: Support for V9 DYTC platform profiles (stable-fixes).
- pnfs/flexfiles: retry getting layout segment for reads (git-fixes).
- power: supply: da9150-fg: fix potential overflow (git-fixes).
- power: supply: max77693: Fix wrong conversion of charge input threshold value (git-fixes).
- powerpc/64s/mm: Move __real_pte stubs into hash-4k.h (bsc#1215199).
- powerpc/64s: Rewrite __real_pte() and __rpte_to_hidx() as static inline (bsc#1215199).
- powerpc/code-patching: Disable KASAN report during patching via temporary mm (bsc#1215199).
- powerpc/code-patching: Fix KASAN hit by not flagging text patching area as VM_ALLOC (bsc#1215199).
- powerpc/pseries/eeh: Fix pseries_eeh_err_inject (bsc#1239573).
- powerpc/pseries/eeh: move pseries_eeh_err_inject() outside CONFIG_DEBUG_FS block (bsc#1239573).
- powerpc/pseries/iommu: Split Dynamic DMA Window to be used in Hybrid mode (ltc#210895 bsc#1235933 ltc#210896
bsc#1235932).
- powerpc/pseries/iommu: memory notifier incorrectly adds TCEs for pmemory (bsc#1239167 ltc#211055).
- powerpc/trace: Add support for HAVE_FUNCTION_ARG_ACCESS_API (bsc#1236967 ltc#210988).
- powerpc: Stop using no_llseek (bsc#1239573).
- printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX (bsc#1237950).
- r8169: enable SG/TSO on selected chip versions per default (bsc#1235874).
- rapidio: add check for rio_add_net() in rio_scan_alloc_net() (git-fixes).
- rapidio: fix an API misues when rio_add_net() fails (git-fixes).
- rbd: do not assume RBD_LOCK_STATE_LOCKED for exclusive mappings (git-fixes).
- rbd: do not assume rbd_is_lock_owner() for exclusive mappings (git-fixes).
- rbd: do not move requests to the running list on errors (git-fixes).
- rbd: rename RBD_LOCK_STATE_RELEASING and releasing_wait (git-fixes).
- regmap-irq: Add missing kfree() (git-fixes).
- regulator: check that dummy regulator has been probed before using it (stable-fixes).
- regulator: core: Fix deadlock in create_regulator() (git-fixes).
- regulator: dummy: force synchronous probing (git-fixes).
- rndis_host: Flag RNDIS modems as WWAN devices (git-fixes).
- rpm/kernel-docs.spec.in: Workaround for reproducible builds (bsc#1238303)
- rpm/release-projects: Update the ALP projects again (bsc#1231293).
- rpm/split-modules: Fix optional splitting with usrmerge (bsc#1238570)
- s390/cio: rename bitmap_size() -> idset_bitmap_size() (git-fixes bsc#1236205).
- s390/futex: Fix FUTEX_OP_ANDN implementation (git-fixes bsc#1237158).
- s390/iucv: fix receive buffer virtual vs physical address confusion (git-fixes bsc#1236200).
- s390/pci: Fix SR-IOV for PFs initially in standby (git-fixes bsc#1236752).
- s390/pci: Fix handling of isolated VFs (git-fixes bsc#1238368).
- s390/pci: Fix leak of struct zpci_dev when zpci_add_device() fails (bsc#1236752).
- s390/pci: Ignore RID for isolated VFs (bsc#1236752).
- s390/pci: Pull search for parent PF out of zpci_iov_setup_virtfn() (git-fixes bsc#1238368).
- s390/pci: Sort PCI functions prior to creating virtual busses (bsc#1236752).
- s390/pci: Use topology ID for multi-function devices (bsc#1236752).
- s390/smp,mcck: fix early IPI handling (git-fixes bsc#1236199).
- s390/stackleak: Use exrl instead of ex in __stackleak_poison() (git-fixes bsc#1239594).
- s390/topology: Improve topology detection (bsc#1236591).
- s390/traps: Fix test_monitor_call() inline assembly (git-fixes bsc#1239595).
- s390/vfio-ap: Remove gmap_convert_to_secure() from vfio_ap_ops (git-fixes bsc#1236203).
- sched/membarrier: Fix redundant load of membarrier_state (bsc#1232743).
- scripts/gdb: fix aarch64 userspace detection in get_current_task (stable-fixes).
- scsi: core: Clear driver private data when retrying request (git-fixes).
- scsi: core: Do not retry I/Os during depopulation (git-fixes).
- scsi: core: Handle depopulation and restoration in progress (git-fixes).
- scsi: hisi_sas: Allocate DFX memory during dump trigger (git-fixes).
- scsi: hisi_sas: Directly call register snapshot instead of using workqueue (git-fixes).
- scsi: hisi_sas: Enable all PHYs that are not disabled by user during controller reset (git-fixes).
- scsi: hisi_sas: Fix a deadlock issue related to automatic dump (git-fixes).
- scsi: hisi_sas: Remove redundant checks for automatic debugfs dump (git-fixes).
- scsi: iscsi: Fix redundant response for ISCSI_UEVENT_GET_HOST_STATS request (git-fixes).
- scsi: lpfc: Copyright updates for 14.4.0.8 patches (bsc#1238347).
- scsi: lpfc: Free phba irq in lpfc_sli4_enable_msi() when pci_irq_vector() fails (bsc#1238347).
- scsi: lpfc: Handle duplicate D_IDs in ndlp search-by D_ID routine (bsc#1238347).
- scsi: lpfc: Ignore ndlp rport mismatch in dev_loss_tmo callbk (bsc#1238347).
- scsi: lpfc: Reduce log message generation during ELS ring clean up (bsc#1238347).
- scsi: lpfc: Update lpfc version to 14.4.0.8 (bsc#1238347).
- scsi: megaraid_sas: Fix for a potential deadlock (git-fixes).
- scsi: mpi3mr: Fix possible crash when setting up bsg fails (git-fixes).
- scsi: mpi3mr: Start controller indexing from 0 (git-fixes).
- scsi: mpi3mr: Use ida to manage mrioc ID (git-fixes).
- scsi: mpt3sas: Diag-Reset when Doorbell-In-Use bit is set during driver load time (jsc#PED-11253).
- scsi: myrb: Remove dead code (git-fixes).
- scsi: qedi: Fix potential deadlock on &qedi_percpu->p_work_lock (git-fixes).
- scsi: qla1280: Fix hw revision numbering for ISP1020/1040 (git-fixes).
- scsi: replace blk_mq_pci_map_queues with blk_mq_map_hw_queues (bsc#1236896).
- scsi: scsi_debug: Fix hrtimer support for ndelay (git-fixes).
- scsi: sg: Enable runtime power management (git-fixes).
- scsi: st: Add MTIOCGET and MTLOAD to ioctls allowed after device reset (git-fixes).
- scsi: st: Do not modify unknown block number in MTIOCGET (git-fixes).
- scsi: storvsc: Set correct data length for sending SCSI command without payload (git-fixes).
- scsi: use block layer helpers to calculate num of queues (bsc#1236897).
- selftest: hugetlb_dio: fix test naming (git-fixes).
- selftest: mm: Test if hugepage does not get leaked during __bio_release_pages() (git-fixes).
- selftests/bpf: Fix flaky selftest lwt_redirect/lwt_reroute (git-fixes).
- selftests/bpf: Fix flaky test btf_map_in_map/lookup_update (git-fixes).
- selftests/bpf: Prevent client connect before server bind in test_tc_tunnel.sh (git-fixes).
- selftests/bpf: add fp-leaking precise subprog result tests (git-fixes).
- selftests/futex: pass _GNU_SOURCE without a value to the compiler (git-fixes).
- selftests/mm/cow: fix the incorrect error handling (git-fixes).
- selftests/net/ipsec: Fix Null pointer dereference in rtattr_pack() (stable-fixes).
- selftests/x86/syscall: Fix coccinelle WARNING recommending the use of ARRAY_SIZE() (git-fixes).
- selftests: gpio: gpio-sim: Fix missing chip disablements (stable-fixes).
- selftests: hugetlb_dio: check for initial conditions to skip in the start (git-fixes).
- selftests: hugetlb_dio: fixup check for initial conditions to skip in the start (git-fixes).
- selftests: mptcp: close fd_in before returning in main_loop (git-fixes).
- selftests: mptcp: connect: -f: no reconnect (git-fixes).
- selftests: mptcp: fix incorrect fd checks in main_loop (git-fixes).
- selftests: rtnetlink: update netdevsim ipsec output format (stable-fixes).
- seq_file: add helper macro to define attribute for rw file (jsc#PED-12416).
- serial: 8250: Fix fifo underflow on flush (git-fixes).
- serial: sc16is7xx: use device_property APIs when configuring irda mode (stable-fixes).
- slimbus: messaging: Free transaction ID in delayed interrupt scenario (git-fixes).
- smb3: fix creating FIFOs when mounting with "sfu" mount option (git-fixes).
- smb3: request handle caching when caching directories (bsc#1231432).
- smb3: retrying on failed server close (bsc#1231432).
- smb: cached directories can be more than root file handle (bsc#1231432).
- smb: cilent: set reparse mount points as automounts (git-fixes).
- smb: client: Fix a NULL vs IS_ERR() check in wsl_set_xattrs() (git-fixes).
- smb: client: Fix minor whitespace errors and warnings (git-fixes).
- smb: client: Fix netns refcount imbalance causing leaks and use-after-free (git-fixes).
- smb: client: add support for WSL reparse points (git-fixes).
- smb: client: allow creating special files via reparse points (git-fixes).
- smb: client: allow creating symlinks via reparse points (git-fixes).
- smb: client: cleanup smb2_query_reparse_point() (git-fixes).
- smb: client: destroy cfid_put_wq on module exit (git-fixes).
- smb: client: do not query reparse points twice on symlinks (git-fixes).
- smb: client: extend smb2_compound_op() to accept more commands (bsc#1231432).
- smb: client: fix OOB in SMB2_query_info_init() (bsc#1231432).
- smb: client: fix OOB in smb2_query_reparse_point() (git-fixes).
- smb: client: fix corruption in cifs_extend_writeback (bsc#1235609).
- smb: client: fix double put of @cfile in smb2_rename_path() (git-fixes).
- smb: client: fix double put of @cfile in smb2_set_path_size() (git-fixes).
- smb: client: fix hardlinking of reparse points (git-fixes).
- smb: client: fix missing mode bits for SMB symlinks (git-fixes).
- smb: client: fix possible double free in smb2_set_ea() (git-fixes).
- smb: client: fix potential broken compound request (git-fixes).
- smb: client: fix renaming of reparse points (git-fixes).
- smb: client: get rid of smb311_posix_query_path_info() (git-fixes).
- smb: client: handle STATUS_IO_REPARSE_TAG_NOT_HANDLED (git-fixes).
- smb: client: handle lack of FSCTL_GET_REPARSE_POINT support (git-fixes).
- smb: client: handle path separator of created SMB symlinks (git-fixes).
- smb: client: handle special files and symlinks in SMB3 POSIX (git-fixes).
- smb: client: ignore unhandled reparse tags (git-fixes).
- smb: client: implement ->query_reparse_point() for SMB1 (git-fixes).
- smb: client: instantiate when creating SFU files (git-fixes).
- smb: client: introduce ->parse_reparse_point() (git-fixes).
- smb: client: introduce SMB2_OP_QUERY_WSL_EA (git-fixes).
- smb: client: introduce cifs_sfu_make_node() (git-fixes).
- smb: client: introduce reparse mount option (git-fixes).
- smb: client: make smb2_compound_op() return resp buffer on success (bsc#1231432).
- smb: client: move most of reparse point handling code to common file (git-fixes).
- smb: client: move some params to cifs_open_info_data (bsc#1231432).
- smb: client: optimise reparse point querying (git-fixes).
- smb: client: parse owner/group when creating reparse points (git-fixes).
- smb: client: parse reparse point flag in create response (bsc#1231432).
- smb: client: parse uid, gid, mode and dev from WSL reparse points (git-fixes).
- smb: client: properly close cfids on umount (bsc#1231432, bsc#1232299, bsc#1235599, bsc#1234896).
- smb: client: reduce number of parameters in smb2_compound_op() (git-fixes).
- smb: client: reduce stack usage in smb2_query_info_compound() (bsc#1231432).
- smb: client: reduce stack usage in smb2_query_reparse_point() (git-fixes).
- smb: client: reduce stack usage in smb2_set_ea() (bsc#1231432).
- smb: client: retry compound request without reusing lease (git-fixes).
- smb: client: return reparse type in /proc/mounts (git-fixes).
- smb: client: reuse file lease key in compound operations (git-fixes).
- smb: client: set correct d_type for reparse DFS/DFSR and mount point (git-fixes).
- smb: client: set correct file type from NFS reparse points (git-fixes).
- smb: client: stop revalidating reparse points unnecessarily (git-fixes).
- smb: use kernel_connect() and kernel_bind() (git-fixes).
- soc/mediatek: mtk-devapc: Convert to platform remove callback returning void (stable-fixes).
- soc/tegra: fuse: Update Tegra234 nvmem keepout list (stable-fixes).
- soc: imx8m: Remove global soc_uid (stable-fixes).
- soc: imx8m: Unregister cpufreq and soc dev in cleanup path (git-fixes).
- soc: imx8m: Use devm_* to simplify probe failure handling (stable-fixes).
- soc: loongson: loongson2_guts: Add check for devm_kstrdup() (git-fixes).
- soc: mediatek: mt8167-mmsys: Fix missing regval in all entries (git-fixes).
- soc: mediatek: mt8365-mmsys: Fix routing table masks and values (git-fixes).
- soc: mediatek: mtk-devapc: Fix leaking IO map on driver remove (git-fixes).
- soc: qcom: pdr: Fix the potential deadlock (git-fixes).
- soc: qcom: smem: introduce qcom_smem_get_soc_id() (git-fixes).
- soc: qcom: socinfo: move SMEM item struct and defines to a header (git-fixes).
- soc: samsung: exynos-chipid: Add NULL pointer check in exynos_chipid_probe() (git-fixes).
- soundwire: slave: fix an OF node reference leak in soundwire slave device (git-fixes).
- spi: atmel-qspi: Memory barriers after memory-mapped I/O (git-fixes).
- spi: atmel-quadspi: Create `atmel_qspi_ops` to support newer SoC families (stable-fixes).
- spi: cadence-qspi: Fix probe on AM62A LP SK (git-fixes).
- spi: microchip-core: Clean up redundant dev_err_probe() (git-fixes).
- spi: microchip-core: Use helper function devm_clk_get_enabled() (git-fixes).
- spi: sn-f-ospi: Fix division by zero (git-fixes).
- splice: do not checksum AF_UNIX sockets (bsc#1240333).
- sunrpc: suppress warnings for unused procfs functions (git-fixes).
- supported.conf: add now-included qat_420xx (external, intel)
- tcp: Add memory barrier to tcp_push() (git-fixes).
- tcp: Adjust clamping window for applications specifying SO_RCVBUF (git-fixes).
- tcp: Annotate data-race around sk->sk_mark in tcp_v4_send_reset (git-fixes).
- tcp: Defer ts_recent changes until req is owned (git-fixes).
- tcp: Do not drop SYN+ACK for simultaneous connect() (git-fixes).
- tcp: Fix NEW_SYN_RECV handling in inet_twsk_purge() (git-fixes).
- tcp: Fix bind() regression for v6-only wildcard and v4(-mapped-v6) non-wildcard addresses (git-fixes).
- tcp: Update window clamping condition (git-fixes).
- tcp: add tcp_done_with_error() helper (git-fixes).
- tcp: adjust rcvq_space after updating scaling ratio (git-fixes).
- tcp: annotate data-races around tp->window_clamp (git-fixes).
- tcp: avoid premature drops in tcp_add_backlog() (git-fixes).
- tcp: avoid reusing FIN_WAIT2 when trying to find port in connect() process (git-fixes).
- tcp: check mptcp-level constraints for backlog coalescing (git-fixes).
- tcp: check space before adding MPTCP SYN options (git-fixes).
- tcp: clear tp->retrans_stamp in tcp_rcv_fastopen_synack() (git-fixes).
- tcp: count CLOSE-WAIT sockets for TCP_MIB_CURRESTAB (git-fixes).
- tcp: define initial scaling factor value as a macro (git-fixes).
- tcp: derive delack_max from rto_min (git-fixes).
- tcp: fix TFO SYN_RECV to not zero retrans_stamp with retransmits out (git-fixes).
- tcp: fix cookie_init_timestamp() overflows (git-fixes).
- tcp: fix forever orphan socket caused by tcp_abort (git-fixes).
- tcp: fix incorrect parameter validation in the do_tcp_getsockopt() function (git-fixes).
- tcp: fix incorrect undo caused by DSACK of TLP retransmit (git-fixes).
- tcp: fix mid stream window clamp (git-fixes).
- tcp: fix race in tcp_v6_syn_recv_sock() (git-fixes).
- tcp: fix race in tcp_write_err() (git-fixes).
- tcp: fix races in tcp_abort() (git-fixes).
- tcp: fix races in tcp_v_err() (git-fixes).
- tcp: fix tcp_enter_recovery() to zero retrans_stamp when it's safe (git-fixes).
- tcp: fix tcp_rcv_fastopen_synack() to enter TCP_CA_Loss for failed TFO (git-fixes).
- tcp: fix to allow timestamp undo if no retransmits were sent (git-fixes).
- tcp: increase the default TCP scaling ratio (git-fixes).
- tcp: introduce tcp_clock_ms() (git-fixes).
- tcp: process the 3rd ACK with sk_socket for TFO/MPTCP (git-fixes).
- tcp: reduce accepted window in NEW_SYN_RECV state (git-fixes).
- tcp: remove 64 KByte limit for initial tp->rcv_wnd value (git-fixes).
- tcp: replace tcp_time_stamp_raw() (git-fixes).
- tg3: Disable tg3 PCIe AER on system reboot (bsc#1219367).
- thermal/drivers/rockchip: Add missing rk3328 mapping entry (git-fixes).
- thermal: int340x: Add NULL check for adev (git-fixes).
- tomoyo: do not emit warning in tomoyo_write_control() (stable-fixes).
- tools/testing/selftests/bpf/test_tc_tunnel.sh: Fix wait for server bind (git-fixes).
- tools: fix annoying "mkdir -p ..." logs when building tools in parallel (git-fixes).
- tpm, tpm_tis: Fix timeout handling when waiting for TPM status (git-fixes).
- tpm: do not start chip while suspended (git-fixes).
- tpm: send_data: Wait longer for the TPM to become ready (bsc#1235870).
- tty: xilinx_uartps: split sysrq handling (git-fixes).
- ubi: Add a check for ubi_num (git-fixes).
- ubi: block: Fix use-after-free in ubiblock_cleanup (git-fixes).
- ubi: block: fix null-pointer-dereference in ubiblock_create() (git-fixes).
- ubi: correct the calculation of fastmap size (stable-fixes).
- ubi: eba: properly rollback inside self_check_eba (git-fixes).
- ubi: fastmap: Fix missed ec updating after erasing old fastmap data block (git-fixes).
- ubi: fastmap: may_reserve_for_fm: Do not reserve PEB if fm_anchor exists (git-fixes).
- ubi: fastmap: wl: Schedule fm_work if wear-leveling pool is empty (git-fixes).
- ubi: wl: Put source PEB into correct list if trying locking LEB failed (git-fixes).
- ublk: fix error code for unsupported command (git-fixes).
- ublk: fix ublk_ch_mmap() for 64K page size (git-fixes).
- ublk: move ublk_cancel_dev() out of ub->mutex (git-fixes).
- ublk: move zone report data out of request pdu (git-fixes).
- usb: atm: cxacru: fix a flaw in existing endpoint checks (git-fixes).
- usb: cdc-acm: Check control transfer buffer size before access (git-fixes).
- usb: cdc-acm: Fix handling of oversized fragments (git-fixes).
- usb: chipidea: ci_hdrc_imx: decrement device's refcount in .remove() and in the error path of .probe() (git-fixes).
- usb: core: fix pipe creation for get_bMaxPacketSize0 (git-fixes).
- usb: dwc2: gadget: remove of_node reference upon udc_stop (git-fixes).
- usb: dwc3: Fix timeout issue during controller enter/exit from halt state (git-fixes).
- usb: dwc3: core: Defer the probe until USB power supply ready (git-fixes).
- usb: dwc3: gadget: Prevent irq storm when TH re-executes (git-fixes).
- usb: gadget: Check bmAttributes only if configuration is valid (git-fixes).
- usb: gadget: Fix setting self-powered state on suspend (git-fixes).
- usb: gadget: Set self-powered based on MaxPower and bmAttributes (git-fixes).
- usb: gadget: core: flush gadget workqueue after device removal (git-fixes).
- usb: gadget: f_midi: Fixing wMaxPacketSize exceeded issue during MIDI bind retries (git-fixes).
- usb: gadget: f_midi: fix MIDI Streaming descriptor lengths (git-fixes).
- usb: gadget: u_ether: Set is_suspend flag if remote wakeup fails (git-fixes).
- usb: gadget: udc: renesas_usb3: Fix compiler warning (git-fixes).
- usb: hub: lack of clearing xHC resources (git-fixes).
- usb: phy: generic: Use proper helper for property detection (stable-fixes).
- usb: quirks: Add DELAY_INIT and NO_LPM for Prolific Mass Storage Card Reader (stable-fixes).
- usb: quirks: Add NO_LPM quirk for TOSHIBA TransMemory-Mx device (git-fixes).
- usb: renesas_usbhs: Call clk_put() (git-fixes).
- usb: renesas_usbhs: Flush the notify_hotplug_work (git-fixes).
- usb: renesas_usbhs: Use devm_usb_get_phy() (git-fixes).
- usb: roles: set switch registered flag early on (git-fixes).
- usb: typec: tcpci_rt1711h: Unmask alert interrupts to fix functionality (git-fixes).
- usb: typec: ucsi: Fix NULL pointer access (git-fixes).
- usb: typec: ucsi: increase timeout for PPM reset operations (git-fixes).
- usb: xHCI: add XHCI_RESET_ON_RESUME quirk for Phytium xHCI host (git-fixes).
- usb: xhci: Enable the TRB overfetch quirk on VIA VL805 (git-fixes).
- usb: xhci: Fix NULL pointer dereference on certain command aborts (git-fixes).
- usb: xhci: remove 'retval' from xhci_pci_resume() (git-fixes).
- usbnet: gl620a: fix endpoint checking in genelink_bind() (git-fixes).
- usbnet: ipheth: document scope of NCM implementation (stable-fixes).
- util_macros.h: fix/rework find_closest() macros (git-fixes).
- vboxsf: fix building with GCC 15 (stable-fixes).
- vfio/pci: Lock external INTx masking ops (bsc#1222803).
- vhost/net: Set num_buffers for virtio 1.0 (git-fixes).
- virtio-mem: check if the config changed before fake offlining memory (git-fixes).
- virtio-mem: convert most offline_and_remove_memory() errors to -EBUSY (git-fixes).
- virtio-mem: keep retrying on offline_and_remove_memory() errors in Sub Block Mode (SBM) (git-fixes).
- virtio-mem: remove unsafe unplug in Big Block Mode (BBM) (git-fixes).
- virtio: blk/scsi: replace blk_mq_virtio_map_queues with blk_mq_map_hw_queues (bsc#1236896).
- virtio: blk/scsi: use block layer helpers to calculate num of queues (bsc#1236897).
- virtio: hookup irq_get_affinity callback (bsc#1236896).
- virtio_blk: reverse request order in virtio_queue_rqs (git-fixes).
- vsock/virtio: cancel close work in the destructor (git-fixes)
- vsock: Keep the binding until socket destruction (git-fixes)
- vsock: reset socket state when de-assigning the transport (git-fixes)
- wifi: ath11k: Clear affinity hint before calling ath11k_pcic_free_irq() in error path (git-fixes).
- wifi: ath11k: add srng->lock for ath11k_hal_srng_* in monitor mode (git-fixes).
- wifi: ath11k: choose default PM policy for hibernation (bsc#1207948).
- wifi: ath11k: determine PM policy based on machine model (bsc#1207948).
- wifi: ath11k: fix RCU stall while reaping monitor destination ring (git-fixes).
- wifi: ath11k: fix wrong overriding for VHT Beamformee STS Capability (git-fixes).
- wifi: ath11k: introduce ath11k_core_continue_suspend_resume() (bsc#1207948).
- wifi: ath11k: refactor ath11k_core_suspend/_resume() (bsc#1207948).
- wifi: ath11k: support non-WoWLAN mode suspend as well (bsc#1207948).
- wifi: ath12k: Clear affinity hint before calling ath12k_pci_free_irq() in error path (git-fixes).
- wifi: ath12k: encode max Tx power in scan channel list command (git-fixes).
- wifi: ath12k: fix handling of 6 GHz rules (git-fixes).
- wifi: ath9k: do not submit zero bytes to the entropy pool (git-fixes).
- wifi: brcmfmac: Check the return value of of_property_read_string_index() (stable-fixes).
- wifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize() (stable-fixes).
- wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() (stable-fixes).
- wifi: cfg80211: cancel wiphy_work before freeing wiphy (git-fixes).
- wifi: cfg80211: init wiphy_work before allocating rfkill fails (git-fixes).
- wifi: cfg80211: regulatory: improve invalid hints checking (git-fixes).
- wifi: iwlwifi: avoid memory leak (stable-fixes).
- wifi: iwlwifi: limit printed string from FW file (git-fixes).
- wifi: iwlwifi: mvm: do not try to talk to a dead firmware (git-fixes).
- wifi: iwlwifi: mvm: fix PNVM timeout for non-MSI-X platforms (git-fixes).
- wifi: mac80211: fix integer overflow in hwmp_route_info_get() (git-fixes).
- wifi: mt76: Add check for devm_kstrdup() (git-fixes).
- wifi: mt76: connac: move mt7615_mcu_del_wtbl_all to connac (stable-fixes).
- wifi: mt76: mt7915: fix omac index assignment after hardware reset (git-fixes).
- wifi: mt76: mt7915: fix possible integer overflows in mt7915_muru_stats_show() (git-fixes).
- wifi: mt76: mt7915: improve hardware restart reliability (stable-fixes).
- wifi: mt76: mt7921u: Add VID/PID for TP-Link TXE50UH (stable-fixes).
- wifi: mt76: mt7925: ensure wow pattern command align fw format (git-fixes).
- wifi: mt76: mt7925: fix country count limitation for CLC (git-fixes).
- wifi: mt76: mt7925: remove unused acpi function for clc (git-fixes).
- wifi: mwifiex: Fix premature release of RF calibration data (git-fixes).
- wifi: nl80211: reject cooked mode if it is set along with other flags (git-fixes).
- wifi: rtl8xxxu: Perform update_beacon_work when beaconing is enabled (git-fixes).
- wifi: rtw88: sdio: Fix disconnection after beacon loss (stable-fixes).
- wifi: rtw89: add crystal_cap check to avoid setting as overflow value (stable-fixes).
- wifi: rtw89: fw: correct debug message format in rtw89_build_txpwr_trk_tbl_from_elm() (git-fixes).
- wifi: rtw89: pci: correct ISR RDU bit for 8922AE (git-fixes).
- x86/amd_nb: Fix compile-testing without CONFIG_AMD_NB (git-fixes).
- x86/apic: Provide apic_force_nmi_on_cpu() (git-fixes).
- x86/asm: Make serialize() always_inline (git-fixes).
- x86/boot/32: De-uglify the 2/3 level paging difference in mk_early_pgtbl_32() (git-fixes).
- x86/boot/32: Disable stackprotector and tracing for mk_early_pgtbl_32() (git-fixes).
- x86/boot/32: Restructure mk_early_pgtbl_32() (git-fixes).
- x86/boot/32: Temporarily map initrd for microcode loading (git-fixes).
- x86/boot: Use __pa_nodebug() in mk_early_pgtbl_32() (git-fixes).
- x86/bugs: Add SRSO_USER_KERNEL_NO support (git-fixes).
- x86/coco: Replace 'static const cc_mask' with the newly introduced cc_get_mask() function (git-fixes).
- x86/cpu/intel: Detect TME keyid bits before setting MTRR mask registers (git-fixes).
- x86/cpu/kvm: SRSO: Fix possible missing IBPB on VM-Exit (git-fixes).
- x86/cpu: Add Lunar Lake to list of CPUs with a broken MONITOR implementation (git-fixes).
- x86/cpu: Allow reducing x86_phys_bits during early_identify_cpu() (git-fixes).
- x86/entry: Add __init to ia32_emulation_override_cmdline() (git-fixes).
- x86/fpu: Fix guest FPU state buffer allocation size (git-fixes).
- x86/hyperv/vtl: Stop kernel from probing VTL0 low memory (git-fixes).
- x86/hyperv: Fix output argument to hypercall that changes page visibility (git-fixes).
- x86/idle: Disable IBRS when CPU is offline to improve single-threaded performance (git-fixes).
- x86/microcode/32: Move early loading after paging enable (git-fixes).
- x86/microcode/amd: Cache builtin microcode too (git-fixes).
- x86/microcode/amd: Cache builtin/initrd microcode early (git-fixes).
- x86/microcode/amd: Use cached microcode for AP load (git-fixes).
- x86/microcode/amd: Use correct per CPU ucode_cpu_info (git-fixes).
- x86/microcode/intel: Add a minimum required revision for late loading (git-fixes).
- x86/microcode/intel: Cleanup code further (git-fixes).
- x86/microcode/intel: Move microcode functions out of cpu/intel.c (git-fixes).
- x86/microcode/intel: Remove debug code (git-fixes).
- x86/microcode/intel: Remove pointless mutex (git-fixes).
- x86/microcode/intel: Rename get_datasize() since its used externally (git-fixes).
- x86/microcode/intel: Reuse intel_cpu_collect_info() git-fixes).
- x86/microcode/intel: Rework intel_cpu_collect_info() (git-fixes).
- x86/microcode/intel: Rework intel_find_matching_signature() (git-fixes).
- x86/microcode/intel: Rip out mixed stepping support for Intel CPUs (git-fixes).
- x86/microcode/intel: Save the microcode only after a successful late-load (git-fixes).
- x86/microcode/intel: Simplify and rename generic_load_microcode() (git-fixes).
- x86/microcode/intel: Simplify early loading (git-fixes).
- x86/microcode/intel: Simplify scan_microcode() (git-fixes).
- x86/microcode/intel: Switch to kvmalloc() (git-fixes).
- x86/microcode/intel: Unify microcode apply() functions (git-fixes).
- x86/microcode: Add per CPU control field (git-fixes).
- x86/microcode: Add per CPU result state (git-fixes).
- x86/microcode: Clarify the late load logic (git-fixes).
- x86/microcode: Clean up mc_cpu_down_prep() (git-fixes).
- x86/microcode: Get rid of the schedule work indirection (git-fixes).
- x86/microcode: Handle "nosmt" correctly (git-fixes).
- x86/microcode: Handle "offline" CPUs correctly (git-fixes).
- x86/microcode: Hide the config knob (git-fixes).
- x86/microcode: Include vendor headers into microcode.h (git-fixes).
- x86/microcode: Make reload_early_microcode() static (git-fixes).
- x86/microcode: Mop up early loading leftovers (git-fixes).
- x86/microcode: Move core specific defines to local header (git-fixes).
- x86/microcode: Prepare for minimal revision check (git-fixes).
- x86/microcode: Protect against instrumentation (git-fixes).
- x86/microcode: Provide CONFIG_MICROCODE_INITRD32 (git-fixes).
- x86/microcode: Provide new control functions (git-fixes).
- x86/microcode: Remove microcode_mutex (git-fixes).
- x86/microcode: Remove pointless apply() invocation (git-fixes).
- x86/microcode: Rendezvous and load in NMI (git-fixes).
- x86/microcode: Replace the all-in-one rendevous handler (git-fixes).
- x86/microcode: Sanitize __wait_for_cpus() (git-fixes).
- x86/mm: Carve out INVLPG inline asm for use by others (git-fixes).
- x86/mm: Remove unused microcode.h include (git-fixes).
- x86/platform/olpc: Remove unused variable 'len' in olpc_dt_compatible_match() (git-fixes).
- x86/speculation: Add __update_spec_ctrl() helper (git-fixes).
- x86/usercopy: Fix kernel-doc func param name in clean_cache_range()'s description (git-fixes).
- x86/xen: add FRAME_END to xen_hypercall_hvm() (git-fixes).
- x86/xen: allow larger contiguous memory regions in PV guests (git-fixes).
- x86/xen: fix xen_hypercall_hvm() to not clobber %rbx (git-fixes).
- xen/swiotlb: relax alignment requirements (git-fixes).
- xhci: Apply XHCI_RESET_TO_DEFAULT quirk to TGL (git-fixes).
- xhci: Cleanup Candence controller PCI device and vendor ID usage (git-fixes).
- xhci: Combine two if statements for Etron xHCI host (jsc#PED-10701).
- xhci: Do not issue Reset Device command to Etron xHCI host (jsc#PED-10701).
- xhci: Do not perform Soft Retry for Etron xHCI host (git-fixes).
- xhci: dbc: Check for errors first in xhci_dbc_stop() (git-fixes).
- xhci: dbc: Convert to use sysfs_streq() (git-fixes).
- xhci: dbc: Drop duplicate checks for dma_free_coherent() (git-fixes).
- xhci: dbc: Fix STALL transfer event handling (git-fixes).
- xhci: dbc: Replace custom return value with proper Linux error code (git-fixes).
- xhci: dbc: Use ATTRIBUTE_GROUPS() (git-fixes).
- xhci: dbc: Use sysfs_emit() to instead of scnprintf() (git-fixes).
- xhci: dbgtty: remove kfifo_out() wrapper (git-fixes).
- xhci: pci: Fix indentation in the PCI device ID definitions (stable-fixes).
- xhci: pci: Group out Thunderbolt xHCI IDs (git-fixes).
- xhci: pci: Use PCI_VENDOR_ID_RENESAS (git-fixes).
- xhci: pci: Use full names in PCI IDs for Intel platforms (git-fixes).
- xhci: pci: Use standard pattern for device IDs (git-fixes).
- zram: clear IDLE flag after recompression (git-fixes).
- zram: clear IDLE flag in mark_idle() (git-fixes).
- zram: do not mark idle slots that cannot be idle (git-fixes).
- zram: fix potential UAF of zram table (git-fixes).
- zram: fix uninitialized ZRAM not releasing backing device (git-fixes).
- zram: refuse to use zero sized block device as backing device (git-fixes).
- zram: split memory-tracking and ac-time tracking (git-fixes).
Patchnames
SUSE-SLE-Micro-6.1-kernel-8
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\n\nThe SUSE Linux Enterprise Micro 6.0 and 6.1 RT kernel was updated to receive various security bugfixes.\n\nThe following security bugs were fixed:\n\n- CVE-2023-52927: netfilter: allow exp not to be removed in nf_ct_find_expectation (bsc#1239644).\n- CVE-2024-26708: mptcp: fix inconsistent state on fastopen race (bsc#1222672).\n- CVE-2024-35910: tcp: properly terminate timers for kernel sockets (bsc#1224489).\n- CVE-2024-40980: drop_monitor: replace spin_lock by raw_spin_lock (bsc#1227937).\n- CVE-2024-41005: netpoll: Fix race condition in netpoll_owner_active (bsc#1227858).\n- CVE-2024-44974: mptcp: pm: avoid possible UaF when selecting endp (bsc#1230235).\n- CVE-2024-45009: mptcp: pm: only decrement add_addr_accepted for MPJ req (bsc#1230438).\n- CVE-2024-45010: mptcp: pm: only mark \u0027subflow\u0027 endp as available (bsc#1230439).\n- CVE-2024-46782: ila: call nf_unregister_net_hooks() sooner (bsc#1230769).\n- CVE-2024-46858: mptcp: pm: Fix uaf in __timer_delete_sync (bsc#1231088).\n- CVE-2024-47408: net/smc: check smcd_v2_ext_offset when receiving proposal msg (bsc#1235711).\n- CVE-2024-47794: kABI: bpf: Prevent tailcall infinite loop caused by freplace kABI workaround (bsc#1235712).\n- CVE-2024-49571: net/smc: check iparea_offset and ipv6_prefixes_cnt when receiving proposal msg (bsc#1235733).\n- CVE-2024-49940: kABI fix for l2tp: prevent possible tunnel refcount underflow (bsc#1232812).\n- CVE-2024-50029: Bluetooth: hci_conn: Fix UAF in hci_enhanced_setup_sync (bsc#1231949).\n- CVE-2024-50036: net: do not delay dst_entries_add() in dst_release() (bsc#1231912).\n- CVE-2024-50056: usb: gadget: uvc: Fix ERR_PTR dereference in uvc_v4l2.c (bsc#1232389).\n- CVE-2024-50085: mptcp: pm: fix UaF read in mptcp_pm_nl_rm_addr_or_subflow (bsc#1232508).\n- CVE-2024-50140: net: sched: use RCU read-side critical section in taprio_dump() (bsc#1233060).\n- CVE-2024-50142: xfrm: validate new SA\u0027s prefixlen using SA family when sel.family is unset (bsc#1233028).\n- CVE-2024-50185: kABI fix for mptcp: handle consistently DSS corruption (bsc#1233109).\n- CVE-2024-50251: netfilter: nft_payload: sanitize offset and length before calling skb_checksum() (bsc#1233248).\n- CVE-2024-50258: net: fix crash when config small gso_max_size/gso_ipv4_max_size (bsc#1233221).\n- CVE-2024-50294: rxrpc: Fix missing locking causing hanging calls (bsc#1233483).\n- CVE-2024-50304: ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_find() (bsc#1233522).\n- CVE-2024-53057: net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT (bsc#1233551).\n- CVE-2024-53123: mptcp: error out earlier on disconnect (bsc#1234070).\n- CVE-2024-53140: netlink: terminate outstanding dump on socket close (bsc#1234222).\n- CVE-2024-53147: exfat: fix out-of-bounds access of directory entries (bsc#1234857).\n- CVE-2024-53176: smb: During unmount, ensure all cached dir instances drop their dentry (bsc#1234894).\n- CVE-2024-53177: smb: prevent use-after-free due to open_cached_dir error paths (bsc#1234896).\n- CVE-2024-53178: smb: Do not leak cfid when reconnect races with open_cached_dir (bsc#1234895).\n- CVE-2024-53680: ipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init() (bsc#1235715).\n- CVE-2024-54683: netfilter: IDLETIMER: Fix for possible ABBA deadlock (bsc#1235729).\n- CVE-2024-56592: bpf: Call free_htab_elem() after htab_unlock_bucket() (bsc#1235244).\n- CVE-2024-56633: selftests/bpf: Add apply_bytes test to test_txmsg_redir_wait_sndmem in test_sockmap (bsc#1235485).\n- CVE-2024-56638: kABI fix for \"netfilter: nft_inner: incorrect percpu area handling under softirq\" (bsc#1235524).\n- CVE-2024-56640: net/smc: fix LGR and link use-after-free issue (bsc#1235436).\n- CVE-2024-56647: net: Fix icmp host relookup triggering ip_rt_bug (bsc#1235435).\n- CVE-2024-56658: net: defer final \u0027struct net\u0027 free in netns dismantle (bsc#1235441).\n- CVE-2024-56702: bpf: Add tracepoints with null-able arguments (bsc#1235501).\n- CVE-2024-56703: ipv6: Fix soft lockups in fib6_select_path under high next hop churn (bsc#1235455).\n- CVE-2024-56718: net/smc: protect link down work from execute after lgr freed (bsc#1235589).\n- CVE-2024-56719: net: stmmac: fix TSO DMA API usage causing oops (bsc#1235591).\n- CVE-2024-56720: bpf, sockmap: Several fixes to bpf_msg_pop_data (bsc#1235592).\n- CVE-2024-56751: ipv6: release nexthop on device removal (bsc#1234936).\n- CVE-2024-56758: btrfs: check folio mapping after unlock in relocate_one_folio() (bsc#1235621).\n- CVE-2024-56770: net/sched: netem: account for backlog updates from child qdisc (bsc#1235637).\n- CVE-2024-57882: mptcp: fix TCP options overflow. (bsc#1235914).\n- CVE-2024-57900: ila: serialize calls to nf_register_net_hooks() (bsc#1235973).\n- CVE-2024-57947: netfilter: nf_set_pipapo: fix initial map fill (bsc#1236333).\n- CVE-2024-57974: udp: Deal with race between UDP socket address change and rehash (bsc#1238532).\n- CVE-2024-57979: kABI workaround for pps changes (bsc#1238521).\n- CVE-2024-57994: ptr_ring: do not block hard interrupts in ptr_ring_resize_multiple() (bsc#1237901).\n- CVE-2024-57996: net_sched: sch_sfq: do not allow 1 packet limit (bsc#1239076).\n- CVE-2024-58012: ASoC: SOF: Intel: hda-dai: Ensure DAI widget is valid during params (bsc#1239104).\n- CVE-2024-58019: nvkm/gsp: correctly advance the read pointer of GSP message queue (bsc#1238997).\n- CVE-2024-58083: KVM: Explicitly verify target vCPU is online in kvm_get_vcpu() (bsc#1239036).\n- CVE-2025-21635: rds: sysctl: rds_tcp_{rcv,snd}buf: avoid using current-\u003ensproxy (bsc#1236111).\n- CVE-2025-21636: sctp: sysctl: plpmtud_probe_interval: avoid using current-\u003ensproxy (bsc#1236113).\n- CVE-2025-21637: sctp: sysctl: udp_port: avoid using current-\u003ensproxy (bsc#1236114).\n- CVE-2025-21638: sctp: sysctl: auth_enable: avoid using current-\u003ensproxy (bsc#1236115).\n- CVE-2025-21639: sctp: sysctl: rto_min/max: avoid using current-\u003ensproxy (bsc#1236122).\n- CVE-2025-21640: sctp: sysctl: cookie_hmac_alg: avoid using current-\u003ensproxy (bsc#1236123).\n- CVE-2025-21647: sched: sch_cake: add bounds checks to host bulk flow fairness counts (bsc#1236133).\n- CVE-2025-21659: netdev: prevent accessing NAPI instances from another namespace (bsc#1236206).\n- CVE-2025-21665: filemap: avoid truncating 64-bit offset to 32 bits (bsc#1236684).\n- CVE-2025-21666: vsock: prevent null-ptr-deref in vsock_*[has_data|has_space] (bsc#1236680).\n- CVE-2025-21667: iomap: avoid avoid truncating 64-bit offset to 32 bits (bsc#1236681).\n- CVE-2025-21668: pmdomain: imx8mp-blk-ctrl: add missing loop break condition (bsc#1236682).\n- CVE-2025-21669: vsock/virtio: discard packets if the transport changes (bsc#1236683).\n- CVE-2025-21670: vsock/bpf: return early if transport is not assigned (bsc#1236685).\n- CVE-2025-21673: smb: client: fix double free of TCP_Server_Info::hostname (bsc#1236689).\n- CVE-2025-21675: net/mlx5: Clear port select structure when fail to create (bsc#1236694).\n- CVE-2025-21678: gtp: Destroy device along with udp socket\u0027s netns dismantle (bsc#1236698).\n- CVE-2025-21680: pktgen: Avoid out-of-bounds access in get_imix_entries (bsc#1236700).\n- CVE-2025-21681: openvswitch: fix lockup on tx to unregistering netdev with carrier (bsc#1236702).\n- CVE-2025-21687: vfio/platform: check the bounds of read/write syscalls (bsc#1237045).\n- CVE-2025-21692: net: sched: fix ets qdisc OOB Indexing (bsc#1237028).\n- CVE-2025-21693: mm: zswap: properly synchronize freeing resources during CPU hotunplug (bsc#1237029).\n- CVE-2025-21700: net: sched: Disallow replacing of child qdisc from one parent to another (bsc#1237159).\n- CVE-2025-21701: net: avoid race between device unregistration and ethnl ops (bsc#1237164).\n- CVE-2025-21703: netem: Update sch-\u003eq.qlen before qdisc_tree_reduce_backlog() (bsc#1237313).\n- CVE-2025-21705: mptcp: handle fastopen disconnect correctly (bsc#1238525).\n- CVE-2025-21706: mptcp: pm: only set fullmesh for subflow endp (bsc#1238528).\n- CVE-2025-21715: net: davicom: fix UAF in dm9000_drv_remove (bsc#1237889).\n- CVE-2025-21716: vxlan: Fix uninit-value in vxlan_vnifilter_dump() (bsc#1237891).\n- CVE-2025-21719: ipmr: do not call mr_mfc_uses_dev() for unres entries (bsc#1238860).\n- CVE-2025-21724: iommufd/iova_bitmap: Fix shift-out-of-bounds in iova_bitmap_offset_to_index() (bsc#1238863).\n- CVE-2025-21725: smb: client: fix oops due to unset link speed (bsc#1238877).\n- CVE-2025-21728: bpf: Send signals asynchronously if !preemptible (bsc#1237879).\n- CVE-2025-21733: tracing/osnoise: Fix resetting of tracepoints (bsc#1238494).\n- CVE-2025-21739: kABI: ufshcd: add ufshcd_dealloc_host back (bsc#1238506).\n- CVE-2025-21753: btrfs: fix use-after-free when attempting to join an aborted transaction (bsc#1237875).\n- CVE-2025-21754: btrfs: fix assertion failure when splitting ordered extent after transaction abort (bsc#1238496).\n- CVE-2025-21759: ipv6: mcast: extend RCU protection in igmp6_send() (bsc#1238738).\n- CVE-2025-21760: ndisc: extend RCU protection in ndisc_send_skb() (bsc#1238763).\n- CVE-2025-21761: openvswitch: use RCU protection in ovs_vport_cmd_fill_info() (bsc#1238775).\n- CVE-2025-21762: arp: use RCU protection in arp_xmit() (bsc#1238780).\n- CVE-2025-21763: neighbour: use RCU protection in __neigh_notify() (bsc#1237897).\n- CVE-2025-21765: ipv6: use RCU protection in ip6_default_advmss() (bsc#1237906).\n- CVE-2025-21766: ipv4: use RCU protection in __ip_rt_update_pmtu() (bsc#1238754).\n- CVE-2025-21767: clocksource: Use migrate_disable() to avoid calling get_random_u32() in atomic context (bsc#1238509).\n- CVE-2025-21790: vxlan: check vxlan_vnigroup_init() return value (bsc#1238753).\n- CVE-2025-21791: vrf: use RCU protection in l3mdev_l3_out() (bsc#1238512).\n- CVE-2025-21795: NFSD: fix hang in nfsd4_shutdown_callback (bsc#1238759).\n- CVE-2025-21799: net: ethernet: ti: am65-cpsw: fix freeing IRQ in am65_cpsw_nuss_remove_tx_chns() (bsc#1238739).\n- CVE-2025-21802: net: hns3: fix oops when unload drivers paralleling (bsc#1238751).\n- CVE-2025-21825: selftests/bpf: Add test case for the freeing of bpf_timer (bsc#1238971).\n- CVE-2025-21844: smb: client: Add check for next_buffer in receive_encrypted_standard() (bsc#1239512).\n- CVE-2025-21848: nfp: bpf: Add check for nfp_app_ctrl_msg_alloc() (bsc#1239479).\n- CVE-2025-21856: s390/ism: add release function for struct device (bsc#1239486).\n- CVE-2025-21857: net/sched: cls_api: fix error handling causing NULL dereference (bsc#1239478).\n- CVE-2025-21861: mm/migrate_device: do not add folio to be freed to LRU in migrate_device_finalize() (bsc#1239483).\n- CVE-2025-21862: drop_monitor: fix incorrect initialization order (bsc#1239474).\n- CVE-2025-21864: kABI fix for tcp: drop secpath at the same time as we currently drop (bsc#1239482).\n- CVE-2025-21865: gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl() (bsc#1239481).\n- CVE-2025-21870: ASoC: SOF: ipc4-topology: Harden loops for looking up ALH copiers (bsc#1240191).\n- CVE-2025-21871: tee: optee: Fix supplicant wait loop (bsc#1240183).\n- CVE-2025-21883: ice: Fix deinitializing VF in error path (bsc#1240189).\n- CVE-2025-21890: idpf: fix checksums set in idpf_rx_rsc() (bsc#1240173).\n- CVE-2025-21891: ipvlan: ensure network headers are in skb linear part (bsc#1240186).\n\nThe following non-security bugs were fixed:\n\n- ACPI: PRM: Remove unnecessary strict handler address checks (git-fixes).\n- ACPI: processor: idle: Return an error if both P_LVL{2,3} idle states are invalid (bsc#1237530).\n- ACPI: property: Fix return value for nval == 0 in acpi_data_prop_read() (git-fixes).\n- ACPI: resource: IRQ override for Eluktronics MECH-17 (stable-fixes).\n- ACPI: x86: Add skip i2c clients quirk for Vexia EDU ATLA 10 tablet 5V (stable-fixes).\n- ALSA: hda/cirrus: Correct the full scale volume set logic (git-fixes).\n- ALSA: hda/conexant: Add quirk for HP ProBook 450 G4 mute LED (stable-fixes).\n- ALSA: hda/realtek - add supported Mic Mute LED for Lenovo platform (stable-fixes).\n- ALSA: hda/realtek: Add mute LED quirk for HP Pavilion x360 14-dy1xxx (stable-fixes).\n- ALSA: hda/realtek: Add support for ASUS B3405 and B3605 Laptops using CS35L41 HDA (stable-fixes).\n- ALSA: hda/realtek: Add support for ASUS B5405 and B5605 Laptops using CS35L41 HDA (stable-fixes).\n- ALSA: hda/realtek: Add support for ASUS ROG Strix G614 Laptops using CS35L41 HDA (stable-fixes).\n- ALSA: hda/realtek: Add support for ASUS ROG Strix G814 Laptop using CS35L41 HDA (stable-fixes).\n- ALSA: hda/realtek: Add support for ASUS ROG Strix GA603 Laptops using CS35L41 HDA (stable-fixes).\n- ALSA: hda/realtek: Add support for ASUS Zenbook UM3406KA Laptops using CS35L41 HDA (stable-fixes).\n- ALSA: hda/realtek: Add support for various ASUS Laptops using CS35L41 HDA (stable-fixes).\n- ALSA: hda/realtek: Add support for various HP Laptops using CS35L41 HDA (stable-fixes).\n- ALSA: hda/realtek: Always honor no_shutup_pins (git-fixes).\n- ALSA: hda/realtek: Fix Asus Z13 2025 audio (stable-fixes).\n- ALSA: hda/realtek: Fix built-in mic assignment on ASUS VivoBook X515UA (git-fixes).\n- ALSA: hda/realtek: Fix microphone regression on ASUS N705UD (git-fixes).\n- ALSA: hda/realtek: Fix wrong mic setup for ASUS VivoBook 15 (git-fixes).\n- ALSA: hda/realtek: Fixup ALC225 depop procedure (git-fixes).\n- ALSA: hda/realtek: Limit mic boost on Positivo ARN50 (stable-fixes).\n- ALSA: hda/realtek: Remove (revert) duplicate Ally X config (git-fixes).\n- ALSA: hda/realtek: Support mute LED on HP Laptop 15s-du3xxx (stable-fixes).\n- ALSA: hda/realtek: update ALC222 depop optimize (stable-fixes).\n- ALSA: hda: Add error check for snd_ctl_rename_id() in snd_hda_create_dig_out_ctls() (git-fixes).\n- ALSA: hda: Fix speakers on ASUS EXPERTBOOK P5405CSA 1.0 (stable-fixes).\n- ALSA: hda: intel: Add Dell ALC3271 to power_save denylist (stable-fixes).\n- ALSA: hda: realtek: fix incorrect IS_REACHABLE() usage (git-fixes).\n- ALSA: pcm: Drop superfluous NULL check in snd_pcm_format_set_silence() (git-fixes).\n- ALSA: seq: Avoid module auto-load handling at event delivery (stable-fixes).\n- ALSA: seq: Drop UMP events when no UMP-conversion is set (git-fixes).\n- ALSA: seq: Make dependency on UMP clearer (git-fixes).\n- ALSA: seq: remove redundant \u0027tristate\u0027 for SND_SEQ_UMP_CLIENT (stable-fixes).\n- ALSA: usb-audio: Add quirk for Plantronics headsets to fix control names (stable-fixes).\n- ALSA: usb-audio: Avoid dropping MIDI events at closing multiple ports (git-fixes).\n- ALSA: usb-audio: Re-add sample rate quirk for Pioneer DJM-900NXS2 (stable-fixes).\n- ALSA: usb-audio: separate DJM-A9 cap lvl options (git-fixes).\n- ALSA: usx2y: validate nrpacks module parameter on probe (git-fixes).\n- APEI: GHES: Have GHES honor the panic= setting (stable-fixes).\n- ASoC: Intel: avs: Abstract IPC handling (stable-fixes).\n- ASoC: Intel: avs: Do not readq() u32 registers (git-fixes).\n- ASoC: Intel: avs: Prefix SKL/APL-specific members (stable-fixes).\n- ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet 5V (stable-fixes).\n- ASoC: SOF: Intel: hda: add softdep pre to snd-hda-codec-hdmi module (stable-fixes).\n- ASoC: SOF: amd: Handle IPC replies before FW_BOOT_COMPLETE (stable-fixes).\n- ASoC: SOF: pcm: Clear the susbstream pointer to NULL on close (git-fixes).\n- ASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data() (git-fixes).\n- ASoC: amd: Add ACPI dependency to fix build error (stable-fixes).\n- ASoC: amd: yc: Support mic on another Lenovo ThinkPad E16 Gen 2 model (stable-fixes).\n- ASoC: arizona/madera: use fsleep() in up/down DAPM event delays (stable-fixes).\n- ASoC: codecs: wm0010: Fix error handling path in wm0010_spi_probe() (git-fixes).\n- ASoC: cs35l41: check the return value from spi_setup() (git-fixes).\n- ASoC: es8328: fix route from DAC to output (git-fixes).\n- ASoC: fsl_micfil: Enable default case in micfil_set_quality() (git-fixes).\n- ASoC: ops: Consistently treat platform_max as control value (git-fixes).\n- ASoC: rockchip: i2s-tdm: fix shift config for SND_SOC_DAIFMT_DSP_[AB] (git-fixes).\n- ASoC: rt722-sdca: add missing readable registers (git-fixes).\n- ASoC: tas2764: Fix power control mask (stable-fixes).\n- ASoC: tas2764: Set the SDOUT polarity correctly (stable-fixes).\n- ASoC: tas2770: Fix volume scale (stable-fixes).\n- ASoC: ti: j721e-evm: Fix clock configuration for ti,j7200-cpb-audio compatible (git-fixes).\n- Bluetooth: Add check for mgmt_alloc_skb() in mgmt_device_connected() (git-fixes).\n- Bluetooth: Add check for mgmt_alloc_skb() in mgmt_remote_name() (git-fixes).\n- Bluetooth: Fix error code in chan_alloc_skb_cb() (git-fixes).\n- Bluetooth: HCI: Add definition of hci_rp_remote_name_req_cancel (git-fixes).\n- Bluetooth: Improve setsockopt() handling of malformed user input (git-fixes).\n- Bluetooth: L2CAP: Fix L2CAP_ECRED_CONN_RSP response (git-fixes).\n- Bluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync (stable-fixes).\n- Bluetooth: hci_event: Fix connection regression between LE and non-LE adapters (git-fixes).\n- Bluetooth: hci_event: Fix enabling passive scanning (git-fixes).\n- Documentation: qat: fix auto_reset attribute details (git-fixes).\n- Documentation: qat: fix auto_reset section (git-fixes).\n- Drivers: hv: vmbus: Do not release fb_mmio resource in vmbus_free_mmio() (git-fixes).\n- Fix memory-hotplug regression (bsc#1237504)\n- Grab mm lock before grabbing pt lock (git-fixes).\n- HID: Enable playstation driver independently of sony driver (git-fixes).\n- HID: Wacom: Add PCI Wacom device support (stable-fixes).\n- HID: apple: disable Fn key handling on the Omoton KB066 (git-fixes).\n- HID: apple: fix up the F6 key on the Omoton KB066 keyboard (stable-fixes).\n- HID: appleir: Fix potential NULL dereference at raw event handle (git-fixes).\n- HID: google: fix unused variable warning under !CONFIG_ACPI (git-fixes).\n- HID: hid-apple: Apple Magic Keyboard a3203 USB-C support (stable-fixes).\n- HID: hid-steam: Add Deck IMU support (stable-fixes).\n- HID: hid-steam: Add gamepad-only mode switched to by holding options (stable-fixes).\n- HID: hid-steam: Avoid overwriting smoothing parameter (stable-fixes).\n- HID: hid-steam: Clean up locking (stable-fixes).\n- HID: hid-steam: Disable watchdog instead of using a heartbeat (stable-fixes).\n- HID: hid-steam: Do not use cancel_delayed_work_sync in IRQ context (git-fixes).\n- HID: hid-steam: Fix cleanup in probe() (git-fixes).\n- HID: hid-steam: Fix use-after-free when detaching device (git-fixes).\n- HID: hid-steam: Make sure rumble work is canceled on removal (stable-fixes).\n- HID: hid-steam: Move hidraw input (un)registering to work (git-fixes).\n- HID: hid-steam: Update list of identifiers from SDL (stable-fixes).\n- HID: hid-steam: remove pointless error message (stable-fixes).\n- HID: hid-thrustmaster: fix stack-out-of-bounds read in usb_check_int_endpoints() (git-fixes).\n- HID: i2c-hid: Skip SET_POWER SLEEP for Cirque touchpad on system suspend (stable-fixes).\n- HID: ignore non-functional sensor in HP 5MP Camera (stable-fixes).\n- HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() (git-fixes).\n- HID: intel-ish-hid: Send clock sync message immediately after reset (stable-fixes).\n- HID: intel-ish-hid: fix the length of MNG_SYNC_FW_CLOCK in doorbell (stable-fixes).\n- HID: multitouch: Add NULL check in mt_input_configured (git-fixes).\n- HID: remove superfluous (and wrong) Makefile entry for CONFIG_INTEL_ISH_FIRMWARE_DOWNLOADER (git-fixes).\n- HID: topre: Fix n-key rollover on Realforce R3S TKL boards (stable-fixes).\n- IB/mad: Check available slots before posting receive WRs (git-fixes)\n- IB/mlx5: Set and get correct qp_num for a DCT QP (git-fixes)\n- Input: ads7846 - fix gpiod allocation (git-fixes).\n- Input: allocate keycode for phone linking (stable-fixes).\n- Input: i8042 - add required quirks for missing old boardnames (stable-fixes).\n- Input: i8042 - swap old quirk combination with new quirk for NHxxRZQ (stable-fixes).\n- Input: i8042 - swap old quirk combination with new quirk for more devices (stable-fixes).\n- Input: i8042 - swap old quirk combination with new quirk for several devices (stable-fixes).\n- Input: iqs7222 - add support for Azoteq IQS7222D (git-fixes).\n- Input: iqs7222 - add support for IQS7222D v1.1 and v1.2 (git-fixes).\n- Input: iqs7222 - preserve system status register (git-fixes).\n- Input: xpad - add 8BitDo SN30 Pro, Hyperkin X91 and Gamesir G7 SE controllers (stable-fixes).\n- Input: xpad - add multiple supported devices (stable-fixes).\n- Input: xpad - add support for TECNO Pocket Go (stable-fixes).\n- Input: xpad - add support for ZOTAC Gaming Zone (stable-fixes).\n- Input: xpad - rename QH controller to Legion Go S (stable-fixes).\n- KVM: VMX: Allow toggling bits in MSR_IA32_RTIT_CTL when enable bit is cleared (git-fixes).\n- KVM: VMX: Fix comment of handle_vmx_instruction() (git-fixes).\n- KVM: VMX: reset the segment cache after segment init in vmx_vcpu_reset() (jsc#PED-348 git-fixes).\n- KVM: arm64: Do not eagerly teardown the vgic on init error (git-fixes).\n- KVM: arm64: Ensure vgic_ready() is ordered against MMIO registration (git-fixes).\n- KVM: arm64: Fix alignment of kvm_hyp_memcache allocations (git-fixes).\n- KVM: arm64: Flush hyp bss section after initialization of variables in bss (git-fixes).\n- KVM: arm64: Unconditionally save+flush host FPSIMD/SVE/SME state (git-fixes)\n- KVM: arm64: vgic-v3: Sanitise guest writes to GICR_INVLPIR (git-fixes).\n- KVM: nSVM: Enter guest mode before initializing nested NPT MMU (git-fixes).\n- KVM: nVMX: Treat vpid01 as current if L2 is active, but with VPID disabled (jsc#PED-348 git-fixes).\n- KVM: s390: vsie: fix some corner-cases when grabbing vsie pages (git-fixes bsc#1237155).\n- KVM: x86/mmu: Skip the \"try unsync\" path iff the old SPTE was a leaf SPTE (git-fixes).\n- KVM: x86: AMD\u0027s IBPB is not equivalent to Intel\u0027s IBPB (git-fixes).\n- KVM: x86: Account for KVM-reserved CR4 bits when passing through CR4 on VMX (git-fixes).\n- KVM: x86: Advertise SRSO_USER_KERNEL_NO to userspace (git-fixes).\n- KVM: x86: Avoid double RDPKRU when loading host/guest PKRU (git-fixes).\n- KVM: x86: Cache CPUID.0xD XSTATE offsets+sizes during module init (git-fixes).\n- KVM: x86: Fix a comment inside __kvm_set_or_clear_apicv_inhibit() (git-fixes).\n- KVM: x86: Reject Hyper-V\u0027s SEND_IPI hypercalls if local APIC isn\u0027t in-kernel (git-fixes).\n- KVM: x86: Unconditionally set irr_pending when updating APICv state (jsc#PED-348).\n- KVM: x86: Zero out PV features cache when the CPUID leaf is not present (git-fixes).\n- Move upstreamed ACPI patch into sorted section\n- Move upstreamed PCI and initramfs patches into sorted section\n- Move upstreamed nfsd and sunrpc patches into sorted section\n- Move upstreamed powerpc and SCSI patches into sorted section\n- PCI/ACS: Fix \u0027pci=config_acs=\u0027 parameter (git-fixes).\n- PCI/ASPM: Fix link state exit during switch upstream function removal (git-fixes).\n- PCI/DOE: Poll DOE Busy bit for up to 1 second in pci_doe_send_req() (bsc#1237853)\n- PCI/DOE: Support discovery version 2 (bsc#1237853)\n- PCI/DPC: Quirk PIO log size for Intel Raptor Lake-P (stable-fixes).\n- PCI/portdrv: Only disable pciehp interrupts early when needed (git-fixes).\n- PCI: Avoid reset when disabled via sysfs (git-fixes).\n- PCI: Fix reference leak in pci_alloc_child_bus() (git-fixes).\n- PCI: Remove stray put_device() in pci_register_host_bridge() (git-fixes).\n- PCI: Use downstream bridges for distributing resources (bsc#1237325).\n- PCI: brcmstb: Fix error path after a call to regulator_bulk_get() (git-fixes).\n- PCI: brcmstb: Fix missing of_node_put() in brcm_pcie_probe() (git-fixes).\n- PCI: brcmstb: Fix potential premature regulator disabling (git-fixes).\n- PCI: brcmstb: Set generation limit before PCIe link up (git-fixes).\n- PCI: brcmstb: Use internal register to change link capability (git-fixes).\n- PCI: cadence-ep: Fix the driver to send MSG TLP for INTx without data payload (git-fixes).\n- PCI: dwc: ep: Return -ENOMEM for allocation failures (git-fixes).\n- PCI: hookup irq_get_affinity callback (bsc#1236896).\n- PCI: imx6: Simplify clock handling by using clk_bulk*() function (git-fixes).\n- PCI: pciehp: Do not enable HPIE when resuming in poll mode (git-fixes).\n- PCI: switchtec: Add Microchip PCI100X device IDs (stable-fixes).\n- PCI: xilinx-cpm: Fix IRQ domain leak in error path of probe (git-fixes).\n- PM: sleep: Adjust check before setting power.must_resume (git-fixes).\n- PM: sleep: Fix handling devices with direct_complete set on errors (git-fixes).\n- RAS: Avoid build errors when CONFIG_DEBUG_FS=n (jsc#PED-7619).\n- RDMA/bnxt_re: Add missing paranthesis in map_qp_id_to_tbl_indx (git-fixes)\n- RDMA/bnxt_re: Avoid clearing VLAN_ID mask in modify qp path (git-fixes)\n- RDMA/bnxt_re: Fix the page details for the srq created by kernel consumers (git-fixes)\n- RDMA/bnxt_re: Fix the statistics for Gen P7 VF (git-fixes)\n- RDMA/core: Do not expose hw_counters outside of init net namespace (git-fixes)\n- RDMA/efa: Reset device on probe failure (git-fixes)\n- RDMA/erdma: Prevent use-after-free in erdma_accept_newconn() (git-fixes)\n- RDMA/hns: Fix a missing rollback in error path of hns_roce_create_qp_common() (git-fixes)\n- RDMA/hns: Fix mbox timing out by adding retry mechanism (git-fixes)\n- RDMA/hns: Fix missing xa_destroy() (git-fixes)\n- RDMA/hns: Fix soft lockup during bt pages loop (git-fixes)\n- RDMA/hns: Fix unmatched condition in error path of alloc_user_qp_db() (git-fixes)\n- RDMA/hns: Fix wrong value of max_sge_rd (git-fixes)\n- RDMA/mana_ib: Allocate PAGE aligned doorbell index (git-fixes).\n- RDMA/mana_ib: Prefer struct_size over open coded arithmetic (bsc#1239016).\n- RDMA/mlx5: Fix AH static rate parsing (git-fixes)\n- RDMA/mlx5: Fix MR cache initialization error flow (git-fixes)\n- RDMA/mlx5: Fix a WARN during dereg_mr for DM type (git-fixes)\n- RDMA/mlx5: Fix a race for DMABUF MR which can lead to CQE with error (git-fixes)\n- RDMA/mlx5: Fix bind QP error cleanup flow (git-fixes)\n- RDMA/mlx5: Fix cache entry update on dereg error (git-fixes)\n- RDMA/mlx5: Fix calculation of total invalidated pages (git-fixes)\n- RDMA/mlx5: Fix implicit ODP hang on parent deregistration (git-fixes)\n- RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow (git-fixes)\n- RDMA/mlx5: Fix the recovery flow of the UMR QP (git-fixes)\n- RDMA/mlx5: Handle errors returned from mlx5r_ib_rate() (git-fixes)\n- RDMA/rxe: Fix the failure of ibv_query_device() and ibv_query_device_ex() tests (git-fixes)\n- RDMA/rxe: Improve newline in printing messages (git-fixes)\n- Reapply \"wifi: ath11k: restore country code during resume\" (bsc#1207948).\n- Revert \"blk-throttle: Fix IO hang for a corner case\" (git-fixes).\n- Revert \"dm: requeue IO if mapping table not yet available\" (git-fixes).\n- Revert \"drivers/card_reader/rtsx_usb: Restore interrupt based detection\" (git-fixes).\n- Revert \"drm/amd/display: Use HW lock mgr for PSR1\" (stable-fixes).\n- Revert \"leds-pca955x: Remove the unused function pca95xx_num_led_regs()\" (stable-fixes).\n- Revert \"wifi: ath11k: restore country code during resume\" (bsc#1207948).\n- Revert \"wifi: ath11k: support hibernation\" (bsc#1207948).\n- SUNRPC: Handle -ETIMEDOUT return from tlshd (git-fixes).\n- SUNRPC: Prevent looping due to rpc_signal_task() races (git-fixes).\n- SUNRPC: convert RPC_TASK_* constants to enum (git-fixes).\n- UPSTREAM: tcp: fix DSACK undo in fast recovery to call tcp_try_to_open() (git-fixes).\n- USB: Add USB_QUIRK_NO_LPM quirk for sony xperia xz1 smartphone (stable-fixes).\n- USB: Fix the issue of task recovery failure caused by USB status when S4 wakes up (git-fixes).\n- USB: cdc-acm: Fill in Renesas R-Car D3 USB Download mode quirk (git-fixes).\n- USB: gadget: f_midi: f_midi_complete to call queue_work (git-fixes).\n- USB: hub: Ignore non-compliant devices with too many configs or interfaces (stable-fixes).\n- USB: pci-quirks: Fix HCCPARAMS register error for LS7A EHCI (stable-fixes).\n- USB: quirks: add USB_QUIRK_NO_LPM quirk for Teclast dist (stable-fixes).\n- USB: serial: ftdi_sio: add support for Altera USB Blaster 3 (stable-fixes).\n- USB: serial: option: add MeiG Smart SLM828 (stable-fixes).\n- USB: serial: option: add Telit Cinterion FE990B compositions (stable-fixes).\n- USB: serial: option: add Telit Cinterion FN990B compositions (stable-fixes).\n- USB: serial: option: drop MeiG Smart defines (stable-fixes).\n- USB: serial: option: fix Telit Cinterion FE990A name (stable-fixes).\n- USB: serial: option: fix Telit Cinterion FN990A name (stable-fixes).\n- USB: serial: option: match on interface class for Telit FN990B (stable-fixes).\n- Update \"drm/mgag200: Added support for the new device G200eH5\" (jsc#PED-12094)\n- Use gcc-13 for build on SLE16 (jsc#PED-10028).\n- accel/qaic: Fix integer overflow in qaic_validate_req() (git-fixes).\n- accel/qaic: Fix possible data corruption in BOs \u003e 2G (git-fixes).\n- acct: block access to kernel internal filesystems (git-fixes).\n- acct: perform last write from workqueue (git-fixes).\n- add nf_tables for iptables non-legacy network handling.\n- af_packet: do not call packet_read_pending() from tpacket_destruct_skb() (bsc#1237849).\n- af_unix: Annotate data-race of sk-\u003esk_state in unix_stream_read_skb() (bsc#1239435).\n- af_unix: Disable MSG_OOB handling for sockets in sockmap/sockhash (bsc#1239435).\n- af_unix: Remove put_pid()/put_cred() in copy_peercred() (bsc#1240334).\n- amdgpu/pm/legacy: fix suspend/resume issues (git-fixes).\n- arm64/mm: Ensure adequate HUGE_MAX_HSTATE (git-fixes)\n- arm64: Handle .ARM.attributes section in linker scripts (git-fixes)\n- arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array (git-fixes)\n- arm64: cputype: Add MIDR_CORTEX_A76AE (git-fixes)\n- arm64: dts: freescale: imx8mm-verdin-dahlia: add Microphone Jack to (git-fixes)\n- arm64: dts: freescale: tqma8mpql: Fix vqmmc-supply (git-fixes)\n- arm64: dts: rockchip: Add avdd HDMI supplies to RockPro64 board dtsi (git-fixes)\n- arm64: dts: rockchip: Add missing PCIe supplies to RockPro64 board (git-fixes)\n- arm64: dts: rockchip: Fix PWM pinctrl names (git-fixes)\n- arm64: dts: rockchip: Remove bluetooth node from rock-3a (git-fixes)\n- arm64: dts: rockchip: Remove undocumented sdmmc property from (git-fixes)\n- arm64: dts: rockchip: add rs485 support on uart5 of (git-fixes)\n- arm64: dts: rockchip: fix pinmux of UART0 for PX30 Ringneck on Haikou (git-fixes)\n- arm64: dts: rockchip: fix pinmux of UART5 for PX30 Ringneck on Haikou (git-fixes)\n- arm64: errata: Add KRYO 2XX/3XX/4XX silver cores to Spectre BHB safe (git-fixes)\n- arm64: errata: Add QCOM_KRYO_4XX_GOLD to the spectre_bhb_k24_list (git-fixes)\n- arm64: errata: Add newer ARM cores to the spectre_bhb_loop_affected() (git-fixes)\n- arm64: errata: Assume that unknown CPUs _are_ vulnerable to Spectre (git-fixes)\n- arm64: hugetlb: Fix flush_hugetlb_tlb_range() invalidation level (git-fixes)\n- arm64: hugetlb: Fix huge_ptep_get_and_clear() for non-present ptes (git-fixes)\n- arm64: hugetlb: enable __HAVE_ARCH_FLUSH_HUGETLB_TLB_RANGE (git-fixes)\n- arm64: mm: Populate vmemmap at the page level if not section aligned (git-fixes)\n- arm64: tegra: Remove the Orin NX/Nano suspend key (git-fixes)\n- ata: ahci: Add mask_port_map module parameter (git-fixes).\n- ata: libata-scsi: Check ATA_QCFLAG_RTF_FILLED before using result_tf (git-fixes).\n- ata: libata-scsi: Remove redundant sense_buffer memsets (git-fixes).\n- ata: libata-sff: Ensure that we cannot write outside the allocated buffer (stable-fixes).\n- ata: libata: Fix NCQ Non-Data log not supported print (git-fixes).\n- ata: pata_parport: add custom version of wait_after_reset (git-fixes).\n- ata: pata_parport: fit3: implement IDE command set registers (git-fixes).\n- ata: pata_serverworks: Do not use the term blacklist (git-fixes).\n- ata: sata_highbank: fix OF node reference leak in highbank_initialize_phys() (git-fixes).\n- ata: sata_sil: Rename sil_blacklist to sil_quirks (git-fixes).\n- auxdisplay: panel: Fix an API misuse in panel.c (git-fixes).\n- backlight: led_bl: Hold led_access lock when calling led_sysfs_disable() (git-fixes).\n- batman-adv: Drop unmanaged ELP metric worker (git-fixes).\n- batman-adv: Ignore neighbor throughput metrics in error case (stable-fixes).\n- batman-adv: Ignore own maximum aggregation size during RX (git-fixes).\n- batman-adv: fix panic during interface removal (git-fixes).\n- bio-integrity: do not restrict the size of integrity metadata (git-fixes).\n- bitmap: introduce generic optimized bitmap_size() (git-fixes).\n- blk-cgroup: Fix class @block_class\u0027s subsystem refcount leakage (bsc#1237558).\n- blk-cgroup: Properly propagate the iostat update up the hierarchy (bsc#1225606).\n- blk-iocost: Avoid using clamp() on inuse in __propagate_weights() (git-fixes).\n- blk-mq: Make blk_mq_quiesce_tagset() hold the tag list mutex less long (git-fixes).\n- blk-mq: add number of queue calc helper (bsc#1236897).\n- blk-mq: create correct map for fallback case (bsc#1236896).\n- blk-mq: do not count completed flush data request as inflight in case of quiesce (git-fixes).\n- blk-mq: introduce blk_mq_map_hw_queues (bsc#1236896).\n- blk-mq: issue warning when offlining hctx with online isolcpus (bsc#1236897).\n- blk-mq: move cpuhp callback registering out of q-\u003esysfs_lock (git-fixes).\n- blk-mq: register cpuhp callback after hctx is added to xarray table (git-fixes).\n- blk-mq: use hk cpus only when isolcpus=managed_irq is enabled (bsc#1236897).\n- blk_iocost: remove some duplicate irq disable/enables (git-fixes).\n- block, bfq: fix waker_bfqq UAF after bfq_split_bfqq() (git-fixes).\n- block: Clear zone limits for a non-zoned stacked queue (git-fixes).\n- block: Fix elevator_get_default() checking for NULL q-\u003etag_set (git-fixes).\n- block: Fix lockdep warning in blk_mq_mark_tag_wait (git-fixes).\n- block: Fix page refcounts for unaligned buffers in __bio_release_pages() (git-fixes).\n- block: Provide bdev_open_* functions (git-fixes).\n- block: Remove special-casing of compound pages (git-fixes).\n- block: Set memalloc_noio to false on device_add_disk() error path (git-fixes).\n- block: add a disk_has_partscan helper (git-fixes).\n- block: add a partscan sysfs attribute for disks (git-fixes).\n- block: add check of \u0027minors\u0027 and \u0027first_minor\u0027 in device_add_disk() (git-fixes).\n- block: avoid to reuse `hctx` not removed from cpuhp callback list (git-fixes).\n- block: change rq_integrity_vec to respect the iterator (git-fixes).\n- block: cleanup and fix batch completion adding conditions (git-fixes).\n- block: copy back bounce buffer to user-space correctly in case of split (git-fixes).\n- block: do not revert iter for -EIOCBQUEUED (git-fixes).\n- block: ensure we hold a queue reference when using queue limits (git-fixes).\n- block: fix and simplify blkdevparts= cmdline parsing (git-fixes).\n- block: fix bio_split_rw_at to take zone_write_granularity into account (git-fixes).\n- block: fix integer overflow in BLKSECDISCARD (git-fixes).\n- block: fix missing dispatching request when queue is started or unquiesced (git-fixes).\n- block: fix ordering between checking BLK_MQ_S_STOPPED request adding (git-fixes).\n- block: fix ordering between checking QUEUE_FLAG_QUIESCED request adding (git-fixes).\n- block: fix sanity checks in blk_rq_map_user_bvec (git-fixes).\n- block: propagate partition scanning errors to the BLKRRPART ioctl (git-fixes).\n- block: remove the blk_flush_integrity call in blk_integrity_unregister (git-fixes).\n- block: retry call probe after request_module in blk_request_module (git-fixes).\n- block: return unsigned int from bdev_io_min (git-fixes).\n- block: sed-opal: avoid possible wrong address reference in read_sed_opal_key() (git-fixes).\n- block: support to account io_ticks precisely (git-fixes).\n- block: use the right type for stub rq_integrity_vec() (git-fixes).\n- bluetooth: btusb: Initialize .owner field of force_poll_sync_fops (git-fixes).\n- bnxt_en: Fix possible memory leak when hwrm_req_replace fails (git-fixes).\n- bnxt_en: Refactor bnxt_ptp_init() (git-fixes).\n- bnxt_en: Unregister PTP during PCI shutdown and suspend (git-fixes).\n- bpf: Avoid kfree_rcu() under lock in bpf_lpm_trie (git-fixes).\n- bpf: Fix a verifier verbose message (git-fixes).\n- bpf: Replace bpf_lpm_trie_key 0-length array with flexible array (git-fixes).\n- bpf: Use -Wno-error in certain tests when building with GCC (git-fixes).\n- bpf: prevent r10 register from being marked as precise (git-fixes).\n- broadcom: fix supported flag check in periodic output function (git-fixes).\n- btrfs: check delayed refs when we\u0027re checking if a ref exists (bsc#1239605).\n- btrfs: do not use btrfs_bio_ctrl for extent buffer writing (bsc#1239045).\n- btrfs: drop the backref cache during relocation if we commit (bsc#1239605).\n- btrfs: fix defrag not merging contiguous extents due to merged extent maps (bsc#1237232).\n- btrfs: fix extent map merging not happening for adjacent extents (bsc#1237232).\n- btrfs: remove the mirror_num argument to btrfs_submit_compressed_read (bsc#1239045).\n- btrfs: subpage: fix error handling in end_bio_subpage_eb_writepage (bsc#1239045).\n- btrfs: use a separate end_io handler for extent_buffer writing (bsc#1239045).\n- bus: mhi: host: Fix race between unprepare and queue_buf (git-fixes).\n- bus: mhi: host: pci_generic: Use pci_try_reset_function() to avoid deadlock (git-fixes).\n- bus: qcom-ssc-block-bus: Fix the error handling path of qcom_ssc_block_bus_probe() (git-fixes).\n- bus: qcom-ssc-block-bus: Remove some duplicated iounmap() calls (git-fixes).\n- bus: simple-pm-bus: fix forced runtime PM use (git-fixes).\n- can: c_can: fix unbalanced runtime PM disable in error path (git-fixes).\n- can: ctucanfd: handle skb allocation failure (git-fixes).\n- can: etas_es58x: fix potential NULL pointer dereference on udev-\u003eserial (git-fixes).\n- can: flexcan: disable transceiver during system PM (git-fixes).\n- can: flexcan: only change CAN state when link up in system PM (git-fixes).\n- can: j1939: j1939_sk_send_loop(): fix unable to send messages with data length zero (git-fixes).\n- can: rcar_canfd: Fix page entries in the AFL list (git-fixes).\n- can: ucan: fix out of bound read in strscpy() source (git-fixes).\n- cdx: Fix possible UAF error in driver_override_show() (git-fixes).\n- char: misc: deallocate static minor in error path (git-fixes).\n- chelsio/chtls: prevent potential integer overflow on 32bit (git-fixes).\n- cifs: Fix parsing reparse point with native symlink in SMB1 non-UNICODE session (git-fixes).\n- cifs: Remove intermediate object of failed create reparse call (git-fixes).\n- cifs: commands that are retried should have replay flag set (bsc#1231432).\n- cifs: fix potential null pointer use in destroy_workqueue in init_cifs error path (bsc#1231432).\n- cifs: helper function to check replayable error codes (bsc#1231432).\n- cifs: new mount option called retrans (bsc#1231432).\n- cifs: open_cached_dir should not rely on primary channel (bsc#1231432).\n- cifs: open_cached_dir(): add FILE_READ_EA to desired access (git-fixes).\n- cifs: update desired access while requesting for directory lease (git-fixes).\n- cifs: update the same create_guid on replay (git-fixes).\n- clk: mediatek: mt2701-aud: fix conversion to mtk_clk_simple_probe (git-fixes).\n- clk: mediatek: mt2701-bdp: add missing dummy clk (git-fixes).\n- clk: mediatek: mt2701-img: add missing dummy clk (git-fixes).\n- clk: mediatek: mt2701-mm: add missing dummy clk (git-fixes).\n- clk: mediatek: mt2701-vdec: fix conversion to mtk_clk_simple_probe (git-fixes).\n- clk: qcom: clk-alpha-pll: fix alpha mode configuration (git-fixes).\n- clk: qcom: clk-rpmh: prevent integer overflow in recalc_rate (git-fixes).\n- clk: qcom: dispcc-sm6350: Add missing parent_map for a clock (git-fixes).\n- clk: qcom: gcc-mdm9607: Fix cmd_rcgr offset for blsp1_uart6 rcg (git-fixes).\n- clk: qcom: gcc-sm6350: Add missing parent_map for two clocks (git-fixes).\n- clk: qcom: gcc-sm8550: Do not turn off PCIe GDSCs during gdsc_disable() (git-fixes).\n- clk: sunxi-ng: a100: enable MMC clock reparenting (git-fixes).\n- clockevents/drivers/i8253: Fix stop sequence for timer 0 (git-fixes).\n- config: Set gcc version (jsc#PED-12251).\n- coredump: Fixes core_pipe_limit sysctl proc_handler (git-fixes).\n- cppc_cpufreq: Use desired perf if feedback ctrs are 0 or unchanged (bsc#1237856)\n- cpu/hotplug: Do not offline the last non-isolated CPU (bsc#1237562).\n- cpu/hotplug: Prevent self deadlock on CPU hot-unplug (bsc#1237562).\n- cpufreq/amd-pstate: Fix max_perf updation with schedutil (bsc#1239707).\n- cpufreq/cppc: Do not compare desired_perf in target() (bsc#1237856)\n- cpufreq/cppc: Move and rename (bsc#1237856)\n- cpufreq: cppc: Set fie_disabled to FIE_DISABLED if fails to create (bsc#1237856)\n- cpufreq: cppc: cppc_cpufreq_get_rate() returns zero in all error (bsc#1237856)\n- cpufreq: imx6q: Do not disable 792 Mhz OPP unnecessarily (git-fixes).\n- cpufreq: imx6q: do not warn for disabling a non-existing frequency (git-fixes).\n- cpufreq: mediatek-hw: Do not error out if supply is not found (git-fixes).\n- cpufreq: mediatek-hw: Wait for CPU supplies before probing (git-fixes).\n- cpufreq: qcom-nvmem: Enable virtual power domain devices (git-fixes).\n- cpufreq: qcom-nvmem: Simplify driver data allocation (stable-fixes).\n- cpufreq: qcom-nvmem: add support for IPQ8064 (git-fixes).\n- cpufreq: qcom-nvmem: drop pvs_ver for format a fuses (git-fixes).\n- cpufreq: qcom-nvmem: fix memory leaks in probe error paths (git-fixes).\n- cpufreq: qcom-nvmem: use SoC ID-s from bindings (git-fixes).\n- cpufreq: qcom-nvmem: use helper to get SMEM SoC ID (git-fixes).\n- cpufreq: qcom: Fix qcom_cpufreq_hw_recalc_rate() to query LUT if LMh IRQ is not available (git-fixes).\n- cpufreq: qcom: Implement clk_ops::determine_rate() for qcom_cpufreq* clocks (git-fixes).\n- cpufreq: s3c64xx: Fix compilation warning (stable-fixes).\n- cpumask: add cpumask_weight_andnot() (bsc#1239015).\n- cpumask: define cleanup function for cpumasks (bsc#1239015).\n- crypto: ccp - Fix check for the primary ASP device (git-fixes).\n- crypto: ccp - Fix uAPI definitions of PSP errors (git-fixes).\n- crypto: hisilicon/sec2 - fix for aead auth key length (git-fixes).\n- crypto: hisilicon/sec2 - fix for aead authsize alignment (git-fixes).\n- crypto: hisilicon/sec2 - fix for aead icv error (git-fixes).\n- crypto: hisilicon/sec2 - fix for aead invalid authsize (git-fixes).\n- crypto: hisilicon/sec2 - fix for sec spec check (git-fixes).\n- crypto: hisilicon/sec2 - optimize the error return process (stable-fixes).\n- crypto: iaa - Add global_stats file and remove individual stat files (jsc#PED-12416).\n- crypto: iaa - Change desc-\u003epriv to 0 (jsc#PED-12416).\n- crypto: iaa - Change iaa statistics to atomic64_t (jsc#PED-12416).\n- crypto: iaa - Fix comp/decomp delay statistics (jsc#PED-12416).\n- crypto: iaa - Remove comp/decomp delay statistics (jsc#PED-12416).\n- crypto: iaa - Remove header table code (jsc#PED-12416).\n- crypto: iaa - Remove potential infinite loop in check_completion() (jsc#PED-12416).\n- crypto: iaa - Remove unnecessary debugfs_create_dir() error check in iaa_crypto_debugfs_init() (jsc#PED-12416).\n- crypto: iaa - Remove unneeded newline in update_max_adecomp_delay_ns() (jsc#PED-12416).\n- crypto: iaa - Test the correct request flag (git-fixes).\n- crypto: iaa - Use cpumask_weight() when rebalancing (jsc#PED-12416).\n- crypto: iaa - Use kmemdup() instead of kzalloc() and memcpy() (jsc#PED-12416).\n- crypto: iaa - fix decomp_bytes_in stats (jsc#PED-12416).\n- crypto: iaa - fix the missing CRYPTO_ALG_ASYNC in cra_flags (jsc#PED-12416).\n- crypto: iaa - remove unneeded semicolon (jsc#PED-12416).\n- crypto: nx - Fix uninitialised hv_nxc on error (git-fixes).\n- crypto: qat - Avoid -Wflex-array-member-not-at-end warnings (jsc#PED-12416).\n- crypto: qat - Constify struct pm_status_row (jsc#PED-12416).\n- crypto: qat - Fix missing destroy_workqueue in adf_init_aer() (jsc#PED-12416).\n- crypto: qat - Fix spelling mistake \"Invalide\" -\u003e \"Invalid\" (jsc#PED-12416).\n- crypto: qat - Fix typo \"accelaration\" (jsc#PED-12416).\n- crypto: qat - Fix typo (jsc#PED-12416).\n- crypto: qat - Remove trailing space after \\n newline (jsc#PED-12416).\n- crypto: qat - Use static_assert() to check struct sizes (jsc#PED-12416).\n- crypto: qat - add admin msgs for telemetry (jsc#PED-12416).\n- crypto: qat - add auto reset on error (jsc#PED-12416).\n- crypto: qat - add bank save and restore flows (jsc#PED-12416).\n- crypto: qat - add fatal error notification (jsc#PED-12416).\n- crypto: qat - add fatal error notify method (jsc#PED-12416).\n- crypto: qat - add heartbeat error simulator (jsc#PED-12416).\n- crypto: qat - add interface for live migration (jsc#PED-12416).\n- crypto: qat - add support for 420xx devices (jsc#PED-12416).\n- crypto: qat - add support for device telemetry (jsc#PED-12416).\n- crypto: qat - add support for ring pair level telemetry (jsc#PED-12416).\n- crypto: qat - adf_get_etr_base() helper (jsc#PED-12416).\n- crypto: qat - allow disabling SR-IOV VFs (jsc#PED-12416).\n- crypto: qat - avoid memcpy() overflow warning (jsc#PED-12416).\n- crypto: qat - change signature of uof_get_num_objs() (jsc#PED-12416).\n- crypto: qat - disable arbitration before reset (jsc#PED-12416).\n- crypto: qat - ensure correct order in VF restarting handler (jsc#PED-12416).\n- crypto: qat - expand CSR operations for QAT GEN4 devices (jsc#PED-12416).\n- crypto: qat - fix \"Full Going True\" macro definition (jsc#PED-12416).\n- crypto: qat - fix arbiter mapping generation algorithm for QAT 402xx (jsc#PED-12416).\n- crypto: qat - fix comment structure (jsc#PED-12416).\n- crypto: qat - fix linking errors when PCI_IOV is disabled (jsc#PED-12416).\n- crypto: qat - fix recovery flow for VFs (jsc#PED-12416).\n- crypto: qat - fix ring to service map for dcc in 420xx (jsc#PED-12416).\n- crypto: qat - generate dynamically arbiter mappings (jsc#PED-12416).\n- crypto: qat - implement dh fallback for primes \u003e 4K (jsc#PED-12416).\n- crypto: qat - implement interface for live migration (jsc#PED-12416).\n- crypto: qat - improve aer error reset handling (jsc#PED-12416).\n- crypto: qat - improve error message in adf_get_arbiter_mapping() (jsc#PED-12416).\n- crypto: qat - include pci.h for GET_DEV() (jsc#PED-12416).\n- crypto: qat - initialize user_input.lock for rate_limiting (jsc#PED-12416).\n- crypto: qat - limit heartbeat notifications (jsc#PED-12416).\n- crypto: qat - make adf_ctl_class constant (jsc#PED-12416).\n- crypto: qat - make ring to service map common for QAT GEN4 (jsc#PED-12416).\n- crypto: qat - move PFVF compat checker to a function (jsc#PED-12416).\n- crypto: qat - move fw config related structures (jsc#PED-12416).\n- crypto: qat - preserve ADF_GENERAL_SEC (jsc#PED-12416).\n- crypto: qat - re-enable sriov after pf reset (jsc#PED-12416).\n- crypto: qat - relocate CSR access code (jsc#PED-12416).\n- crypto: qat - relocate and rename 4xxx PF2VM definitions (jsc#PED-12416).\n- crypto: qat - relocate portions of qat_4xxx code (jsc#PED-12416).\n- crypto: qat - remove access to parity register for QAT GEN4 (git-fixes).\n- crypto: qat - remove unnecessary description from comment (jsc#PED-12416).\n- crypto: qat - remove unused adf_devmgr_get_first (jsc#PED-12416).\n- crypto: qat - rename get_sla_arr_of_type() (jsc#PED-12416).\n- crypto: qat - set parity error mask for qat_420xx (git-fixes).\n- crypto: qat - uninitialized variable in adf_hb_error_inject_write() (jsc#PED-12416).\n- crypto: qat - update PFVF protocol for recovery (jsc#PED-12416).\n- crypto: qat - use kcalloc_node() instead of kzalloc_node() (jsc#PED-12416).\n- crypto: qat - validate slices count returned by FW (jsc#PED-12416).\n- crypto: qat/qat_420xx - fix off by one in uof_get_name() (jsc#PED-12416).\n- cxgb4: Avoid removal of uninserted tid (git-fixes).\n- cxgb4: use port number to set mac addr (git-fixes).\n- devlink: avoid potential loop in devlink_rel_nested_in_notify_work() (bsc#1237234).\n- dlm: fix srcu_read_lock() return type to int (git-fixes).\n- dlm: prevent NPD when writing a positive value to event_done (git-fixes).\n- dm array: fix cursor index when skipping across block boundaries (git-fixes).\n- dm array: fix unreleased btree blocks on closing a faulty array cursor (git-fixes).\n- dm init: Handle minors larger than 255 (git-fixes).\n- dm integrity: fix out-of-range warning (git-fixes).\n- dm persistent data: fix memory allocation failure (git-fixes).\n- dm resume: do not return EINVAL when signalled (git-fixes).\n- dm suspend: return -ERESTARTSYS instead of -EINTR (git-fixes).\n- dm thin: Add missing destroy_work_on_stack() (git-fixes).\n- dm-crypt: do not update io-\u003esector after kcryptd_crypt_write_io_submit() (git-fixes).\n- dm-crypt: track tag_offset in convert_context (git-fixes).\n- dm-delay: fix hung task introduced by kthread mode (git-fixes).\n- dm-delay: fix max_delay calculations (git-fixes).\n- dm-delay: fix workqueue delay_timer race (git-fixes).\n- dm-ebs: do not set the flag DM_TARGET_PASSES_INTEGRITY (git-fixes).\n- dm-flakey: Fix memory corruption in optional corrupt_bio_byte feature (git-fixes).\n- dm-integrity: align the outgoing bio in integrity_recheck (git-fixes).\n- dm-integrity: fix a race condition when accessing recalc_sector (git-fixes).\n- dm-raid: Fix WARN_ON_ONCE check for sync_thread in raid_resume (git-fixes).\n- dm-unstriped: cast an operand to sector_t to prevent potential uint32_t overflow (git-fixes).\n- dm-verity FEC: Fix RS FEC repair for roots unaligned to block size (take 2) (git-fixes).\n- dm: Fix typo in error message (git-fixes).\n- dma: kmsan: export kmsan_handle_dma() for modules (git-fixes).\n- doc/README.SUSE: Point to the updated version of LKMPG\n- doc: update managed_irq documentation (bsc#1236897).\n- driver core: Remove needless return in void API device_remove_group() (git-fixes).\n- driver core: bus: add irq_get_affinity callback to bus_type (bsc#1236896).\n- drivers: core: fix device leak in __fw_devlink_relax_cycles() (git-fixes).\n- drivers: virt: acrn: hsm: Use kzalloc to avoid info leak in pmcmd_ioctl (git-fixes).\n- drm/amd/display: Assign normalized_pix_clk when color depth = 14 (stable-fixes).\n- drm/amd/display: Disable PSR-SU on eDP panels (stable-fixes).\n- drm/amd/display: Disable unneeded hpd interrupts during dm_init (stable-fixes).\n- drm/amd/display: Fix HPD after gpu reset (stable-fixes).\n- drm/amd/display: Fix Mode Cutoff in DSC Passthrough to DP2.1 Monitor (stable-fixes).\n- drm/amd/display: Fix null check for pipe_ctx-\u003eplane_state in resource_build_scaling_params (git-fixes).\n- drm/amd/display: Fix slab-use-after-free on hdcp_work (git-fixes).\n- drm/amd/display: Restore correct backlight brightness after a GPU reset (stable-fixes).\n- drm/amd/display: Use HW lock mgr for PSR1 when only one eDP (git-fixes).\n- drm/amd/display: avoid NPD when ASIC does not support DMUB (git-fixes).\n- drm/amd/display: fix type mismatch in CalculateDynamicMetadataParameters() (git-fixes).\n- drm/amd/pm: Mark MM activity as unsupported (stable-fixes).\n- drm/amdgpu/umsch: declare umsch firmware (git-fixes).\n- drm/amdgpu: Check extended configuration space register when system uses large bar (stable-fixes).\n- drm/amdgpu: Fix JPEG video caps max size for navi1x and raven (stable-fixes).\n- drm/amdgpu: Fix MPEG2, MPEG4 and VC1 video caps max size (stable-fixes).\n- drm/amdgpu: Replace Mutex with Spinlock for RLCG register access to avoid Priority Inversion in SRIOV (git-fixes).\n- drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table() (stable-fixes).\n- drm/amdgpu: bail out when failed to load fw in psp_init_cap_microcode() (git-fixes).\n- drm/amdgpu: disable BAR resize on Dell G5 SE (git-fixes).\n- drm/amdgpu: fix UVD contiguous CS mapping problem (bsc#1236759).\n- drm/amdkfd: Fix Circular Locking Dependency in \u0027svm_range_cpu_invalidate_pagetables\u0027 (git-fixes).\n- drm/amdkfd: only flush the validate MES contex (stable-fixes).\n- drm/atomic: Filter out redundant DPMS calls (stable-fixes).\n- drm/bridge: Fix spelling mistake \"gettin\" -\u003e \"getting\" (git-fixes).\n- drm/bridge: it6505: Change definition MAX_HDCP_DOWN_STREAM_COUNT (stable-fixes).\n- drm/bridge: it6505: fix HDCP Bstatus check (stable-fixes).\n- drm/bridge: it6505: fix HDCP CTS KSV list wait timer (stable-fixes).\n- drm/bridge: it6505: fix HDCP CTS compare V matching (stable-fixes).\n- drm/bridge: it6505: fix HDCP V match check is not performed correctly (git-fixes).\n- drm/bridge: it6505: fix HDCP encryption when R0 ready (stable-fixes).\n- drm/bridge: ti-sn65dsi86: Fix multiple instances (git-fixes).\n- drm/dp_mst: Fix drm RAD print (git-fixes).\n- drm/dp_mst: Fix locking when skipping CSN before topology probing (git-fixes).\n- drm/gma500: Add NULL check for pci_gfx_root in mid_get_vbt_data() (git-fixes).\n- drm/hyperv: Fix address space leak when Hyper-V DRM device is removed (git-fixes).\n- drm/i915/cdclk: Do cdclk post plane programming later (stable-fixes).\n- drm/i915/ddi: Fix HDMI port width programming in DDI_BUF_CTL (git-fixes).\n- drm/i915/dp: Fix error handling during 128b/132b link training (stable-fixes).\n- drm/i915/dp: Iterate DSC BPP from high to low on all platforms (git-fixes).\n- drm/i915/dsi: Use TRANS_DDI_FUNC_CTL\u0027s own port width macro (git-fixes).\n- drm/i915/guc: Debug print LRC state entries only if the context is pinned (git-fixes).\n- drm/i915/pmu: Fix zero delta busyness issue (git-fixes).\n- drm/i915/selftests: avoid using uninitialized context (git-fixes).\n- drm/i915/xe2lpd: Move D2D enable/disable (stable-fixes).\n- drm/i915: Drop 64bpp YUV formats from ICL+ SDR planes (stable-fixes).\n- drm/i915: Fix page cleanup on DMA remap failure (git-fixes).\n- drm/i915: Make sure all planes in use by the joiner have their crtc included (stable-fixes).\n- drm/komeda: Add check for komeda_get_layer_fourcc_list() (git-fixes).\n- drm/mediatek: dp: drm_err =\u003e dev_err in HPD path to avoid NULL ptr (git-fixes).\n- drm/mediatek: dsi: fix error codes in mtk_dsi_host_transfer() (git-fixes).\n- drm/mediatek: mtk_hdmi: Fix typo for aud_sampe_size member (git-fixes).\n- drm/mediatek: mtk_hdmi: Unregister audio platform device on failure (git-fixes).\n- drm/mgag200: Added support for the new device G200eH5 (jsc#PED-12094)\n- drm/modeset: Handle tiled displays in pan_display_atomic (stable-fixes).\n- drm/msm/a6xx: Fix a6xx indexed-regs in devcoreduump (git-fixes).\n- drm/msm/a6xx: Fix stale rpmh votes from GPU (git-fixes).\n- drm/msm/dpu: Disable dither in phys encoder cleanup (git-fixes).\n- drm/msm/dpu: Do not leak bits_per_component into random DSC_ENC fields (git-fixes).\n- drm/msm/dpu: do not use active in atomic_check() (git-fixes).\n- drm/msm/dsi: Set PHY usescase (and mode) before registering DSI host (git-fixes).\n- drm/msm/dsi: Use existing per-interface slice count in DSC timing (git-fixes).\n- drm/msm/gem: Demote userspace errors to DRM_UT_DRIVER (stable-fixes).\n- drm/msm/gem: prevent integer overflow in msm_ioctl_gem_submit() (git-fixes).\n- drm/msm: Avoid rounding up to one jiffy (git-fixes).\n- drm/nouveau/pmu: Fix gp10b firmware guard (git-fixes).\n- drm/nouveau: Do not override forced connector status (stable-fixes).\n- drm/panel: ilitek-ili9882t: fix GPIO name in error message (git-fixes).\n- drm/radeon/ci_dpm: Remove needless NULL checks of dpm tables (git-fixes).\n- drm/radeon: Fix rs400_gpu_init for ATI mobility radeon Xpress 200M (stable-fixes).\n- drm/radeon: fix uninitialized size issue in radeon_vce_cs_parse() (git-fixes).\n- drm/repaper: fix integer overflows in repeat functions (git-fixes).\n- drm/rockchip: move output interface related definition to rockchip_drm_drv.h (stable-fixes).\n- drm/rockchip: vop2: Fix the windows switch between different layers (git-fixes).\n- drm/rockchip: vop2: Set YUV/RGB overlay mode (stable-fixes).\n- drm/rockchip: vop2: include rockchip_drm_drv.h (git-fixes).\n- drm/rockchip: vop2: set bg dly and prescan dly at vop2_post_config (stable-fixes).\n- drm/sched: Fix fence reference count leak (git-fixes).\n- drm/sched: Fix preprocessor guard (git-fixes).\n- drm/ssd130x: Set SPI .id_table to prevent an SPI core warning (git-fixes).\n- drm/ssd130x: ensure ssd132x pitch is correct (git-fixes).\n- drm/ssd130x: fix ssd132x encoding (git-fixes).\n- drm/v3d: Do not run jobs that have errors flagged in its fence (git-fixes).\n- drm/virtio: New fence for every plane update (stable-fixes).\n- drm/vkms: Fix use after free and double free on init error (git-fixes).\n- drm/vkms: Round fixp2int conversion in lerp_u16 (stable-fixes).\n- drm: xlnx: zynqmp: Fix max dma segment size (git-fixes).\n- dummycon: fix default rows/cols (git-fixes).\n- eeprom: digsy_mtc: Make GPIO lookup table match the device (git-fixes).\n- efi/libstub: Bump up EFI_MMAP_NR_SLACK_SLOTS to 32 (bsc#1239349).\n- efi: Avoid cold plugged memory for placing the kernel (stable-fixes).\n- efi: libstub: Use \u0027-std=gnu11\u0027 to fix build with GCC 15 (stable-fixes).\n- eth: gve: use appropriate helper to set xdp_features (git-fixes).\n- exfat: convert to ctime accessor functions (git-fixes).\n- exfat: do not zero the extended part (bsc#1237356).\n- exfat: fix appending discontinuous clusters to empty file (bsc#1237356).\n- exfat: fix file being changed by unaligned direct write (git-fixes).\n- exfat: fix timing of synchronizing bitmap and inode (bsc#1237356).\n- exfat: fix zero the unwritten part for dio read (git-fixes).\n- fbdev: au1100fb: Move a variable assignment behind a null pointer check (git-fixes).\n- fbdev: omap: use threaded IRQ for LCD DMA (stable-fixes).\n- fbdev: pxafb: Fix possible use after free in pxafb_task() (stable-fixes).\n- fbdev: sm501fb: Add some geometry checks (git-fixes).\n- firmware: arm_ffa: Explicitly cast return value from FFA_VERSION before comparison (git-fixes).\n- firmware: arm_scmi: use ioread64() instead of ioread64_hi_lo() (git-fixes).\n- firmware: cs_dsp: Remove async regmap writes (git-fixes).\n- firmware: imx-scu: fix OF node leak in .probe() (git-fixes).\n- firmware: iscsi_ibft: fix ISCSI_IBFT Kconfig entry (git-fixes).\n- flow_dissector: use RCU protection to fetch dev_net() (bsc#1239994).\n- futex: Do not include process MM in futex key on no-MMU (git-fixes).\n- gpio: aggregator: protect driver attr handlers against module unload (git-fixes).\n- gpio: bcm-kona: Add missing newline to dev_err format string (git-fixes).\n- gpio: bcm-kona: Fix GPIO lock/unlock for banks above bank 0 (git-fixes).\n- gpio: bcm-kona: Make sure GPIO bits are unlocked when requesting IRQ (git-fixes).\n- gpio: pca953x: Improve interrupt support (git-fixes).\n- gpio: rcar: Fix missing of_node_put() call (git-fixes).\n- gpio: rcar: Use raw_spinlock to protect register access (stable-fixes).\n- gpio: stmpe: Check return value of stmpe_reg_read in stmpe_gpio_irq_sync_unlock (git-fixes).\n- gpiolib: acpi: Add a quirk for Acer Nitro ANV14 (stable-fixes).\n- gpu: drm_dp_cec: fix broken CEC adapter properties check (git-fixes).\n- gpu: host1x: Do not assume that a NULL domain means no DMA IOMMU (git-fixes).\n- gtp: Use for_each_netdev_rcu() in gtp_genl_dump_pdp() (git-fixes).\n- gup: make the stack expansion warning a bit more targeted (bsc#1238214).\n- hfs: Sanity check the root record (git-fixes).\n- hwmon: (ad7314) Validate leading zero bits and return error (git-fixes).\n- hwmon: (ntc_thermistor) Fix the ncpXXxh103 sensor table (git-fixes).\n- hwmon: (pmbus) Initialise page count in pmbus_identify() (git-fixes).\n- hwmon: fix a NULL vs IS_ERR_OR_NULL() check in xgene_hwmon_probe() (git-fixes).\n- i2c: Force ELAN06FA touchpad I2C bus freq to 100KHz (stable-fixes).\n- i2c: ali1535: Fix an error handling path in ali1535_probe() (git-fixes).\n- i2c: ali15x3: Fix an error handling path in ali15x3_probe() (git-fixes).\n- i2c: amd-mp2: drop free_irq() of devm_request_irq() allocated irq (git-fixes).\n- i2c: ls2x: Fix frequency division register access (git-fixes).\n- i2c: npcm: disable interrupt enable bit before devm_request_irq (git-fixes).\n- i2c: omap: fix IRQ storms (git-fixes).\n- i2c: sis630: Fix an error handling path in sis630_probe() (git-fixes).\n- i3c: Add NULL pointer check in i3c_master_queue_ibi() (git-fixes).\n- i3c: master: svc: Fix missing the IBI rules (git-fixes).\n- i3c: master: svc: Use readsb helper for reading MDB (git-fixes).\n- iavf: allow changing VLAN state without calling PF (git-fixes).\n- ice: Remove and readd netdev during devlink reload (bsc#1230497 bsc#1239518).\n- ice: Skip PTP HW writes during PTP reset procedure (git-fixes).\n- ice: add ice_adapter for shared data across PFs on the same NIC (bsc#1237415).\n- ice: avoid the PTP hardware semaphore in gettimex64 path (bsc#1237415).\n- ice: check ICE_VSI_DOWN under rtnl_lock when preparing for reset (git-fixes).\n- ice: fix incorrect PHY settings for 100 GB/s (git-fixes).\n- ice: fix max values for dpll pin phase adjust (git-fixes).\n- ice: fold ice_ptp_read_time into ice_ptp_gettimex64 (bsc#1237415).\n- ice: gather page_count()\u0027s of each frag right before XDP prog call (git-fixes).\n- ice: pass VSI pointer into ice_vc_isvalid_q_id (bsc#1237848 bsc#1230497).\n- ice: put Rx buffers after being done with current frame (git-fixes).\n- ice: stop storing XDP verdict within ice_rx_buf (git-fixes).\n- ice: use internal pf id instead of function number (git-fixes).\n- idpf: add read memory barrier when checking descriptor done bit (git-fixes).\n- idpf: call set_real_num_queues in idpf_open (bsc#1236661).\n- idpf: convert workqueues to unbound (git-fixes).\n- idpf: fix VF dynamic interrupt ctl register initialization (git-fixes).\n- idpf: fix handling rsc packet with a single segment (git-fixes).\n- igc: Fix HW RX timestamp when passed by ZC XDP (git-fixes).\n- igc: Set buffer type for empty frames in igc_init_empty_frame (git-fixes).\n- igc: return early when failing to read EECD register (git-fixes).\n- iio: accel: mma8452: Ensure error return on failure to matching oversampling ratio (git-fixes).\n- iio: accel: msa311: Fix failure to release runtime pm if direct mode claim fails (git-fixes).\n- iio: adc: ad4130: Fix comparison of channel setups (git-fixes).\n- iio: adc: ad7124: Fix comparison of channel configs (git-fixes).\n- iio: adc: at91-sama5d2_adc: fix sama7g5 realbits value (git-fixes).\n- iio: dac: ad3552r: clear reset status flag (git-fixes).\n- iio: filter: admv8818: Force initialization of SDO (git-fixes).\n- include/linux/mmzone.h: clean up watermark accessors (bsc#1239600).\n- include: net: add static inline dst_dev_overhead() to dst.h (git-fixes).\n- init: add initramfs_internal.h (bsc#1232848).\n- initcall_blacklist: Does not allow kernel_lockdown be blacklisted (bsc#1237521).\n- initramfs: allocate heap buffers together (bsc#1232848).\n- initramfs: fix hardlink hash leak without TRAILER (bsc#1232848).\n- intel_idle: Add ibrs_off module parameter to force-disable IBRS (git-fixes).\n- intel_idle: Use __update_spec_ctrl() in intel_idle_ibrs() (git-fixes).\n- intel_th: pci: Add Arrow Lake support (stable-fixes).\n- intel_th: pci: Add Panther Lake-H support (stable-fixes).\n- intel_th: pci: Add Panther Lake-P/U support (stable-fixes).\n- ioam6: improve checks on user data (git-fixes).\n- iommu/arm-smmu-v3: Clean up more on probe failure (stable-fixes).\n- iommu/vt-d: Fix suspicious RCU usage (git-fixes).\n- ipv4: add RCU protection to ip4_dst_hoplimit() (bsc#1239994).\n- ipv4: use RCU protection in inet_select_addr() (bsc#1239994).\n- ipv4: use RCU protection in ip_dst_mtu_maybe_forward() (bsc#1239994).\n- ipv4: use RCU protection in ipv4_default_advmss() (bsc#1239994).\n- ipv4: use RCU protection in rt_is_expired() (bsc#1239994).\n- ipv6: Ensure natural alignment of const ipv6 loopback and router addresses (git-fixes).\n- ipv6: Fix memleak of nhc_pcpu_rth_output in fib_check_nh_v6_gw() (git-fixes).\n- ipv6: Set errno after ip_fib_metrics_init() in ip6_route_info_create() (git-fixes).\n- ipv6: Use RCU in ip6_input() (bsc#1239994).\n- ipv6: annotate data-races around cnf.disable_ipv6 (git-fixes).\n- ipv6: avoid atomic fragment on GSO packets (git-fixes).\n- ipv6: fib6_rules: flush route cache when rule is changed (git-fixes).\n- ipv6: fib: hide unused \u0027pn\u0027 variable (git-fixes).\n- ipv6: fix ndisc_is_useropt() handling for PIO (git-fixes).\n- ipv6: fix potential NULL deref in fib6_add() (git-fixes).\n- ipv6: icmp: convert to dev_net_rcu() (bsc#1239994).\n- ipv6: introduce dst_rt6_info() helper (git-fixes).\n- ipv6: ioam: block BH from ioam6_output() (git-fixes).\n- ipv6: properly combine dev_base_seq and ipv6.dev_addr_genid (git-fixes).\n- ipv6: remove hard coded limitation on ipv6_pinfo (git-fixes).\n- ipv6: sr: add missing seg6_local_exit (git-fixes).\n- ipv6: sr: block BH in seg6_output_core() and seg6_input_core() (git-fixes).\n- ipv6: take care of scope when choosing the src addr (git-fixes).\n- jfs: add check read-only before truncation in jfs_truncate_nolock() (git-fixes).\n- jfs: add check read-only before txBeginAnon() call (git-fixes).\n- jfs: add index corruption check to DT_GETPAGE() (git-fixes).\n- jfs: fix slab-out-of-bounds read in ea_get() (git-fixes).\n- jfs: reject on-disk inodes of an unsupported type (git-fixes).\n- kABI fix for RDMA/core: Do not expose hw_counters outside (git-fixes)\n- kABI fix for ipv6: remove hard coded limitation on ipv6_pinfo (git-fixes).\n- kABI fix for net: ipv6: support reporting otherwise unknown prefix flags in RTM_NEWPREFIX (git-fixes).\n- kABI fix for netlink: terminate outstanding dump on socket close (git-fixes).\n- kABI fix for tcp: fix cookie_init_timestamp() overflows (git-fixes).\n- kABI fix for tcp: replace tcp_time_stamp_raw() (git-fixes).\n- kABI workaround for intel-ish-hid (git-fixes).\n- kABI workaround for soc_mixer_control changes (git-fixes).\n- kabi: fix bus type (bsc#1236896).\n- kabi: fix group_cpus_evenly (bsc#1236897).\n- kabi: hide adding RCU head into struct netdev_name_node (bsc#1233749).\n- kasan: do not call find_vm_area() in a PREEMPT_RT kernel (git-fixes).\n- kbuild: hdrcheck: fix cross build with clang (git-fixes).\n- kbuild: userprogs: fix bitsize and target detection on clang (git-fixes).\n- kernel-source: Also replace bin/env\n- kunit: qemu_configs: sparc: use Zilog console (git-fixes).\n- l2tp: fix ICMP error handling for UDP-encap sockets (git-fixes).\n- l2tp: fix incorrect parameter validation in the pppol2tp_getsockopt() function (git-fixes).\n- l2tp: fix lockdep splat (git-fixes).\n- leds: rgb: leds-qcom-lpg: Fix calculation of best period Hi-Res PWMs (git-fixes).\n- leds: rgb: leds-qcom-lpg: Fix pwm resolution max for Hi-Res PWMs (git-fixes).\n- lib/group_cpus: honor housekeeping config when grouping CPUs (bsc#1236897).\n- lib/group_cpus: let group_cpu_evenly return number initialized masks (bsc#1236897).\n- lib/iov_iter: fix import_iovec_ubuf iovec management (git-fixes).\n- lib: 842: Improve error handling in sw842_compress() (git-fixes).\n- lib: stackinit: hide never-taken branch from compiler (stable-fixes).\n- lockdep: Do not disable interrupts on RT in disable_irq_nosync_lockdep.*() (git-fixes).\n- lockdep: Fix upper limit for LOCKDEP_*_BITS configs (stable-fixes).\n- lockdep: fix deadlock issue between lockdep and rcu (git-fixes).\n- locking/lockdep: Avoid creating new name string literals in lockdep_set_subclass() (git-fixes).\n- locking/rwsem: Add __always_inline annotation to __down_write_common() and inlined callers (git-fixes).\n- loop: do not set QUEUE_FLAG_NOMERGES (git-fixes).\n- md/md-bitmap: Add missing destroy_work_on_stack() (git-fixes).\n- md/md-bitmap: add \u0027sync_size\u0027 into struct md_bitmap_stats (git-fixes).\n- md/md-bitmap: replace md_bitmap_status() with a new helper md_bitmap_get_stats() (git-fixes).\n- md/md-cluster: fix spares warnings for __le64 (git-fixes).\n- md/raid0: do not free conf on raid0_run failure (git-fixes).\n- md/raid1: do not free conf on raid0_run failure (git-fixes).\n- md/raid5: Wait sync io to finish before changing group cnt (git-fixes).\n- md: Do not flush sync_work in md_write_start() (git-fixes).\n- md: convert comma to semicolon (git-fixes).\n- mdacon: rework dependency list (git-fixes).\n- media: cxd2841er: fix 64-bit division on gcc-9 (stable-fixes).\n- media: dvb: mb86a16: check the return value of mb86a16_read() (git-fixes).\n- media: firewire: firedtv-avc.c: replace BUG with proper, error return (git-fixes).\n- media: i2c: adv748x: Fix test pattern selection mask (git-fixes).\n- media: i2c: ccs: Set the device\u0027s runtime PM status correctly in remove (git-fixes).\n- media: i2c: ov7251: Introduce 1 ms delay between regulators and en GPIO (git-fixes).\n- media: i2c: ov7251: Set enable GPIO low in probe (git-fixes).\n- media: ov08x40: Fix hblank out of range issue (git-fixes).\n- media: platform: allgro-dvt: unregister v4l2_device on the error path (git-fixes).\n- media: platform: stm32: Add check for clk_enable() (git-fixes).\n- media: siano: Fix error handling in smsdvb_module_init() (git-fixes).\n- media: streamzap: fix race between device disconnection and urb callback (git-fixes).\n- media: streamzap: prevent processing IR data on URB failure (git-fixes).\n- media: uvcvideo: Add Kurokesu C1 PRO camera (stable-fixes).\n- media: uvcvideo: Add new quirk definition for the Sonix Technology Co. 292a camera (stable-fixes).\n- media: uvcvideo: Implement dual stream quirk to fix loss of usb packets (stable-fixes).\n- media: v4l2-dv-timings: prevent possible overflow in v4l2_detect_gtf() (git-fixes).\n- media: venus: hfi: add a check to handle OOB in sfr region (git-fixes).\n- media: venus: hfi: add check to handle incorrect queue size (git-fixes).\n- media: venus: hfi_parser: add check to avoid out of bound access (git-fixes).\n- media: venus: hfi_parser: refactor hfi packet parsing logic (git-fixes).\n- media: verisilicon: HEVC: Initialize start_bit field (git-fixes).\n- media: vidtv: Fix a null-ptr-deref in vidtv_mux_stop_thread (stable-fixes).\n- media: vim2m: print device name after registering device (git-fixes).\n- media: visl: Fix ERANGE error when setting enum controls (git-fixes).\n- mei: me: add panther lake P DID (stable-fixes).\n- memblock tests: fix warning: \"__ALIGN_KERNEL\" redefined (git-fixes).\n- memory: mtk-smi: Add ostd setting for mt8192 (git-fixes).\n- memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove (git-fixes).\n- mfd: ene-kb3930: Fix a potential NULL pointer dereference (git-fixes).\n- mfd: lpc_ich: Add another Gemini Lake ISA bridge PCI device-id (stable-fixes).\n- mfd: sm501: Switch to BIT() to mitigate integer overflows (git-fixes).\n- mfd: syscon: Add of_syscon_register_regmap() API (stable-fixes).\n- mfd: syscon: Fix race in device_node_get_regmap() (git-fixes).\n- mfd: syscon: Remove extern from function prototypes (stable-fixes).\n- mfd: syscon: Use scoped variables with memory allocators to simplify error paths (stable-fixes).\n- mm/compaction: fix UBSAN shift-out-of-bounds warning (git fixes (mm/compaction)).\n- mm/page_alloc: fix memory accept before watermarks gets initialized (bsc#1239600).\n- mm: accept to promo watermark (bsc#1239600).\n- mm: create promo_wmark_pages and clean up open-coded sites (bsc#1239600).\n- mm: fix endless reclaim on machines with unaccepted memory (bsc#1239600).\n- mm: hugetlb: Add huge page size param to huge_ptep_get_and_clear() (git-fixes)\n- mm: zswap: move allocations during CPU init outside the lock (git-fixes).\n- mmc: atmel-mci: Add missing clk_disable_unprepare() (git-fixes).\n- mmc: core: Respect quirk_max_rate for non-UHS SDIO card (stable-fixes).\n- mmc: mtk-sd: Fix register settings for hs400(es) mode (git-fixes).\n- mmc: omap: Fix memory leak in mmc_omap_new_slot (git-fixes).\n- mmc: sdhci-brcmstb: add cqhci suspend/resume to PM ops (git-fixes).\n- mmc: sdhci-msm: Correctly set the load for the regulator (stable-fixes).\n- mmc: sdhci-omap: Disable MMC_CAP_AGGRESSIVE_PM for eMMC/SD (git-fixes).\n- mptcp: export local_address (git-fixes)\n- mptcp: fix NL PM announced address accounting (git-fixes)\n- mptcp: fix data races on local_id (git-fixes)\n- mptcp: fix inconsistent state on fastopen race (bsc#1222672).\n- mptcp: fix recvbuffer adjust on sleeping rcvmsg (git-fixes)\n- mptcp: fully established after ADD_ADDR echo on MPJ (git-fixes)\n- mptcp: pass addr to mptcp_pm_alloc_anno_list (git-fixes)\n- mptcp: pm: check add_addr_accept_max before accepting new ADD_ADDR (git-fixes)\n- mptcp: pm: deny endp with signal + subflow + port (git-fixes)\n- mptcp: pm: do not ignore \u0027subflow\u0027 if \u0027signal\u0027 flag is also set (git-fixes)\n- mptcp: pm: do not try to create sf if alloc failed (git-fixes)\n- mptcp: pm: fullmesh: select the right ID later (git-fixes)\n- mptcp: pm: inc RmAddr MIB counter once per RM_ADDR ID (git-fixes)\n- mptcp: pm: only in-kernel cannot have entries with ID 0 (git-fixes)\n- mptcp: pm: re-using ID of unused flushed subflows (git-fixes)\n- mptcp: pm: re-using ID of unused removed ADD_ADDR (git-fixes)\n- mptcp: pm: re-using ID of unused removed subflows (git-fixes)\n- mptcp: pm: reduce indentation blocks (git-fixes)\n- mptcp: pm: remove mptcp_pm_remove_subflow (git-fixes)\n- mptcp: unify pm get_flags_and_ifindex_by_id (git-fixes)\n- mptcp: unify pm get_local_id interfaces (git-fixes)\n- mptcp: unify pm set_flags interfaces (git-fixes)\n- mtd: Add check for devm_kcalloc() (git-fixes).\n- mtd: Replace kcalloc() with devm_kcalloc() (git-fixes).\n- mtd: nand: Fix a kdoc comment (git-fixes).\n- mtd: rawnand: brcmnand: fix PM resume warning (git-fixes).\n- mtd: rawnand: cadence: fix error code in cadence_nand_init() (git-fixes).\n- mtd: rawnand: cadence: fix incorrect device in dma_unmap_single (git-fixes).\n- mtd: rawnand: cadence: fix unchecked dereference (git-fixes).\n- mtd: rawnand: cadence: use dma_map_resource for sdma address (git-fixes).\n- nbd: Fix signal handling (git-fixes).\n- nbd: Improve the documentation of the locking assumptions (git-fixes).\n- nbd: do not allow reconnect after disconnect (git-fixes).\n- ndisc: ndisc_send_redirect() must use dev_get_by_index_rcu() (bsc#1239994).\n- ndisc: use RCU protection in ndisc_alloc_skb() (bsc#1239994).\n- net l2tp: drop flow hash on forward (git-fixes).\n- net/mlx5: Correct TASR typo into TSAR (git-fixes).\n- net/mlx5: Fix RDMA TX steering prio (git-fixes).\n- net/mlx5: Fix msix vectors to respect platform limit (bsc#1225981).\n- net/mlx5: SF, Fix add port error handling (git-fixes).\n- net/mlx5: Verify support for scheduling element and TSAR type (git-fixes).\n- net/mlx5e: Always start IPsec sequence number from 1 (git-fixes).\n- net/mlx5e: Rely on reqid in IPsec tunnel mode (git-fixes).\n- net/mlx5e: macsec: Maintain TX SA from encoding_sa (git-fixes).\n- net/sched: act_api: deny mismatched skip_sw/skip_hw flags for actions created by classifiers (git-fixes).\n- net/sched: act_api: rely on rcu in tcf_idr_check_alloc (git-fixes).\n- net/sched: adjust device watchdog timer to detect stopped queue at right time (git-fixes).\n- net/sched: cbs: Fix integer overflow in cbs_set_port_rate() (git-fixes).\n- net/sched: cls_u32: replace int refcounts with proper refcounts (git-fixes).\n- net/sched: flower: Add lock protection when remove filter handle (git-fixes).\n- net/sched: taprio: make q-\u003epicos_per_byte available to fill_sched_entry() (git-fixes).\n- net/sched: tbf: correct backlog statistic for GSO packets (git-fixes).\n- net/smc: support ipv4 mapped ipv6 addr client for smc-r v2 (bsc#1236994).\n- net: Fix undefined behavior in netdev name allocation (bsc#1233749).\n- net: add dev_net_rcu() helper (bsc#1239994).\n- net: avoid UAF on deleted altname (bsc#1233749).\n- net: check for altname conflicts when changing netdev\u0027s netns (bsc#1233749).\n- net: constify sk_dst_get() and __sk_dst_get() argument (git-fixes).\n- net: core: Use the bitmap API to allocate bitmaps (bsc#1233749).\n- net: do not send a MOVE event when netdev changes netns (bsc#1233749).\n- net: do not use input buffer of __dev_alloc_name() as a scratch space (bsc#1233749).\n- net: fix ifname in netlink ntf during netns move (bsc#1233749).\n- net: fix removing a namespace with conflicting altnames (bsc#1233749).\n- net: free altname using an RCU callback (bsc#1233749).\n- net: ipv6: fix dst ref loop in ila lwtunnel (git-fixes).\n- net: ipv6: fix dst ref loop on input in rpl lwt (git-fixes).\n- net: ipv6: fix dst ref loop on input in seg6 lwt (git-fixes).\n- net: ipv6: fix dst refleaks in rpl, seg6 and ioam6 lwtunnels (git-fixes).\n- net: ipv6: fix missing dst ref drop in ila lwtunnel (git-fixes).\n- net: ipv6: fix wrong start position when receive hop-by-hop fragment (git-fixes).\n- net: ipv6: ioam6: code alignment (git-fixes).\n- net: ipv6: ioam6: new feature tunsrc (git-fixes).\n- net: ipv6: ioam6_iptunnel: mitigate 2-realloc issue (git-fixes).\n- net: ipv6: rpl_iptunnel: Fix memory leak in rpl_input (git-fixes).\n- net: ipv6: rpl_iptunnel: block BH in rpl_output() and rpl_input() (git-fixes).\n- net: ipv6: rpl_iptunnel: mitigate 2-realloc issue (git-fixes).\n- net: ipv6: seg6_iptunnel: mitigate 2-realloc issue (git-fixes).\n- net: ipv6: select DST_CACHE from IPV6_RPL_LWTUNNEL (git-fixes).\n- net: ipv6: support reporting otherwise unknown prefix flags in RTM_NEWPREFIX (git-fixes).\n- net: make dev_alloc_name() call dev_prep_valid_name() (bsc#1233749).\n- net: mana: Add flex array to struct mana_cfg_rx_steer_req_v2 (bsc#1239016).\n- net: mana: Add get_link and get_link_ksettings in ethtool (bsc#1236761).\n- net: mana: Allow variable size indirection table (bsc#1239016).\n- net: mana: Assigning IRQ affinity on HT cores (bsc#1239015).\n- net: mana: Avoid open coded arithmetic (bsc#1239016).\n- net: mana: Cleanup \"mana\" debugfs dir after cleanup of all children (bsc#1236760).\n- net: mana: Enable debugfs files for MANA device (bsc#1236758).\n- net: mana: Fix irq_contexts memory leak in mana_gd_setup_irqs (bsc#1239015).\n- net: mana: Fix memory leak in mana_gd_setup_irqs (bsc#1239015).\n- net: mana: Support holes in device list reply msg (git-fixes).\n- net: mana: add a function to spread IRQs per CPUs (bsc#1239015).\n- net: mana: cleanup mana struct after debugfs_remove() (git-fixes).\n- net: move altnames together with the netdevice (bsc#1233749).\n- net: netvsc: Update default VMBus channels (bsc#1236757).\n- net: reduce indentation of __dev_alloc_name() (bsc#1233749).\n- net: remove dev_valid_name() check from __dev_alloc_name() (bsc#1233749).\n- net: remove else after return in dev_prep_valid_name() (bsc#1233749).\n- net: rose: lock the socket in rose_bind() (git-fixes).\n- net: sfc: Correct key_len for efx_tc_ct_zone_ht_params (git-fixes).\n- net: smc: fix spurious error message from __sock_release() (bsc#1237126).\n- net: trust the bitmap in __dev_alloc_name() (bsc#1233749).\n- net: usb: usbnet: restore usb%d name exception for local mac addresses (bsc#1234480).\n- net: use unrcu_pointer() helper (git-fixes).\n- net: wwan: iosm: Fix hibernation by re-binding the driver around it (stable-fixes).\n- net: wwan: mhi_wwan_mbim: Silence sequence number glitch errors (stable-fixes).\n- net_sched: Prevent creation of classes with TC_H_ROOT (git-fixes).\n- net_sched: sch_sfq: annotate data-races around q-\u003eperturb_period (git-fixes).\n- net_sched: sch_sfq: handle bigger packets (git-fixes).\n- nfsd: clear acl_access/acl_default after releasing them (git-fixes).\n- nouveau/svm: fix missing folio unlock + put after make_device_exclusive_range() (git-fixes).\n- null_blk: Do not allow runt zone with zone capacity smaller then zone size (git-fixes).\n- null_blk: Fix missing mutex_destroy() at module removal (git-fixes).\n- null_blk: Fix the WARNING: modpost: missing MODULE_DESCRIPTION() (git-fixes).\n- null_blk: Print correct max open zones limit in null_init_zoned_dev() (git-fixes).\n- null_blk: Remove usage of the deprecated ida_simple_xx() API (git-fixes).\n- null_blk: do not cap max_hw_sectors to BLK_DEF_MAX_SECTORS (git-fixes).\n- null_blk: fix validation of block size (git-fixes).\n- nvme-fc: do not ignore connectivity loss during connecting (git-fixes bsc#1222649).\n- nvme-fc: go straight to connecting state when initializing (git-fixes bsc#1222649).\n- nvme-fc: rely on state transitions to handle connectivity loss (git-fixes bsc#1222649).\n- nvme-fc: use ctrl state getter (git-fixes).\n- nvme-ioctl: fix leaked requests on mapping error (git-fixes).\n- nvme-pci: Add TUXEDO IBP Gen9 to Samsung sleep quirk (git-fixes).\n- nvme-pci: Add TUXEDO InfinityFlex to Samsung sleep quirk (git-fixes).\n- nvme-pci: quirk Acer FA100 for non-uniqueue identifiers (git-fixes).\n- nvme-pci: remove stale comment (git-fixes).\n- nvme-pci: use block layer helpers to calculate num of queues (bsc#1236897).\n- nvme-tcp: Fix a C2HTermReq error message (git-fixes).\n- nvme-tcp: add basic support for the C2HTermReq PDU (git-fixes).\n- nvme-tcp: fix connect failure on receiving partial ICResp PDU (git-fixes).\n- nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu() (git-fixes).\n- nvme-tcp: fix signedness bug in nvme_tcp_init_connection() (git-fixes).\n- nvme/ioctl: add missing space in err message (git-fixes).\n- nvme: handle connectivity loss in nvme_set_queue_count (git-fixes).\n- nvme: introduce nvme_disk_is_ns_head helper (git-fixes).\n- nvme: make nvme_tls_attrs_group static (git-fixes).\n- nvme: move error logging from nvme_end_req() to __nvme_end_req() (git-fixes).\n- nvme: move passthrough logging attribute to head (git-fixes).\n- nvme: only allow entering LIVE from CONNECTING state (git-fixes bsc#1222649).\n- nvme: replace blk_mq_pci_map_queues with blk_mq_map_hw_queues (bsc#1236896).\n- nvme: tcp: Fix compilation warning with W=1 (git-fixes).\n- nvmet-fc: Remove unused functions (git-fixes).\n- nvmet-rdma: recheck queue state is LIVE in state lock in recv done (git-fixes).\n- nvmet-tcp: Fix a possible sporadic response drops in weakly ordered arch (git-fixes).\n- nvmet: Fix crash when a namespace is disabled (git-fixes).\n- nvmet: remove old function prototype (git-fixes).\n- ocfs2: check dir i_size in ocfs2_find_entry (git-fixes).\n- ocfs2: fix deadlock in ocfs2_get_system_file_inode (git-fixes).\n- ocfs2: fix incorrect CPU endianness conversion causing mount failure (bsc#1236138).\n- ocfs2: handle a symlink read error correctly (git-fixes).\n- ocfs2: mark dquot as inactive if failed to start trans while releasing dquot (git-fixes).\n- ocfs2: update seq_file index in ocfs2_dlm_seq_next (git-fixes).\n- orangefs: fix a oob in orangefs_debug_write (git-fixes).\n- padata: Clean up in padata_do_multithreaded() (bsc#1237563).\n- padata: Honor the caller\u0027s alignment in case of chunk_size 0 (bsc#1237563).\n- padata: fix sysfs store callback check (git-fixes).\n- partitions: ldm: remove the initial kernel-doc notation (git-fixes).\n- partitions: mac: fix handling of bogus partition table (git-fixes).\n- phy: exynos5-usbdrd: fix MPLL_MULTIPLIER and SSC_REFCLKSEL masks in refclk (git-fixes).\n- phy: rockchip: naneng-combphy: compatible reset with old DT (git-fixes).\n- phy: tegra: xusb: reset VBUS \u0026 ID OVERRIDE (git-fixes).\n- pinctrl: bcm281xx: Fix incorrect regmap max_registers value (git-fixes).\n- pinctrl: cy8c95x0: Respect IRQ trigger settings from firmware (git-fixes).\n- pinctrl: intel: Fix wrong bypass assignment in intel_pinctrl_probe_pwm() (git-fixes).\n- pinctrl: qcom: Clear latched interrupt status when changing IRQ type (git-fixes).\n- pinctrl: renesas: rza2: Fix missing of_node_put() call (git-fixes).\n- pinctrl: renesas: rzv2m: Fix missing of_node_put() call (git-fixes).\n- pinctrl: tegra: Set SFIO mode to Mux Register (git-fixes).\n- platform/x86/intel-uncore-freq: Ignore minor version change (bsc#1237452).\n- platform/x86/intel-uncore-freq: Increase minor number support (bsc#1237452).\n- platform/x86/intel/tpmi: Add defines to get version information (bsc#1237452).\n- platform/x86/intel: pmc: fix ltr decode in pmc_core_ltr_show() (stable-fixes).\n- platform/x86: ISST: Ignore minor version change (bsc#1237452).\n- platform/x86: acer-wmi: Ignore AC events (stable-fixes).\n- platform/x86: dell-ddv: Fix temperature calculation (git-fixes).\n- platform/x86: int3472: Check for adev == NULL (stable-fixes).\n- platform/x86: thinkpad_acpi: Add battery quirk for ThinkPad X131e (stable-fixes).\n- platform/x86: thinkpad_acpi: Fix invalid fan speed on ThinkPad X120e (stable-fixes).\n- platform/x86: thinkpad_acpi: Support for V9 DYTC platform profiles (stable-fixes).\n- pnfs/flexfiles: retry getting layout segment for reads (git-fixes).\n- power: supply: da9150-fg: fix potential overflow (git-fixes).\n- power: supply: max77693: Fix wrong conversion of charge input threshold value (git-fixes).\n- powerpc/64s/mm: Move __real_pte stubs into hash-4k.h (bsc#1215199).\n- powerpc/64s: Rewrite __real_pte() and __rpte_to_hidx() as static inline (bsc#1215199).\n- powerpc/code-patching: Disable KASAN report during patching via temporary mm (bsc#1215199).\n- powerpc/code-patching: Fix KASAN hit by not flagging text patching area as VM_ALLOC (bsc#1215199).\n- powerpc/pseries/eeh: Fix pseries_eeh_err_inject (bsc#1239573).\n- powerpc/pseries/eeh: move pseries_eeh_err_inject() outside CONFIG_DEBUG_FS block (bsc#1239573).\n- powerpc/pseries/iommu: Split Dynamic DMA Window to be used in Hybrid mode (ltc#210895 bsc#1235933 ltc#210896\n bsc#1235932).\n- powerpc/pseries/iommu: memory notifier incorrectly adds TCEs for pmemory (bsc#1239167 ltc#211055).\n- powerpc/trace: Add support for HAVE_FUNCTION_ARG_ACCESS_API (bsc#1236967 ltc#210988).\n- powerpc: Stop using no_llseek (bsc#1239573).\n- printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX (bsc#1237950).\n- r8169: enable SG/TSO on selected chip versions per default (bsc#1235874).\n- rapidio: add check for rio_add_net() in rio_scan_alloc_net() (git-fixes).\n- rapidio: fix an API misues when rio_add_net() fails (git-fixes).\n- rbd: do not assume RBD_LOCK_STATE_LOCKED for exclusive mappings (git-fixes).\n- rbd: do not assume rbd_is_lock_owner() for exclusive mappings (git-fixes).\n- rbd: do not move requests to the running list on errors (git-fixes).\n- rbd: rename RBD_LOCK_STATE_RELEASING and releasing_wait (git-fixes).\n- regmap-irq: Add missing kfree() (git-fixes).\n- regulator: check that dummy regulator has been probed before using it (stable-fixes).\n- regulator: core: Fix deadlock in create_regulator() (git-fixes).\n- regulator: dummy: force synchronous probing (git-fixes).\n- rndis_host: Flag RNDIS modems as WWAN devices (git-fixes).\n- rpm/kernel-docs.spec.in: Workaround for reproducible builds (bsc#1238303)\n- rpm/release-projects: Update the ALP projects again (bsc#1231293).\n- rpm/split-modules: Fix optional splitting with usrmerge (bsc#1238570)\n- s390/cio: rename bitmap_size() -\u003e idset_bitmap_size() (git-fixes bsc#1236205).\n- s390/futex: Fix FUTEX_OP_ANDN implementation (git-fixes bsc#1237158).\n- s390/iucv: fix receive buffer virtual vs physical address confusion (git-fixes bsc#1236200).\n- s390/pci: Fix SR-IOV for PFs initially in standby (git-fixes bsc#1236752).\n- s390/pci: Fix handling of isolated VFs (git-fixes bsc#1238368).\n- s390/pci: Fix leak of struct zpci_dev when zpci_add_device() fails (bsc#1236752).\n- s390/pci: Ignore RID for isolated VFs (bsc#1236752).\n- s390/pci: Pull search for parent PF out of zpci_iov_setup_virtfn() (git-fixes bsc#1238368).\n- s390/pci: Sort PCI functions prior to creating virtual busses (bsc#1236752).\n- s390/pci: Use topology ID for multi-function devices (bsc#1236752).\n- s390/smp,mcck: fix early IPI handling (git-fixes bsc#1236199).\n- s390/stackleak: Use exrl instead of ex in __stackleak_poison() (git-fixes bsc#1239594).\n- s390/topology: Improve topology detection (bsc#1236591).\n- s390/traps: Fix test_monitor_call() inline assembly (git-fixes bsc#1239595).\n- s390/vfio-ap: Remove gmap_convert_to_secure() from vfio_ap_ops (git-fixes bsc#1236203).\n- sched/membarrier: Fix redundant load of membarrier_state (bsc#1232743).\n- scripts/gdb: fix aarch64 userspace detection in get_current_task (stable-fixes).\n- scsi: core: Clear driver private data when retrying request (git-fixes).\n- scsi: core: Do not retry I/Os during depopulation (git-fixes).\n- scsi: core: Handle depopulation and restoration in progress (git-fixes).\n- scsi: hisi_sas: Allocate DFX memory during dump trigger (git-fixes).\n- scsi: hisi_sas: Directly call register snapshot instead of using workqueue (git-fixes).\n- scsi: hisi_sas: Enable all PHYs that are not disabled by user during controller reset (git-fixes).\n- scsi: hisi_sas: Fix a deadlock issue related to automatic dump (git-fixes).\n- scsi: hisi_sas: Remove redundant checks for automatic debugfs dump (git-fixes).\n- scsi: iscsi: Fix redundant response for ISCSI_UEVENT_GET_HOST_STATS request (git-fixes).\n- scsi: lpfc: Copyright updates for 14.4.0.8 patches (bsc#1238347).\n- scsi: lpfc: Free phba irq in lpfc_sli4_enable_msi() when pci_irq_vector() fails (bsc#1238347).\n- scsi: lpfc: Handle duplicate D_IDs in ndlp search-by D_ID routine (bsc#1238347).\n- scsi: lpfc: Ignore ndlp rport mismatch in dev_loss_tmo callbk (bsc#1238347).\n- scsi: lpfc: Reduce log message generation during ELS ring clean up (bsc#1238347).\n- scsi: lpfc: Update lpfc version to 14.4.0.8 (bsc#1238347).\n- scsi: megaraid_sas: Fix for a potential deadlock (git-fixes).\n- scsi: mpi3mr: Fix possible crash when setting up bsg fails (git-fixes).\n- scsi: mpi3mr: Start controller indexing from 0 (git-fixes).\n- scsi: mpi3mr: Use ida to manage mrioc ID (git-fixes).\n- scsi: mpt3sas: Diag-Reset when Doorbell-In-Use bit is set during driver load time (jsc#PED-11253).\n- scsi: myrb: Remove dead code (git-fixes).\n- scsi: qedi: Fix potential deadlock on \u0026qedi_percpu-\u003ep_work_lock (git-fixes).\n- scsi: qla1280: Fix hw revision numbering for ISP1020/1040 (git-fixes).\n- scsi: replace blk_mq_pci_map_queues with blk_mq_map_hw_queues (bsc#1236896).\n- scsi: scsi_debug: Fix hrtimer support for ndelay (git-fixes).\n- scsi: sg: Enable runtime power management (git-fixes).\n- scsi: st: Add MTIOCGET and MTLOAD to ioctls allowed after device reset (git-fixes).\n- scsi: st: Do not modify unknown block number in MTIOCGET (git-fixes).\n- scsi: storvsc: Set correct data length for sending SCSI command without payload (git-fixes).\n- scsi: use block layer helpers to calculate num of queues (bsc#1236897).\n- selftest: hugetlb_dio: fix test naming (git-fixes).\n- selftest: mm: Test if hugepage does not get leaked during __bio_release_pages() (git-fixes).\n- selftests/bpf: Fix flaky selftest lwt_redirect/lwt_reroute (git-fixes).\n- selftests/bpf: Fix flaky test btf_map_in_map/lookup_update (git-fixes).\n- selftests/bpf: Prevent client connect before server bind in test_tc_tunnel.sh (git-fixes).\n- selftests/bpf: add fp-leaking precise subprog result tests (git-fixes).\n- selftests/futex: pass _GNU_SOURCE without a value to the compiler (git-fixes).\n- selftests/mm/cow: fix the incorrect error handling (git-fixes).\n- selftests/net/ipsec: Fix Null pointer dereference in rtattr_pack() (stable-fixes).\n- selftests/x86/syscall: Fix coccinelle WARNING recommending the use of ARRAY_SIZE() (git-fixes).\n- selftests: gpio: gpio-sim: Fix missing chip disablements (stable-fixes).\n- selftests: hugetlb_dio: check for initial conditions to skip in the start (git-fixes).\n- selftests: hugetlb_dio: fixup check for initial conditions to skip in the start (git-fixes).\n- selftests: mptcp: close fd_in before returning in main_loop (git-fixes).\n- selftests: mptcp: connect: -f: no reconnect (git-fixes).\n- selftests: mptcp: fix incorrect fd checks in main_loop (git-fixes).\n- selftests: rtnetlink: update netdevsim ipsec output format (stable-fixes).\n- seq_file: add helper macro to define attribute for rw file (jsc#PED-12416).\n- serial: 8250: Fix fifo underflow on flush (git-fixes).\n- serial: sc16is7xx: use device_property APIs when configuring irda mode (stable-fixes).\n- slimbus: messaging: Free transaction ID in delayed interrupt scenario (git-fixes).\n- smb3: fix creating FIFOs when mounting with \"sfu\" mount option (git-fixes).\n- smb3: request handle caching when caching directories (bsc#1231432).\n- smb3: retrying on failed server close (bsc#1231432).\n- smb: cached directories can be more than root file handle (bsc#1231432).\n- smb: cilent: set reparse mount points as automounts (git-fixes).\n- smb: client: Fix a NULL vs IS_ERR() check in wsl_set_xattrs() (git-fixes).\n- smb: client: Fix minor whitespace errors and warnings (git-fixes).\n- smb: client: Fix netns refcount imbalance causing leaks and use-after-free (git-fixes).\n- smb: client: add support for WSL reparse points (git-fixes).\n- smb: client: allow creating special files via reparse points (git-fixes).\n- smb: client: allow creating symlinks via reparse points (git-fixes).\n- smb: client: cleanup smb2_query_reparse_point() (git-fixes).\n- smb: client: destroy cfid_put_wq on module exit (git-fixes).\n- smb: client: do not query reparse points twice on symlinks (git-fixes).\n- smb: client: extend smb2_compound_op() to accept more commands (bsc#1231432).\n- smb: client: fix OOB in SMB2_query_info_init() (bsc#1231432).\n- smb: client: fix OOB in smb2_query_reparse_point() (git-fixes).\n- smb: client: fix corruption in cifs_extend_writeback (bsc#1235609).\n- smb: client: fix double put of @cfile in smb2_rename_path() (git-fixes).\n- smb: client: fix double put of @cfile in smb2_set_path_size() (git-fixes).\n- smb: client: fix hardlinking of reparse points (git-fixes).\n- smb: client: fix missing mode bits for SMB symlinks (git-fixes).\n- smb: client: fix possible double free in smb2_set_ea() (git-fixes).\n- smb: client: fix potential broken compound request (git-fixes).\n- smb: client: fix renaming of reparse points (git-fixes).\n- smb: client: get rid of smb311_posix_query_path_info() (git-fixes).\n- smb: client: handle STATUS_IO_REPARSE_TAG_NOT_HANDLED (git-fixes).\n- smb: client: handle lack of FSCTL_GET_REPARSE_POINT support (git-fixes).\n- smb: client: handle path separator of created SMB symlinks (git-fixes).\n- smb: client: handle special files and symlinks in SMB3 POSIX (git-fixes).\n- smb: client: ignore unhandled reparse tags (git-fixes).\n- smb: client: implement -\u003equery_reparse_point() for SMB1 (git-fixes).\n- smb: client: instantiate when creating SFU files (git-fixes).\n- smb: client: introduce -\u003eparse_reparse_point() (git-fixes).\n- smb: client: introduce SMB2_OP_QUERY_WSL_EA (git-fixes).\n- smb: client: introduce cifs_sfu_make_node() (git-fixes).\n- smb: client: introduce reparse mount option (git-fixes).\n- smb: client: make smb2_compound_op() return resp buffer on success (bsc#1231432).\n- smb: client: move most of reparse point handling code to common file (git-fixes).\n- smb: client: move some params to cifs_open_info_data (bsc#1231432).\n- smb: client: optimise reparse point querying (git-fixes).\n- smb: client: parse owner/group when creating reparse points (git-fixes).\n- smb: client: parse reparse point flag in create response (bsc#1231432).\n- smb: client: parse uid, gid, mode and dev from WSL reparse points (git-fixes).\n- smb: client: properly close cfids on umount (bsc#1231432, bsc#1232299, bsc#1235599, bsc#1234896).\n- smb: client: reduce number of parameters in smb2_compound_op() (git-fixes).\n- smb: client: reduce stack usage in smb2_query_info_compound() (bsc#1231432).\n- smb: client: reduce stack usage in smb2_query_reparse_point() (git-fixes).\n- smb: client: reduce stack usage in smb2_set_ea() (bsc#1231432).\n- smb: client: retry compound request without reusing lease (git-fixes).\n- smb: client: return reparse type in /proc/mounts (git-fixes).\n- smb: client: reuse file lease key in compound operations (git-fixes).\n- smb: client: set correct d_type for reparse DFS/DFSR and mount point (git-fixes).\n- smb: client: set correct file type from NFS reparse points (git-fixes).\n- smb: client: stop revalidating reparse points unnecessarily (git-fixes).\n- smb: use kernel_connect() and kernel_bind() (git-fixes).\n- soc/mediatek: mtk-devapc: Convert to platform remove callback returning void (stable-fixes).\n- soc/tegra: fuse: Update Tegra234 nvmem keepout list (stable-fixes).\n- soc: imx8m: Remove global soc_uid (stable-fixes).\n- soc: imx8m: Unregister cpufreq and soc dev in cleanup path (git-fixes).\n- soc: imx8m: Use devm_* to simplify probe failure handling (stable-fixes).\n- soc: loongson: loongson2_guts: Add check for devm_kstrdup() (git-fixes).\n- soc: mediatek: mt8167-mmsys: Fix missing regval in all entries (git-fixes).\n- soc: mediatek: mt8365-mmsys: Fix routing table masks and values (git-fixes).\n- soc: mediatek: mtk-devapc: Fix leaking IO map on driver remove (git-fixes).\n- soc: qcom: pdr: Fix the potential deadlock (git-fixes).\n- soc: qcom: smem: introduce qcom_smem_get_soc_id() (git-fixes).\n- soc: qcom: socinfo: move SMEM item struct and defines to a header (git-fixes).\n- soc: samsung: exynos-chipid: Add NULL pointer check in exynos_chipid_probe() (git-fixes).\n- soundwire: slave: fix an OF node reference leak in soundwire slave device (git-fixes).\n- spi: atmel-qspi: Memory barriers after memory-mapped I/O (git-fixes).\n- spi: atmel-quadspi: Create `atmel_qspi_ops` to support newer SoC families (stable-fixes).\n- spi: cadence-qspi: Fix probe on AM62A LP SK (git-fixes).\n- spi: microchip-core: Clean up redundant dev_err_probe() (git-fixes).\n- spi: microchip-core: Use helper function devm_clk_get_enabled() (git-fixes).\n- spi: sn-f-ospi: Fix division by zero (git-fixes).\n- splice: do not checksum AF_UNIX sockets (bsc#1240333).\n- sunrpc: suppress warnings for unused procfs functions (git-fixes).\n- supported.conf: add now-included qat_420xx (external, intel)\n- tcp: Add memory barrier to tcp_push() (git-fixes).\n- tcp: Adjust clamping window for applications specifying SO_RCVBUF (git-fixes).\n- tcp: Annotate data-race around sk-\u003esk_mark in tcp_v4_send_reset (git-fixes).\n- tcp: Defer ts_recent changes until req is owned (git-fixes).\n- tcp: Do not drop SYN+ACK for simultaneous connect() (git-fixes).\n- tcp: Fix NEW_SYN_RECV handling in inet_twsk_purge() (git-fixes).\n- tcp: Fix bind() regression for v6-only wildcard and v4(-mapped-v6) non-wildcard addresses (git-fixes).\n- tcp: Update window clamping condition (git-fixes).\n- tcp: add tcp_done_with_error() helper (git-fixes).\n- tcp: adjust rcvq_space after updating scaling ratio (git-fixes).\n- tcp: annotate data-races around tp-\u003ewindow_clamp (git-fixes).\n- tcp: avoid premature drops in tcp_add_backlog() (git-fixes).\n- tcp: avoid reusing FIN_WAIT2 when trying to find port in connect() process (git-fixes).\n- tcp: check mptcp-level constraints for backlog coalescing (git-fixes).\n- tcp: check space before adding MPTCP SYN options (git-fixes).\n- tcp: clear tp-\u003eretrans_stamp in tcp_rcv_fastopen_synack() (git-fixes).\n- tcp: count CLOSE-WAIT sockets for TCP_MIB_CURRESTAB (git-fixes).\n- tcp: define initial scaling factor value as a macro (git-fixes).\n- tcp: derive delack_max from rto_min (git-fixes).\n- tcp: fix TFO SYN_RECV to not zero retrans_stamp with retransmits out (git-fixes).\n- tcp: fix cookie_init_timestamp() overflows (git-fixes).\n- tcp: fix forever orphan socket caused by tcp_abort (git-fixes).\n- tcp: fix incorrect parameter validation in the do_tcp_getsockopt() function (git-fixes).\n- tcp: fix incorrect undo caused by DSACK of TLP retransmit (git-fixes).\n- tcp: fix mid stream window clamp (git-fixes).\n- tcp: fix race in tcp_v6_syn_recv_sock() (git-fixes).\n- tcp: fix race in tcp_write_err() (git-fixes).\n- tcp: fix races in tcp_abort() (git-fixes).\n- tcp: fix races in tcp_v_err() (git-fixes).\n- tcp: fix tcp_enter_recovery() to zero retrans_stamp when it\u0027s safe (git-fixes).\n- tcp: fix tcp_rcv_fastopen_synack() to enter TCP_CA_Loss for failed TFO (git-fixes).\n- tcp: fix to allow timestamp undo if no retransmits were sent (git-fixes).\n- tcp: increase the default TCP scaling ratio (git-fixes).\n- tcp: introduce tcp_clock_ms() (git-fixes).\n- tcp: process the 3rd ACK with sk_socket for TFO/MPTCP (git-fixes).\n- tcp: reduce accepted window in NEW_SYN_RECV state (git-fixes).\n- tcp: remove 64 KByte limit for initial tp-\u003ercv_wnd value (git-fixes).\n- tcp: replace tcp_time_stamp_raw() (git-fixes).\n- tg3: Disable tg3 PCIe AER on system reboot (bsc#1219367).\n- thermal/drivers/rockchip: Add missing rk3328 mapping entry (git-fixes).\n- thermal: int340x: Add NULL check for adev (git-fixes).\n- tomoyo: do not emit warning in tomoyo_write_control() (stable-fixes).\n- tools/testing/selftests/bpf/test_tc_tunnel.sh: Fix wait for server bind (git-fixes).\n- tools: fix annoying \"mkdir -p ...\" logs when building tools in parallel (git-fixes).\n- tpm, tpm_tis: Fix timeout handling when waiting for TPM status (git-fixes).\n- tpm: do not start chip while suspended (git-fixes).\n- tpm: send_data: Wait longer for the TPM to become ready (bsc#1235870).\n- tty: xilinx_uartps: split sysrq handling (git-fixes).\n- ubi: Add a check for ubi_num (git-fixes).\n- ubi: block: Fix use-after-free in ubiblock_cleanup (git-fixes).\n- ubi: block: fix null-pointer-dereference in ubiblock_create() (git-fixes).\n- ubi: correct the calculation of fastmap size (stable-fixes).\n- ubi: eba: properly rollback inside self_check_eba (git-fixes).\n- ubi: fastmap: Fix missed ec updating after erasing old fastmap data block (git-fixes).\n- ubi: fastmap: may_reserve_for_fm: Do not reserve PEB if fm_anchor exists (git-fixes).\n- ubi: fastmap: wl: Schedule fm_work if wear-leveling pool is empty (git-fixes).\n- ubi: wl: Put source PEB into correct list if trying locking LEB failed (git-fixes).\n- ublk: fix error code for unsupported command (git-fixes).\n- ublk: fix ublk_ch_mmap() for 64K page size (git-fixes).\n- ublk: move ublk_cancel_dev() out of ub-\u003emutex (git-fixes).\n- ublk: move zone report data out of request pdu (git-fixes).\n- usb: atm: cxacru: fix a flaw in existing endpoint checks (git-fixes).\n- usb: cdc-acm: Check control transfer buffer size before access (git-fixes).\n- usb: cdc-acm: Fix handling of oversized fragments (git-fixes).\n- usb: chipidea: ci_hdrc_imx: decrement device\u0027s refcount in .remove() and in the error path of .probe() (git-fixes).\n- usb: core: fix pipe creation for get_bMaxPacketSize0 (git-fixes).\n- usb: dwc2: gadget: remove of_node reference upon udc_stop (git-fixes).\n- usb: dwc3: Fix timeout issue during controller enter/exit from halt state (git-fixes).\n- usb: dwc3: core: Defer the probe until USB power supply ready (git-fixes).\n- usb: dwc3: gadget: Prevent irq storm when TH re-executes (git-fixes).\n- usb: gadget: Check bmAttributes only if configuration is valid (git-fixes).\n- usb: gadget: Fix setting self-powered state on suspend (git-fixes).\n- usb: gadget: Set self-powered based on MaxPower and bmAttributes (git-fixes).\n- usb: gadget: core: flush gadget workqueue after device removal (git-fixes).\n- usb: gadget: f_midi: Fixing wMaxPacketSize exceeded issue during MIDI bind retries (git-fixes).\n- usb: gadget: f_midi: fix MIDI Streaming descriptor lengths (git-fixes).\n- usb: gadget: u_ether: Set is_suspend flag if remote wakeup fails (git-fixes).\n- usb: gadget: udc: renesas_usb3: Fix compiler warning (git-fixes).\n- usb: hub: lack of clearing xHC resources (git-fixes).\n- usb: phy: generic: Use proper helper for property detection (stable-fixes).\n- usb: quirks: Add DELAY_INIT and NO_LPM for Prolific Mass Storage Card Reader (stable-fixes).\n- usb: quirks: Add NO_LPM quirk for TOSHIBA TransMemory-Mx device (git-fixes).\n- usb: renesas_usbhs: Call clk_put() (git-fixes).\n- usb: renesas_usbhs: Flush the notify_hotplug_work (git-fixes).\n- usb: renesas_usbhs: Use devm_usb_get_phy() (git-fixes).\n- usb: roles: set switch registered flag early on (git-fixes).\n- usb: typec: tcpci_rt1711h: Unmask alert interrupts to fix functionality (git-fixes).\n- usb: typec: ucsi: Fix NULL pointer access (git-fixes).\n- usb: typec: ucsi: increase timeout for PPM reset operations (git-fixes).\n- usb: xHCI: add XHCI_RESET_ON_RESUME quirk for Phytium xHCI host (git-fixes).\n- usb: xhci: Enable the TRB overfetch quirk on VIA VL805 (git-fixes).\n- usb: xhci: Fix NULL pointer dereference on certain command aborts (git-fixes).\n- usb: xhci: remove \u0027retval\u0027 from xhci_pci_resume() (git-fixes).\n- usbnet: gl620a: fix endpoint checking in genelink_bind() (git-fixes).\n- usbnet: ipheth: document scope of NCM implementation (stable-fixes).\n- util_macros.h: fix/rework find_closest() macros (git-fixes).\n- vboxsf: fix building with GCC 15 (stable-fixes).\n- vfio/pci: Lock external INTx masking ops (bsc#1222803).\n- vhost/net: Set num_buffers for virtio 1.0 (git-fixes).\n- virtio-mem: check if the config changed before fake offlining memory (git-fixes).\n- virtio-mem: convert most offline_and_remove_memory() errors to -EBUSY (git-fixes).\n- virtio-mem: keep retrying on offline_and_remove_memory() errors in Sub Block Mode (SBM) (git-fixes).\n- virtio-mem: remove unsafe unplug in Big Block Mode (BBM) (git-fixes).\n- virtio: blk/scsi: replace blk_mq_virtio_map_queues with blk_mq_map_hw_queues (bsc#1236896).\n- virtio: blk/scsi: use block layer helpers to calculate num of queues (bsc#1236897).\n- virtio: hookup irq_get_affinity callback (bsc#1236896).\n- virtio_blk: reverse request order in virtio_queue_rqs (git-fixes).\n- vsock/virtio: cancel close work in the destructor (git-fixes)\n- vsock: Keep the binding until socket destruction (git-fixes)\n- vsock: reset socket state when de-assigning the transport (git-fixes)\n- wifi: ath11k: Clear affinity hint before calling ath11k_pcic_free_irq() in error path (git-fixes).\n- wifi: ath11k: add srng-\u003elock for ath11k_hal_srng_* in monitor mode (git-fixes).\n- wifi: ath11k: choose default PM policy for hibernation (bsc#1207948).\n- wifi: ath11k: determine PM policy based on machine model (bsc#1207948).\n- wifi: ath11k: fix RCU stall while reaping monitor destination ring (git-fixes).\n- wifi: ath11k: fix wrong overriding for VHT Beamformee STS Capability (git-fixes).\n- wifi: ath11k: introduce ath11k_core_continue_suspend_resume() (bsc#1207948).\n- wifi: ath11k: refactor ath11k_core_suspend/_resume() (bsc#1207948).\n- wifi: ath11k: support non-WoWLAN mode suspend as well (bsc#1207948).\n- wifi: ath12k: Clear affinity hint before calling ath12k_pci_free_irq() in error path (git-fixes).\n- wifi: ath12k: encode max Tx power in scan channel list command (git-fixes).\n- wifi: ath12k: fix handling of 6 GHz rules (git-fixes).\n- wifi: ath9k: do not submit zero bytes to the entropy pool (git-fixes).\n- wifi: brcmfmac: Check the return value of of_property_read_string_index() (stable-fixes).\n- wifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize() (stable-fixes).\n- wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() (stable-fixes).\n- wifi: cfg80211: cancel wiphy_work before freeing wiphy (git-fixes).\n- wifi: cfg80211: init wiphy_work before allocating rfkill fails (git-fixes).\n- wifi: cfg80211: regulatory: improve invalid hints checking (git-fixes).\n- wifi: iwlwifi: avoid memory leak (stable-fixes).\n- wifi: iwlwifi: limit printed string from FW file (git-fixes).\n- wifi: iwlwifi: mvm: do not try to talk to a dead firmware (git-fixes).\n- wifi: iwlwifi: mvm: fix PNVM timeout for non-MSI-X platforms (git-fixes).\n- wifi: mac80211: fix integer overflow in hwmp_route_info_get() (git-fixes).\n- wifi: mt76: Add check for devm_kstrdup() (git-fixes).\n- wifi: mt76: connac: move mt7615_mcu_del_wtbl_all to connac (stable-fixes).\n- wifi: mt76: mt7915: fix omac index assignment after hardware reset (git-fixes).\n- wifi: mt76: mt7915: fix possible integer overflows in mt7915_muru_stats_show() (git-fixes).\n- wifi: mt76: mt7915: improve hardware restart reliability (stable-fixes).\n- wifi: mt76: mt7921u: Add VID/PID for TP-Link TXE50UH (stable-fixes).\n- wifi: mt76: mt7925: ensure wow pattern command align fw format (git-fixes).\n- wifi: mt76: mt7925: fix country count limitation for CLC (git-fixes).\n- wifi: mt76: mt7925: remove unused acpi function for clc (git-fixes).\n- wifi: mwifiex: Fix premature release of RF calibration data (git-fixes).\n- wifi: nl80211: reject cooked mode if it is set along with other flags (git-fixes).\n- wifi: rtl8xxxu: Perform update_beacon_work when beaconing is enabled (git-fixes).\n- wifi: rtw88: sdio: Fix disconnection after beacon loss (stable-fixes).\n- wifi: rtw89: add crystal_cap check to avoid setting as overflow value (stable-fixes).\n- wifi: rtw89: fw: correct debug message format in rtw89_build_txpwr_trk_tbl_from_elm() (git-fixes).\n- wifi: rtw89: pci: correct ISR RDU bit for 8922AE (git-fixes).\n- x86/amd_nb: Fix compile-testing without CONFIG_AMD_NB (git-fixes).\n- x86/apic: Provide apic_force_nmi_on_cpu() (git-fixes).\n- x86/asm: Make serialize() always_inline (git-fixes).\n- x86/boot/32: De-uglify the 2/3 level paging difference in mk_early_pgtbl_32() (git-fixes).\n- x86/boot/32: Disable stackprotector and tracing for mk_early_pgtbl_32() (git-fixes).\n- x86/boot/32: Restructure mk_early_pgtbl_32() (git-fixes).\n- x86/boot/32: Temporarily map initrd for microcode loading (git-fixes).\n- x86/boot: Use __pa_nodebug() in mk_early_pgtbl_32() (git-fixes).\n- x86/bugs: Add SRSO_USER_KERNEL_NO support (git-fixes).\n- x86/coco: Replace \u0027static const cc_mask\u0027 with the newly introduced cc_get_mask() function (git-fixes).\n- x86/cpu/intel: Detect TME keyid bits before setting MTRR mask registers (git-fixes).\n- x86/cpu/kvm: SRSO: Fix possible missing IBPB on VM-Exit (git-fixes).\n- x86/cpu: Add Lunar Lake to list of CPUs with a broken MONITOR implementation (git-fixes).\n- x86/cpu: Allow reducing x86_phys_bits during early_identify_cpu() (git-fixes).\n- x86/entry: Add __init to ia32_emulation_override_cmdline() (git-fixes).\n- x86/fpu: Fix guest FPU state buffer allocation size (git-fixes).\n- x86/hyperv/vtl: Stop kernel from probing VTL0 low memory (git-fixes).\n- x86/hyperv: Fix output argument to hypercall that changes page visibility (git-fixes).\n- x86/idle: Disable IBRS when CPU is offline to improve single-threaded performance (git-fixes).\n- x86/microcode/32: Move early loading after paging enable (git-fixes).\n- x86/microcode/amd: Cache builtin microcode too (git-fixes).\n- x86/microcode/amd: Cache builtin/initrd microcode early (git-fixes).\n- x86/microcode/amd: Use cached microcode for AP load (git-fixes).\n- x86/microcode/amd: Use correct per CPU ucode_cpu_info (git-fixes).\n- x86/microcode/intel: Add a minimum required revision for late loading (git-fixes).\n- x86/microcode/intel: Cleanup code further (git-fixes).\n- x86/microcode/intel: Move microcode functions out of cpu/intel.c (git-fixes).\n- x86/microcode/intel: Remove debug code (git-fixes).\n- x86/microcode/intel: Remove pointless mutex (git-fixes).\n- x86/microcode/intel: Rename get_datasize() since its used externally (git-fixes).\n- x86/microcode/intel: Reuse intel_cpu_collect_info() git-fixes).\n- x86/microcode/intel: Rework intel_cpu_collect_info() (git-fixes).\n- x86/microcode/intel: Rework intel_find_matching_signature() (git-fixes).\n- x86/microcode/intel: Rip out mixed stepping support for Intel CPUs (git-fixes).\n- x86/microcode/intel: Save the microcode only after a successful late-load (git-fixes).\n- x86/microcode/intel: Simplify and rename generic_load_microcode() (git-fixes).\n- x86/microcode/intel: Simplify early loading (git-fixes).\n- x86/microcode/intel: Simplify scan_microcode() (git-fixes).\n- x86/microcode/intel: Switch to kvmalloc() (git-fixes).\n- x86/microcode/intel: Unify microcode apply() functions (git-fixes).\n- x86/microcode: Add per CPU control field (git-fixes).\n- x86/microcode: Add per CPU result state (git-fixes).\n- x86/microcode: Clarify the late load logic (git-fixes).\n- x86/microcode: Clean up mc_cpu_down_prep() (git-fixes).\n- x86/microcode: Get rid of the schedule work indirection (git-fixes).\n- x86/microcode: Handle \"nosmt\" correctly (git-fixes).\n- x86/microcode: Handle \"offline\" CPUs correctly (git-fixes).\n- x86/microcode: Hide the config knob (git-fixes).\n- x86/microcode: Include vendor headers into microcode.h (git-fixes).\n- x86/microcode: Make reload_early_microcode() static (git-fixes).\n- x86/microcode: Mop up early loading leftovers (git-fixes).\n- x86/microcode: Move core specific defines to local header (git-fixes).\n- x86/microcode: Prepare for minimal revision check (git-fixes).\n- x86/microcode: Protect against instrumentation (git-fixes).\n- x86/microcode: Provide CONFIG_MICROCODE_INITRD32 (git-fixes).\n- x86/microcode: Provide new control functions (git-fixes).\n- x86/microcode: Remove microcode_mutex (git-fixes).\n- x86/microcode: Remove pointless apply() invocation (git-fixes).\n- x86/microcode: Rendezvous and load in NMI (git-fixes).\n- x86/microcode: Replace the all-in-one rendevous handler (git-fixes).\n- x86/microcode: Sanitize __wait_for_cpus() (git-fixes).\n- x86/mm: Carve out INVLPG inline asm for use by others (git-fixes).\n- x86/mm: Remove unused microcode.h include (git-fixes).\n- x86/platform/olpc: Remove unused variable \u0027len\u0027 in olpc_dt_compatible_match() (git-fixes).\n- x86/speculation: Add __update_spec_ctrl() helper (git-fixes).\n- x86/usercopy: Fix kernel-doc func param name in clean_cache_range()\u0027s description (git-fixes).\n- x86/xen: add FRAME_END to xen_hypercall_hvm() (git-fixes).\n- x86/xen: allow larger contiguous memory regions in PV guests (git-fixes).\n- x86/xen: fix xen_hypercall_hvm() to not clobber %rbx (git-fixes).\n- xen/swiotlb: relax alignment requirements (git-fixes).\n- xhci: Apply XHCI_RESET_TO_DEFAULT quirk to TGL (git-fixes).\n- xhci: Cleanup Candence controller PCI device and vendor ID usage (git-fixes).\n- xhci: Combine two if statements for Etron xHCI host (jsc#PED-10701).\n- xhci: Do not issue Reset Device command to Etron xHCI host (jsc#PED-10701).\n- xhci: Do not perform Soft Retry for Etron xHCI host (git-fixes).\n- xhci: dbc: Check for errors first in xhci_dbc_stop() (git-fixes).\n- xhci: dbc: Convert to use sysfs_streq() (git-fixes).\n- xhci: dbc: Drop duplicate checks for dma_free_coherent() (git-fixes).\n- xhci: dbc: Fix STALL transfer event handling (git-fixes).\n- xhci: dbc: Replace custom return value with proper Linux error code (git-fixes).\n- xhci: dbc: Use ATTRIBUTE_GROUPS() (git-fixes).\n- xhci: dbc: Use sysfs_emit() to instead of scnprintf() (git-fixes).\n- xhci: dbgtty: remove kfifo_out() wrapper (git-fixes).\n- xhci: pci: Fix indentation in the PCI device ID definitions (stable-fixes).\n- xhci: pci: Group out Thunderbolt xHCI IDs (git-fixes).\n- xhci: pci: Use PCI_VENDOR_ID_RENESAS (git-fixes).\n- xhci: pci: Use full names in PCI IDs for Intel platforms (git-fixes).\n- xhci: pci: Use standard pattern for device IDs (git-fixes).\n- zram: clear IDLE flag after recompression (git-fixes).\n- zram: clear IDLE flag in mark_idle() (git-fixes).\n- zram: do not mark idle slots that cannot be idle (git-fixes).\n- zram: fix potential UAF of zram table (git-fixes).\n- zram: fix uninitialized ZRAM not releasing backing device (git-fixes).\n- zram: refuse to use zero sized block device as backing device (git-fixes).\n- zram: split memory-tracking and ac-time tracking (git-fixes).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.1-kernel-8",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_20260-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:20260-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202520260-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:20260-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021058.html"
},
{
"category": "self",
"summary": "SUSE Bug 1012628",
"url": "https://bugzilla.suse.com/1012628"
},
{
"category": "self",
"summary": "SUSE Bug 1207948",
"url": "https://bugzilla.suse.com/1207948"
},
{
"category": "self",
"summary": "SUSE Bug 1215199",
"url": "https://bugzilla.suse.com/1215199"
},
{
"category": "self",
"summary": "SUSE Bug 1215211",
"url": "https://bugzilla.suse.com/1215211"
},
{
"category": "self",
"summary": "SUSE Bug 1218470",
"url": "https://bugzilla.suse.com/1218470"
},
{
"category": "self",
"summary": "SUSE Bug 1219367",
"url": "https://bugzilla.suse.com/1219367"
},
{
"category": "self",
"summary": "SUSE Bug 1221651",
"url": "https://bugzilla.suse.com/1221651"
},
{
"category": "self",
"summary": "SUSE Bug 1222649",
"url": "https://bugzilla.suse.com/1222649"
},
{
"category": "self",
"summary": "SUSE Bug 1222672",
"url": "https://bugzilla.suse.com/1222672"
},
{
"category": "self",
"summary": "SUSE Bug 1222803",
"url": "https://bugzilla.suse.com/1222803"
},
{
"category": "self",
"summary": "SUSE Bug 1223047",
"url": "https://bugzilla.suse.com/1223047"
},
{
"category": "self",
"summary": "SUSE Bug 1224049",
"url": "https://bugzilla.suse.com/1224049"
},
{
"category": "self",
"summary": "SUSE Bug 1224489",
"url": "https://bugzilla.suse.com/1224489"
},
{
"category": "self",
"summary": "SUSE Bug 1224610",
"url": "https://bugzilla.suse.com/1224610"
},
{
"category": "self",
"summary": "SUSE Bug 1225533",
"url": "https://bugzilla.suse.com/1225533"
},
{
"category": "self",
"summary": "SUSE Bug 1225606",
"url": "https://bugzilla.suse.com/1225606"
},
{
"category": "self",
"summary": "SUSE Bug 1225742",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "self",
"summary": "SUSE Bug 1225770",
"url": "https://bugzilla.suse.com/1225770"
},
{
"category": "self",
"summary": "SUSE Bug 1225981",
"url": "https://bugzilla.suse.com/1225981"
},
{
"category": "self",
"summary": "SUSE Bug 1226871",
"url": "https://bugzilla.suse.com/1226871"
},
{
"category": "self",
"summary": "SUSE Bug 1227858",
"url": "https://bugzilla.suse.com/1227858"
},
{
"category": "self",
"summary": "SUSE Bug 1227937",
"url": "https://bugzilla.suse.com/1227937"
},
{
"category": "self",
"summary": "SUSE Bug 1228521",
"url": "https://bugzilla.suse.com/1228521"
},
{
"category": "self",
"summary": "SUSE Bug 1228653",
"url": "https://bugzilla.suse.com/1228653"
},
{
"category": "self",
"summary": "SUSE Bug 1229311",
"url": "https://bugzilla.suse.com/1229311"
},
{
"category": "self",
"summary": "SUSE Bug 1229361",
"url": "https://bugzilla.suse.com/1229361"
},
{
"category": "self",
"summary": "SUSE Bug 1230235",
"url": "https://bugzilla.suse.com/1230235"
},
{
"category": "self",
"summary": "SUSE Bug 1230438",
"url": "https://bugzilla.suse.com/1230438"
},
{
"category": "self",
"summary": "SUSE Bug 1230439",
"url": "https://bugzilla.suse.com/1230439"
},
{
"category": "self",
"summary": "SUSE Bug 1230497",
"url": "https://bugzilla.suse.com/1230497"
},
{
"category": "self",
"summary": "SUSE Bug 1230728",
"url": "https://bugzilla.suse.com/1230728"
},
{
"category": "self",
"summary": "SUSE Bug 1230769",
"url": "https://bugzilla.suse.com/1230769"
},
{
"category": "self",
"summary": "SUSE Bug 1230832",
"url": "https://bugzilla.suse.com/1230832"
},
{
"category": "self",
"summary": "SUSE Bug 1231088",
"url": "https://bugzilla.suse.com/1231088"
},
{
"category": "self",
"summary": "SUSE Bug 1231293",
"url": "https://bugzilla.suse.com/1231293"
},
{
"category": "self",
"summary": "SUSE Bug 1231432",
"url": "https://bugzilla.suse.com/1231432"
},
{
"category": "self",
"summary": "SUSE Bug 1231912",
"url": "https://bugzilla.suse.com/1231912"
},
{
"category": "self",
"summary": "SUSE Bug 1231920",
"url": "https://bugzilla.suse.com/1231920"
},
{
"category": "self",
"summary": "SUSE Bug 1231949",
"url": "https://bugzilla.suse.com/1231949"
},
{
"category": "self",
"summary": "SUSE Bug 1232159",
"url": "https://bugzilla.suse.com/1232159"
},
{
"category": "self",
"summary": "SUSE Bug 1232198",
"url": "https://bugzilla.suse.com/1232198"
},
{
"category": "self",
"summary": "SUSE Bug 1232201",
"url": "https://bugzilla.suse.com/1232201"
},
{
"category": "self",
"summary": "SUSE Bug 1232299",
"url": "https://bugzilla.suse.com/1232299"
},
{
"category": "self",
"summary": "SUSE Bug 1232364",
"url": "https://bugzilla.suse.com/1232364"
},
{
"category": "self",
"summary": "SUSE Bug 1232389",
"url": "https://bugzilla.suse.com/1232389"
},
{
"category": "self",
"summary": "SUSE Bug 1232421",
"url": "https://bugzilla.suse.com/1232421"
},
{
"category": "self",
"summary": "SUSE Bug 1232508",
"url": "https://bugzilla.suse.com/1232508"
},
{
"category": "self",
"summary": "SUSE Bug 1232520",
"url": "https://bugzilla.suse.com/1232520"
},
{
"category": "self",
"summary": "SUSE Bug 1232743",
"url": "https://bugzilla.suse.com/1232743"
},
{
"category": "self",
"summary": "SUSE Bug 1232812",
"url": "https://bugzilla.suse.com/1232812"
},
{
"category": "self",
"summary": "SUSE Bug 1232848",
"url": "https://bugzilla.suse.com/1232848"
},
{
"category": "self",
"summary": "SUSE Bug 1232895",
"url": "https://bugzilla.suse.com/1232895"
},
{
"category": "self",
"summary": "SUSE Bug 1232919",
"url": "https://bugzilla.suse.com/1232919"
},
{
"category": "self",
"summary": "SUSE Bug 1233028",
"url": "https://bugzilla.suse.com/1233028"
},
{
"category": "self",
"summary": "SUSE Bug 1233033",
"url": "https://bugzilla.suse.com/1233033"
},
{
"category": "self",
"summary": "SUSE Bug 1233060",
"url": "https://bugzilla.suse.com/1233060"
},
{
"category": "self",
"summary": "SUSE Bug 1233109",
"url": "https://bugzilla.suse.com/1233109"
},
{
"category": "self",
"summary": "SUSE Bug 1233221",
"url": "https://bugzilla.suse.com/1233221"
},
{
"category": "self",
"summary": "SUSE Bug 1233248",
"url": "https://bugzilla.suse.com/1233248"
},
{
"category": "self",
"summary": "SUSE Bug 1233259",
"url": "https://bugzilla.suse.com/1233259"
},
{
"category": "self",
"summary": "SUSE Bug 1233260",
"url": "https://bugzilla.suse.com/1233260"
},
{
"category": "self",
"summary": "SUSE Bug 1233479",
"url": "https://bugzilla.suse.com/1233479"
},
{
"category": "self",
"summary": "SUSE Bug 1233483",
"url": "https://bugzilla.suse.com/1233483"
},
{
"category": "self",
"summary": "SUSE Bug 1233522",
"url": "https://bugzilla.suse.com/1233522"
},
{
"category": "self",
"summary": "SUSE Bug 1233551",
"url": "https://bugzilla.suse.com/1233551"
},
{
"category": "self",
"summary": "SUSE Bug 1233557",
"url": "https://bugzilla.suse.com/1233557"
},
{
"category": "self",
"summary": "SUSE Bug 1233749",
"url": "https://bugzilla.suse.com/1233749"
},
{
"category": "self",
"summary": "SUSE Bug 1234070",
"url": "https://bugzilla.suse.com/1234070"
},
{
"category": "self",
"summary": "SUSE Bug 1234222",
"url": "https://bugzilla.suse.com/1234222"
},
{
"category": "self",
"summary": "SUSE Bug 1234480",
"url": "https://bugzilla.suse.com/1234480"
},
{
"category": "self",
"summary": "SUSE Bug 1234828",
"url": "https://bugzilla.suse.com/1234828"
},
{
"category": "self",
"summary": "SUSE Bug 1234853",
"url": "https://bugzilla.suse.com/1234853"
},
{
"category": "self",
"summary": "SUSE Bug 1234857",
"url": "https://bugzilla.suse.com/1234857"
},
{
"category": "self",
"summary": "SUSE Bug 1234891",
"url": "https://bugzilla.suse.com/1234891"
},
{
"category": "self",
"summary": "SUSE Bug 1234894",
"url": "https://bugzilla.suse.com/1234894"
},
{
"category": "self",
"summary": "SUSE Bug 1234895",
"url": "https://bugzilla.suse.com/1234895"
},
{
"category": "self",
"summary": "SUSE Bug 1234896",
"url": "https://bugzilla.suse.com/1234896"
},
{
"category": "self",
"summary": "SUSE Bug 1234936",
"url": "https://bugzilla.suse.com/1234936"
},
{
"category": "self",
"summary": "SUSE Bug 1234963",
"url": "https://bugzilla.suse.com/1234963"
},
{
"category": "self",
"summary": "SUSE Bug 1235054",
"url": "https://bugzilla.suse.com/1235054"
},
{
"category": "self",
"summary": "SUSE Bug 1235061",
"url": "https://bugzilla.suse.com/1235061"
},
{
"category": "self",
"summary": "SUSE Bug 1235073",
"url": "https://bugzilla.suse.com/1235073"
},
{
"category": "self",
"summary": "SUSE Bug 1235244",
"url": "https://bugzilla.suse.com/1235244"
},
{
"category": "self",
"summary": "SUSE Bug 1235435",
"url": "https://bugzilla.suse.com/1235435"
},
{
"category": "self",
"summary": "SUSE Bug 1235436",
"url": "https://bugzilla.suse.com/1235436"
},
{
"category": "self",
"summary": "SUSE Bug 1235441",
"url": "https://bugzilla.suse.com/1235441"
},
{
"category": "self",
"summary": "SUSE Bug 1235455",
"url": "https://bugzilla.suse.com/1235455"
},
{
"category": "self",
"summary": "SUSE Bug 1235485",
"url": "https://bugzilla.suse.com/1235485"
},
{
"category": "self",
"summary": "SUSE Bug 1235501",
"url": "https://bugzilla.suse.com/1235501"
},
{
"category": "self",
"summary": "SUSE Bug 1235524",
"url": "https://bugzilla.suse.com/1235524"
},
{
"category": "self",
"summary": "SUSE Bug 1235589",
"url": "https://bugzilla.suse.com/1235589"
},
{
"category": "self",
"summary": "SUSE Bug 1235591",
"url": "https://bugzilla.suse.com/1235591"
},
{
"category": "self",
"summary": "SUSE Bug 1235592",
"url": "https://bugzilla.suse.com/1235592"
},
{
"category": "self",
"summary": "SUSE Bug 1235599",
"url": "https://bugzilla.suse.com/1235599"
},
{
"category": "self",
"summary": "SUSE Bug 1235609",
"url": "https://bugzilla.suse.com/1235609"
},
{
"category": "self",
"summary": "SUSE Bug 1235621",
"url": "https://bugzilla.suse.com/1235621"
},
{
"category": "self",
"summary": "SUSE Bug 1235637",
"url": "https://bugzilla.suse.com/1235637"
},
{
"category": "self",
"summary": "SUSE Bug 1235698",
"url": "https://bugzilla.suse.com/1235698"
},
{
"category": "self",
"summary": "SUSE Bug 1235711",
"url": "https://bugzilla.suse.com/1235711"
},
{
"category": "self",
"summary": "SUSE Bug 1235712",
"url": "https://bugzilla.suse.com/1235712"
},
{
"category": "self",
"summary": "SUSE Bug 1235715",
"url": "https://bugzilla.suse.com/1235715"
},
{
"category": "self",
"summary": "SUSE Bug 1235729",
"url": "https://bugzilla.suse.com/1235729"
},
{
"category": "self",
"summary": "SUSE Bug 1235733",
"url": "https://bugzilla.suse.com/1235733"
},
{
"category": "self",
"summary": "SUSE Bug 1235761",
"url": "https://bugzilla.suse.com/1235761"
},
{
"category": "self",
"summary": "SUSE Bug 1235870",
"url": "https://bugzilla.suse.com/1235870"
},
{
"category": "self",
"summary": "SUSE Bug 1235874",
"url": "https://bugzilla.suse.com/1235874"
},
{
"category": "self",
"summary": "SUSE Bug 1235914",
"url": "https://bugzilla.suse.com/1235914"
},
{
"category": "self",
"summary": "SUSE Bug 1235932",
"url": "https://bugzilla.suse.com/1235932"
},
{
"category": "self",
"summary": "SUSE Bug 1235933",
"url": "https://bugzilla.suse.com/1235933"
},
{
"category": "self",
"summary": "SUSE Bug 1235973",
"url": "https://bugzilla.suse.com/1235973"
},
{
"category": "self",
"summary": "SUSE Bug 1236099",
"url": "https://bugzilla.suse.com/1236099"
},
{
"category": "self",
"summary": "SUSE Bug 1236111",
"url": "https://bugzilla.suse.com/1236111"
},
{
"category": "self",
"summary": "SUSE Bug 1236113",
"url": "https://bugzilla.suse.com/1236113"
},
{
"category": "self",
"summary": "SUSE Bug 1236114",
"url": "https://bugzilla.suse.com/1236114"
},
{
"category": "self",
"summary": "SUSE Bug 1236115",
"url": "https://bugzilla.suse.com/1236115"
},
{
"category": "self",
"summary": "SUSE Bug 1236122",
"url": "https://bugzilla.suse.com/1236122"
},
{
"category": "self",
"summary": "SUSE Bug 1236123",
"url": "https://bugzilla.suse.com/1236123"
},
{
"category": "self",
"summary": "SUSE Bug 1236133",
"url": "https://bugzilla.suse.com/1236133"
},
{
"category": "self",
"summary": "SUSE Bug 1236138",
"url": "https://bugzilla.suse.com/1236138"
},
{
"category": "self",
"summary": "SUSE Bug 1236199",
"url": "https://bugzilla.suse.com/1236199"
},
{
"category": "self",
"summary": "SUSE Bug 1236200",
"url": "https://bugzilla.suse.com/1236200"
},
{
"category": "self",
"summary": "SUSE Bug 1236203",
"url": "https://bugzilla.suse.com/1236203"
},
{
"category": "self",
"summary": "SUSE Bug 1236205",
"url": "https://bugzilla.suse.com/1236205"
},
{
"category": "self",
"summary": "SUSE Bug 1236206",
"url": "https://bugzilla.suse.com/1236206"
},
{
"category": "self",
"summary": "SUSE Bug 1236333",
"url": "https://bugzilla.suse.com/1236333"
},
{
"category": "self",
"summary": "SUSE Bug 1236573",
"url": "https://bugzilla.suse.com/1236573"
},
{
"category": "self",
"summary": "SUSE Bug 1236575",
"url": "https://bugzilla.suse.com/1236575"
},
{
"category": "self",
"summary": "SUSE Bug 1236576",
"url": "https://bugzilla.suse.com/1236576"
},
{
"category": "self",
"summary": "SUSE Bug 1236591",
"url": "https://bugzilla.suse.com/1236591"
},
{
"category": "self",
"summary": "SUSE Bug 1236661",
"url": "https://bugzilla.suse.com/1236661"
},
{
"category": "self",
"summary": "SUSE Bug 1236677",
"url": "https://bugzilla.suse.com/1236677"
},
{
"category": "self",
"summary": "SUSE Bug 1236680",
"url": "https://bugzilla.suse.com/1236680"
},
{
"category": "self",
"summary": "SUSE Bug 1236681",
"url": "https://bugzilla.suse.com/1236681"
},
{
"category": "self",
"summary": "SUSE Bug 1236682",
"url": "https://bugzilla.suse.com/1236682"
},
{
"category": "self",
"summary": "SUSE Bug 1236683",
"url": "https://bugzilla.suse.com/1236683"
},
{
"category": "self",
"summary": "SUSE Bug 1236684",
"url": "https://bugzilla.suse.com/1236684"
},
{
"category": "self",
"summary": "SUSE Bug 1236685",
"url": "https://bugzilla.suse.com/1236685"
},
{
"category": "self",
"summary": "SUSE Bug 1236689",
"url": "https://bugzilla.suse.com/1236689"
},
{
"category": "self",
"summary": "SUSE Bug 1236692",
"url": "https://bugzilla.suse.com/1236692"
},
{
"category": "self",
"summary": "SUSE Bug 1236694",
"url": "https://bugzilla.suse.com/1236694"
},
{
"category": "self",
"summary": "SUSE Bug 1236698",
"url": "https://bugzilla.suse.com/1236698"
},
{
"category": "self",
"summary": "SUSE Bug 1236700",
"url": "https://bugzilla.suse.com/1236700"
},
{
"category": "self",
"summary": "SUSE Bug 1236702",
"url": "https://bugzilla.suse.com/1236702"
},
{
"category": "self",
"summary": "SUSE Bug 1236752",
"url": "https://bugzilla.suse.com/1236752"
},
{
"category": "self",
"summary": "SUSE Bug 1236757",
"url": "https://bugzilla.suse.com/1236757"
},
{
"category": "self",
"summary": "SUSE Bug 1236758",
"url": "https://bugzilla.suse.com/1236758"
},
{
"category": "self",
"summary": "SUSE Bug 1236759",
"url": "https://bugzilla.suse.com/1236759"
},
{
"category": "self",
"summary": "SUSE Bug 1236760",
"url": "https://bugzilla.suse.com/1236760"
},
{
"category": "self",
"summary": "SUSE Bug 1236761",
"url": "https://bugzilla.suse.com/1236761"
},
{
"category": "self",
"summary": "SUSE Bug 1236821",
"url": "https://bugzilla.suse.com/1236821"
},
{
"category": "self",
"summary": "SUSE Bug 1236822",
"url": "https://bugzilla.suse.com/1236822"
},
{
"category": "self",
"summary": "SUSE Bug 1236896",
"url": "https://bugzilla.suse.com/1236896"
},
{
"category": "self",
"summary": "SUSE Bug 1236897",
"url": "https://bugzilla.suse.com/1236897"
},
{
"category": "self",
"summary": "SUSE Bug 1236952",
"url": "https://bugzilla.suse.com/1236952"
},
{
"category": "self",
"summary": "SUSE Bug 1236967",
"url": "https://bugzilla.suse.com/1236967"
},
{
"category": "self",
"summary": "SUSE Bug 1236994",
"url": "https://bugzilla.suse.com/1236994"
},
{
"category": "self",
"summary": "SUSE Bug 1237007",
"url": "https://bugzilla.suse.com/1237007"
},
{
"category": "self",
"summary": "SUSE Bug 1237017",
"url": "https://bugzilla.suse.com/1237017"
},
{
"category": "self",
"summary": "SUSE Bug 1237025",
"url": "https://bugzilla.suse.com/1237025"
},
{
"category": "self",
"summary": "SUSE Bug 1237028",
"url": "https://bugzilla.suse.com/1237028"
},
{
"category": "self",
"summary": "SUSE Bug 1237029",
"url": "https://bugzilla.suse.com/1237029"
},
{
"category": "self",
"summary": "SUSE Bug 1237045",
"url": "https://bugzilla.suse.com/1237045"
},
{
"category": "self",
"summary": "SUSE Bug 1237126",
"url": "https://bugzilla.suse.com/1237126"
},
{
"category": "self",
"summary": "SUSE Bug 1237132",
"url": "https://bugzilla.suse.com/1237132"
},
{
"category": "self",
"summary": "SUSE Bug 1237139",
"url": "https://bugzilla.suse.com/1237139"
},
{
"category": "self",
"summary": "SUSE Bug 1237155",
"url": "https://bugzilla.suse.com/1237155"
},
{
"category": "self",
"summary": "SUSE Bug 1237158",
"url": "https://bugzilla.suse.com/1237158"
},
{
"category": "self",
"summary": "SUSE Bug 1237159",
"url": "https://bugzilla.suse.com/1237159"
},
{
"category": "self",
"summary": "SUSE Bug 1237164",
"url": "https://bugzilla.suse.com/1237164"
},
{
"category": "self",
"summary": "SUSE Bug 1237232",
"url": "https://bugzilla.suse.com/1237232"
},
{
"category": "self",
"summary": "SUSE Bug 1237234",
"url": "https://bugzilla.suse.com/1237234"
},
{
"category": "self",
"summary": "SUSE Bug 1237313",
"url": "https://bugzilla.suse.com/1237313"
},
{
"category": "self",
"summary": "SUSE Bug 1237325",
"url": "https://bugzilla.suse.com/1237325"
},
{
"category": "self",
"summary": "SUSE Bug 1237356",
"url": "https://bugzilla.suse.com/1237356"
},
{
"category": "self",
"summary": "SUSE Bug 1237415",
"url": "https://bugzilla.suse.com/1237415"
},
{
"category": "self",
"summary": "SUSE Bug 1237452",
"url": "https://bugzilla.suse.com/1237452"
},
{
"category": "self",
"summary": "SUSE Bug 1237504",
"url": "https://bugzilla.suse.com/1237504"
},
{
"category": "self",
"summary": "SUSE Bug 1237521",
"url": "https://bugzilla.suse.com/1237521"
},
{
"category": "self",
"summary": "SUSE Bug 1237530",
"url": "https://bugzilla.suse.com/1237530"
},
{
"category": "self",
"summary": "SUSE Bug 1237558",
"url": "https://bugzilla.suse.com/1237558"
},
{
"category": "self",
"summary": "SUSE Bug 1237562",
"url": "https://bugzilla.suse.com/1237562"
},
{
"category": "self",
"summary": "SUSE Bug 1237563",
"url": "https://bugzilla.suse.com/1237563"
},
{
"category": "self",
"summary": "SUSE Bug 1237565",
"url": "https://bugzilla.suse.com/1237565"
},
{
"category": "self",
"summary": "SUSE Bug 1237571",
"url": "https://bugzilla.suse.com/1237571"
},
{
"category": "self",
"summary": "SUSE Bug 1237848",
"url": "https://bugzilla.suse.com/1237848"
},
{
"category": "self",
"summary": "SUSE Bug 1237849",
"url": "https://bugzilla.suse.com/1237849"
},
{
"category": "self",
"summary": "SUSE Bug 1237853",
"url": "https://bugzilla.suse.com/1237853"
},
{
"category": "self",
"summary": "SUSE Bug 1237856",
"url": "https://bugzilla.suse.com/1237856"
},
{
"category": "self",
"summary": "SUSE Bug 1237873",
"url": "https://bugzilla.suse.com/1237873"
},
{
"category": "self",
"summary": "SUSE Bug 1237875",
"url": "https://bugzilla.suse.com/1237875"
},
{
"category": "self",
"summary": "SUSE Bug 1237876",
"url": "https://bugzilla.suse.com/1237876"
},
{
"category": "self",
"summary": "SUSE Bug 1237877",
"url": "https://bugzilla.suse.com/1237877"
},
{
"category": "self",
"summary": "SUSE Bug 1237879",
"url": "https://bugzilla.suse.com/1237879"
},
{
"category": "self",
"summary": "SUSE Bug 1237881",
"url": "https://bugzilla.suse.com/1237881"
},
{
"category": "self",
"summary": "SUSE Bug 1237885",
"url": "https://bugzilla.suse.com/1237885"
},
{
"category": "self",
"summary": "SUSE Bug 1237889",
"url": "https://bugzilla.suse.com/1237889"
},
{
"category": "self",
"summary": "SUSE Bug 1237890",
"url": "https://bugzilla.suse.com/1237890"
},
{
"category": "self",
"summary": "SUSE Bug 1237891",
"url": "https://bugzilla.suse.com/1237891"
},
{
"category": "self",
"summary": "SUSE Bug 1237894",
"url": "https://bugzilla.suse.com/1237894"
},
{
"category": "self",
"summary": "SUSE Bug 1237897",
"url": "https://bugzilla.suse.com/1237897"
},
{
"category": "self",
"summary": "SUSE Bug 1237900",
"url": "https://bugzilla.suse.com/1237900"
},
{
"category": "self",
"summary": "SUSE Bug 1237901",
"url": "https://bugzilla.suse.com/1237901"
},
{
"category": "self",
"summary": "SUSE Bug 1237906",
"url": "https://bugzilla.suse.com/1237906"
},
{
"category": "self",
"summary": "SUSE Bug 1237907",
"url": "https://bugzilla.suse.com/1237907"
},
{
"category": "self",
"summary": "SUSE Bug 1237911",
"url": "https://bugzilla.suse.com/1237911"
},
{
"category": "self",
"summary": "SUSE Bug 1237912",
"url": "https://bugzilla.suse.com/1237912"
},
{
"category": "self",
"summary": "SUSE Bug 1237950",
"url": "https://bugzilla.suse.com/1237950"
},
{
"category": "self",
"summary": "SUSE Bug 1238212",
"url": "https://bugzilla.suse.com/1238212"
},
{
"category": "self",
"summary": "SUSE Bug 1238214",
"url": "https://bugzilla.suse.com/1238214"
},
{
"category": "self",
"summary": "SUSE Bug 1238303",
"url": "https://bugzilla.suse.com/1238303"
},
{
"category": "self",
"summary": "SUSE Bug 1238347",
"url": "https://bugzilla.suse.com/1238347"
},
{
"category": "self",
"summary": "SUSE Bug 1238368",
"url": "https://bugzilla.suse.com/1238368"
},
{
"category": "self",
"summary": "SUSE Bug 1238474",
"url": "https://bugzilla.suse.com/1238474"
},
{
"category": "self",
"summary": "SUSE Bug 1238475",
"url": "https://bugzilla.suse.com/1238475"
},
{
"category": "self",
"summary": "SUSE Bug 1238479",
"url": "https://bugzilla.suse.com/1238479"
},
{
"category": "self",
"summary": "SUSE Bug 1238494",
"url": "https://bugzilla.suse.com/1238494"
},
{
"category": "self",
"summary": "SUSE Bug 1238496",
"url": "https://bugzilla.suse.com/1238496"
},
{
"category": "self",
"summary": "SUSE Bug 1238497",
"url": "https://bugzilla.suse.com/1238497"
},
{
"category": "self",
"summary": "SUSE Bug 1238500",
"url": "https://bugzilla.suse.com/1238500"
},
{
"category": "self",
"summary": "SUSE Bug 1238501",
"url": "https://bugzilla.suse.com/1238501"
},
{
"category": "self",
"summary": "SUSE Bug 1238502",
"url": "https://bugzilla.suse.com/1238502"
},
{
"category": "self",
"summary": "SUSE Bug 1238503",
"url": "https://bugzilla.suse.com/1238503"
},
{
"category": "self",
"summary": "SUSE Bug 1238506",
"url": "https://bugzilla.suse.com/1238506"
},
{
"category": "self",
"summary": "SUSE Bug 1238507",
"url": "https://bugzilla.suse.com/1238507"
},
{
"category": "self",
"summary": "SUSE Bug 1238509",
"url": "https://bugzilla.suse.com/1238509"
},
{
"category": "self",
"summary": "SUSE Bug 1238510",
"url": "https://bugzilla.suse.com/1238510"
},
{
"category": "self",
"summary": "SUSE Bug 1238511",
"url": "https://bugzilla.suse.com/1238511"
},
{
"category": "self",
"summary": "SUSE Bug 1238512",
"url": "https://bugzilla.suse.com/1238512"
},
{
"category": "self",
"summary": "SUSE Bug 1238521",
"url": "https://bugzilla.suse.com/1238521"
},
{
"category": "self",
"summary": "SUSE Bug 1238523",
"url": "https://bugzilla.suse.com/1238523"
},
{
"category": "self",
"summary": "SUSE Bug 1238525",
"url": "https://bugzilla.suse.com/1238525"
},
{
"category": "self",
"summary": "SUSE Bug 1238526",
"url": "https://bugzilla.suse.com/1238526"
},
{
"category": "self",
"summary": "SUSE Bug 1238528",
"url": "https://bugzilla.suse.com/1238528"
},
{
"category": "self",
"summary": "SUSE Bug 1238529",
"url": "https://bugzilla.suse.com/1238529"
},
{
"category": "self",
"summary": "SUSE Bug 1238531",
"url": "https://bugzilla.suse.com/1238531"
},
{
"category": "self",
"summary": "SUSE Bug 1238532",
"url": "https://bugzilla.suse.com/1238532"
},
{
"category": "self",
"summary": "SUSE Bug 1238570",
"url": "https://bugzilla.suse.com/1238570"
},
{
"category": "self",
"summary": "SUSE Bug 1238715",
"url": "https://bugzilla.suse.com/1238715"
},
{
"category": "self",
"summary": "SUSE Bug 1238716",
"url": "https://bugzilla.suse.com/1238716"
},
{
"category": "self",
"summary": "SUSE Bug 1238734",
"url": "https://bugzilla.suse.com/1238734"
},
{
"category": "self",
"summary": "SUSE Bug 1238735",
"url": "https://bugzilla.suse.com/1238735"
},
{
"category": "self",
"summary": "SUSE Bug 1238736",
"url": "https://bugzilla.suse.com/1238736"
},
{
"category": "self",
"summary": "SUSE Bug 1238738",
"url": "https://bugzilla.suse.com/1238738"
},
{
"category": "self",
"summary": "SUSE Bug 1238739",
"url": "https://bugzilla.suse.com/1238739"
},
{
"category": "self",
"summary": "SUSE Bug 1238747",
"url": "https://bugzilla.suse.com/1238747"
},
{
"category": "self",
"summary": "SUSE Bug 1238751",
"url": "https://bugzilla.suse.com/1238751"
},
{
"category": "self",
"summary": "SUSE Bug 1238753",
"url": "https://bugzilla.suse.com/1238753"
},
{
"category": "self",
"summary": "SUSE Bug 1238754",
"url": "https://bugzilla.suse.com/1238754"
},
{
"category": "self",
"summary": "SUSE Bug 1238757",
"url": "https://bugzilla.suse.com/1238757"
},
{
"category": "self",
"summary": "SUSE Bug 1238759",
"url": "https://bugzilla.suse.com/1238759"
},
{
"category": "self",
"summary": "SUSE Bug 1238760",
"url": "https://bugzilla.suse.com/1238760"
},
{
"category": "self",
"summary": "SUSE Bug 1238762",
"url": "https://bugzilla.suse.com/1238762"
},
{
"category": "self",
"summary": "SUSE Bug 1238763",
"url": "https://bugzilla.suse.com/1238763"
},
{
"category": "self",
"summary": "SUSE Bug 1238767",
"url": "https://bugzilla.suse.com/1238767"
},
{
"category": "self",
"summary": "SUSE Bug 1238768",
"url": "https://bugzilla.suse.com/1238768"
},
{
"category": "self",
"summary": "SUSE Bug 1238771",
"url": "https://bugzilla.suse.com/1238771"
},
{
"category": "self",
"summary": "SUSE Bug 1238772",
"url": "https://bugzilla.suse.com/1238772"
},
{
"category": "self",
"summary": "SUSE Bug 1238773",
"url": "https://bugzilla.suse.com/1238773"
},
{
"category": "self",
"summary": "SUSE Bug 1238775",
"url": "https://bugzilla.suse.com/1238775"
},
{
"category": "self",
"summary": "SUSE Bug 1238780",
"url": "https://bugzilla.suse.com/1238780"
},
{
"category": "self",
"summary": "SUSE Bug 1238781",
"url": "https://bugzilla.suse.com/1238781"
},
{
"category": "self",
"summary": "SUSE Bug 1238785",
"url": "https://bugzilla.suse.com/1238785"
},
{
"category": "self",
"summary": "SUSE Bug 1238860",
"url": "https://bugzilla.suse.com/1238860"
},
{
"category": "self",
"summary": "SUSE Bug 1238863",
"url": "https://bugzilla.suse.com/1238863"
},
{
"category": "self",
"summary": "SUSE Bug 1238864",
"url": "https://bugzilla.suse.com/1238864"
},
{
"category": "self",
"summary": "SUSE Bug 1238865",
"url": "https://bugzilla.suse.com/1238865"
},
{
"category": "self",
"summary": "SUSE Bug 1238876",
"url": "https://bugzilla.suse.com/1238876"
},
{
"category": "self",
"summary": "SUSE Bug 1238877",
"url": "https://bugzilla.suse.com/1238877"
},
{
"category": "self",
"summary": "SUSE Bug 1238903",
"url": "https://bugzilla.suse.com/1238903"
},
{
"category": "self",
"summary": "SUSE Bug 1238904",
"url": "https://bugzilla.suse.com/1238904"
},
{
"category": "self",
"summary": "SUSE Bug 1238905",
"url": "https://bugzilla.suse.com/1238905"
},
{
"category": "self",
"summary": "SUSE Bug 1238909",
"url": "https://bugzilla.suse.com/1238909"
},
{
"category": "self",
"summary": "SUSE Bug 1238911",
"url": "https://bugzilla.suse.com/1238911"
},
{
"category": "self",
"summary": "SUSE Bug 1238917",
"url": "https://bugzilla.suse.com/1238917"
},
{
"category": "self",
"summary": "SUSE Bug 1238958",
"url": "https://bugzilla.suse.com/1238958"
},
{
"category": "self",
"summary": "SUSE Bug 1238959",
"url": "https://bugzilla.suse.com/1238959"
},
{
"category": "self",
"summary": "SUSE Bug 1238963",
"url": "https://bugzilla.suse.com/1238963"
},
{
"category": "self",
"summary": "SUSE Bug 1238964",
"url": "https://bugzilla.suse.com/1238964"
},
{
"category": "self",
"summary": "SUSE Bug 1238969",
"url": "https://bugzilla.suse.com/1238969"
},
{
"category": "self",
"summary": "SUSE Bug 1238971",
"url": "https://bugzilla.suse.com/1238971"
},
{
"category": "self",
"summary": "SUSE Bug 1238973",
"url": "https://bugzilla.suse.com/1238973"
},
{
"category": "self",
"summary": "SUSE Bug 1238975",
"url": "https://bugzilla.suse.com/1238975"
},
{
"category": "self",
"summary": "SUSE Bug 1238978",
"url": "https://bugzilla.suse.com/1238978"
},
{
"category": "self",
"summary": "SUSE Bug 1238979",
"url": "https://bugzilla.suse.com/1238979"
},
{
"category": "self",
"summary": "SUSE Bug 1238981",
"url": "https://bugzilla.suse.com/1238981"
},
{
"category": "self",
"summary": "SUSE Bug 1238984",
"url": "https://bugzilla.suse.com/1238984"
},
{
"category": "self",
"summary": "SUSE Bug 1238986",
"url": "https://bugzilla.suse.com/1238986"
},
{
"category": "self",
"summary": "SUSE Bug 1238993",
"url": "https://bugzilla.suse.com/1238993"
},
{
"category": "self",
"summary": "SUSE Bug 1238994",
"url": "https://bugzilla.suse.com/1238994"
},
{
"category": "self",
"summary": "SUSE Bug 1238997",
"url": "https://bugzilla.suse.com/1238997"
},
{
"category": "self",
"summary": "SUSE Bug 1239015",
"url": "https://bugzilla.suse.com/1239015"
},
{
"category": "self",
"summary": "SUSE Bug 1239016",
"url": "https://bugzilla.suse.com/1239016"
},
{
"category": "self",
"summary": "SUSE Bug 1239027",
"url": "https://bugzilla.suse.com/1239027"
},
{
"category": "self",
"summary": "SUSE Bug 1239029",
"url": "https://bugzilla.suse.com/1239029"
},
{
"category": "self",
"summary": "SUSE Bug 1239030",
"url": "https://bugzilla.suse.com/1239030"
},
{
"category": "self",
"summary": "SUSE Bug 1239033",
"url": "https://bugzilla.suse.com/1239033"
},
{
"category": "self",
"summary": "SUSE Bug 1239034",
"url": "https://bugzilla.suse.com/1239034"
},
{
"category": "self",
"summary": "SUSE Bug 1239036",
"url": "https://bugzilla.suse.com/1239036"
},
{
"category": "self",
"summary": "SUSE Bug 1239037",
"url": "https://bugzilla.suse.com/1239037"
},
{
"category": "self",
"summary": "SUSE Bug 1239038",
"url": "https://bugzilla.suse.com/1239038"
},
{
"category": "self",
"summary": "SUSE Bug 1239039",
"url": "https://bugzilla.suse.com/1239039"
},
{
"category": "self",
"summary": "SUSE Bug 1239045",
"url": "https://bugzilla.suse.com/1239045"
},
{
"category": "self",
"summary": "SUSE Bug 1239065",
"url": "https://bugzilla.suse.com/1239065"
},
{
"category": "self",
"summary": "SUSE Bug 1239068",
"url": "https://bugzilla.suse.com/1239068"
},
{
"category": "self",
"summary": "SUSE Bug 1239073",
"url": "https://bugzilla.suse.com/1239073"
},
{
"category": "self",
"summary": "SUSE Bug 1239076",
"url": "https://bugzilla.suse.com/1239076"
},
{
"category": "self",
"summary": "SUSE Bug 1239080",
"url": "https://bugzilla.suse.com/1239080"
},
{
"category": "self",
"summary": "SUSE Bug 1239085",
"url": "https://bugzilla.suse.com/1239085"
},
{
"category": "self",
"summary": "SUSE Bug 1239087",
"url": "https://bugzilla.suse.com/1239087"
},
{
"category": "self",
"summary": "SUSE Bug 1239095",
"url": "https://bugzilla.suse.com/1239095"
},
{
"category": "self",
"summary": "SUSE Bug 1239104",
"url": "https://bugzilla.suse.com/1239104"
},
{
"category": "self",
"summary": "SUSE Bug 1239105",
"url": "https://bugzilla.suse.com/1239105"
},
{
"category": "self",
"summary": "SUSE Bug 1239109",
"url": "https://bugzilla.suse.com/1239109"
},
{
"category": "self",
"summary": "SUSE Bug 1239112",
"url": "https://bugzilla.suse.com/1239112"
},
{
"category": "self",
"summary": "SUSE Bug 1239114",
"url": "https://bugzilla.suse.com/1239114"
},
{
"category": "self",
"summary": "SUSE Bug 1239115",
"url": "https://bugzilla.suse.com/1239115"
},
{
"category": "self",
"summary": "SUSE Bug 1239117",
"url": "https://bugzilla.suse.com/1239117"
},
{
"category": "self",
"summary": "SUSE Bug 1239167",
"url": "https://bugzilla.suse.com/1239167"
},
{
"category": "self",
"summary": "SUSE Bug 1239174",
"url": "https://bugzilla.suse.com/1239174"
},
{
"category": "self",
"summary": "SUSE Bug 1239346",
"url": "https://bugzilla.suse.com/1239346"
},
{
"category": "self",
"summary": "SUSE Bug 1239349",
"url": "https://bugzilla.suse.com/1239349"
},
{
"category": "self",
"summary": "SUSE Bug 1239435",
"url": "https://bugzilla.suse.com/1239435"
},
{
"category": "self",
"summary": "SUSE Bug 1239467",
"url": "https://bugzilla.suse.com/1239467"
},
{
"category": "self",
"summary": "SUSE Bug 1239468",
"url": "https://bugzilla.suse.com/1239468"
},
{
"category": "self",
"summary": "SUSE Bug 1239471",
"url": "https://bugzilla.suse.com/1239471"
},
{
"category": "self",
"summary": "SUSE Bug 1239473",
"url": "https://bugzilla.suse.com/1239473"
},
{
"category": "self",
"summary": "SUSE Bug 1239474",
"url": "https://bugzilla.suse.com/1239474"
},
{
"category": "self",
"summary": "SUSE Bug 1239477",
"url": "https://bugzilla.suse.com/1239477"
},
{
"category": "self",
"summary": "SUSE Bug 1239478",
"url": "https://bugzilla.suse.com/1239478"
},
{
"category": "self",
"summary": "SUSE Bug 1239479",
"url": "https://bugzilla.suse.com/1239479"
},
{
"category": "self",
"summary": "SUSE Bug 1239481",
"url": "https://bugzilla.suse.com/1239481"
},
{
"category": "self",
"summary": "SUSE Bug 1239482",
"url": "https://bugzilla.suse.com/1239482"
},
{
"category": "self",
"summary": "SUSE Bug 1239483",
"url": "https://bugzilla.suse.com/1239483"
},
{
"category": "self",
"summary": "SUSE Bug 1239484",
"url": "https://bugzilla.suse.com/1239484"
},
{
"category": "self",
"summary": "SUSE Bug 1239486",
"url": "https://bugzilla.suse.com/1239486"
},
{
"category": "self",
"summary": "SUSE Bug 1239508",
"url": "https://bugzilla.suse.com/1239508"
},
{
"category": "self",
"summary": "SUSE Bug 1239512",
"url": "https://bugzilla.suse.com/1239512"
},
{
"category": "self",
"summary": "SUSE Bug 1239518",
"url": "https://bugzilla.suse.com/1239518"
},
{
"category": "self",
"summary": "SUSE Bug 1239573",
"url": "https://bugzilla.suse.com/1239573"
},
{
"category": "self",
"summary": "SUSE Bug 1239594",
"url": "https://bugzilla.suse.com/1239594"
},
{
"category": "self",
"summary": "SUSE Bug 1239595",
"url": "https://bugzilla.suse.com/1239595"
},
{
"category": "self",
"summary": "SUSE Bug 1239600",
"url": "https://bugzilla.suse.com/1239600"
},
{
"category": "self",
"summary": "SUSE Bug 1239605",
"url": "https://bugzilla.suse.com/1239605"
},
{
"category": "self",
"summary": "SUSE Bug 1239615",
"url": "https://bugzilla.suse.com/1239615"
},
{
"category": "self",
"summary": "SUSE Bug 1239644",
"url": "https://bugzilla.suse.com/1239644"
},
{
"category": "self",
"summary": "SUSE Bug 1239707",
"url": "https://bugzilla.suse.com/1239707"
},
{
"category": "self",
"summary": "SUSE Bug 1239986",
"url": "https://bugzilla.suse.com/1239986"
},
{
"category": "self",
"summary": "SUSE Bug 1239994",
"url": "https://bugzilla.suse.com/1239994"
},
{
"category": "self",
"summary": "SUSE Bug 1240169",
"url": "https://bugzilla.suse.com/1240169"
},
{
"category": "self",
"summary": "SUSE Bug 1240172",
"url": "https://bugzilla.suse.com/1240172"
},
{
"category": "self",
"summary": "SUSE Bug 1240173",
"url": "https://bugzilla.suse.com/1240173"
},
{
"category": "self",
"summary": "SUSE Bug 1240175",
"url": "https://bugzilla.suse.com/1240175"
},
{
"category": "self",
"summary": "SUSE Bug 1240177",
"url": "https://bugzilla.suse.com/1240177"
},
{
"category": "self",
"summary": "SUSE Bug 1240179",
"url": "https://bugzilla.suse.com/1240179"
},
{
"category": "self",
"summary": "SUSE Bug 1240182",
"url": "https://bugzilla.suse.com/1240182"
},
{
"category": "self",
"summary": "SUSE Bug 1240183",
"url": "https://bugzilla.suse.com/1240183"
},
{
"category": "self",
"summary": "SUSE Bug 1240186",
"url": "https://bugzilla.suse.com/1240186"
},
{
"category": "self",
"summary": "SUSE Bug 1240188",
"url": "https://bugzilla.suse.com/1240188"
},
{
"category": "self",
"summary": "SUSE Bug 1240189",
"url": "https://bugzilla.suse.com/1240189"
},
{
"category": "self",
"summary": "SUSE Bug 1240191",
"url": "https://bugzilla.suse.com/1240191"
},
{
"category": "self",
"summary": "SUSE Bug 1240192",
"url": "https://bugzilla.suse.com/1240192"
},
{
"category": "self",
"summary": "SUSE Bug 1240333",
"url": "https://bugzilla.suse.com/1240333"
},
{
"category": "self",
"summary": "SUSE Bug 1240334",
"url": "https://bugzilla.suse.com/1240334"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52831 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52831/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52924 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52924/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52925 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52925/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52926 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52926/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52927 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52927/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26634 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26634/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26708 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26708/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26810 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26810/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26873 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26873/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-35826 page",
"url": "https://www.suse.com/security/cve/CVE-2024-35826/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-35910 page",
"url": "https://www.suse.com/security/cve/CVE-2024-35910/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-38606 page",
"url": "https://www.suse.com/security/cve/CVE-2024-38606/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40980 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40980/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41005 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41005/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41055 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41055/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41077 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41077/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41149 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41149/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42307 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42307/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43820 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43820/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-44974 page",
"url": "https://www.suse.com/security/cve/CVE-2024-44974/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45009 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45009/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45010 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45010/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46736 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46736/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46782 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46782/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46796 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46796/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46858 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46858/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47408 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47408/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47701 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47701/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47794 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47794/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49571 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49571/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49884 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49884/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49924 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49924/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49940 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49940/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49950 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49950/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49994 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49994/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50029 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50029/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50036 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50036/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50056 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50056/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50073 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50073/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50085 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50085/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50115 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50115/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50126 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50126/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50140 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50140/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50142 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50142/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50152 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50152/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50185 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50185/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50251 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50251/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50258 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50258/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50290 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50290/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50294 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50294/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50304 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50304/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-52559 page",
"url": "https://www.suse.com/security/cve/CVE-2024-52559/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53057 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53057/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53063 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53063/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53123 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53123/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53140 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53140/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53147 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53147/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53163 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53163/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53173 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53173/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53176 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53176/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53177 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53177/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53178 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53178/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53226 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53226/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53239 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53239/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53680 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53680/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-54683 page",
"url": "https://www.suse.com/security/cve/CVE-2024-54683/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56539 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56539/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56548 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56548/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56579 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56579/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56592 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56592/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56605 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56605/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56633 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56633/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56638 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56638/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56640 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56640/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56647 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56647/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56658 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56658/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56702 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56702/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56703 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56703/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56718 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56718/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56719 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56719/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56720 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56720/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56751 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56751/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56758 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56758/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56770 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56770/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57807 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57807/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57834 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57834/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57882 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57882/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57889 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57889/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57900 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57900/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57947 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57947/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57948 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57948/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57973 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57973/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57974 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57974/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57978 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57978/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57979 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57979/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57980 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57980/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57981 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57981/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57986 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57986/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57990 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57990/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57993 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57993/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57994 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57994/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57996 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57996/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57997 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57997/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57999 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57999/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58002 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58002/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58005 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58005/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58006 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58006/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58007 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58007/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58009 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58009/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58011 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58011/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58012 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58012/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58013 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58013/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58014 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58014/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58017 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58017/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58019 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58019/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58020 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58020/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58034 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58034/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58051 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58051/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58052 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58052/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58054 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58054/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58055 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58055/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58056 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58056/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58057 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58057/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58058 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58058/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58061 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58061/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58063 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58063/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58069 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58069/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58072 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58072/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58076 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58076/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58078 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58078/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58079 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58079/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58080 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58080/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58083 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58083/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58085 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58085/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58086 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58086/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21631 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21631/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21635 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21635/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21636 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21636/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21637 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21637/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21638 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21638/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21639 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21639/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21640 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21640/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21647 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21647/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21659 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21659/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21665 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21665/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21666 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21666/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21667 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21667/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21668 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21668/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21669 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21669/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21670 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21670/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21671 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21671/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21673 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21673/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21675 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21675/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21678 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21678/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21680 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21680/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21681 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21681/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21684 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21684/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21687 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21687/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21688 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21688/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21689 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21689/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21690 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21690/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21692 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21692/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21693 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21693/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21697 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21697/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21699 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21699/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21700 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21700/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21701 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21701/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21703 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21703/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21704 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21704/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21705 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21705/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21706 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21706/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21708 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21708/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21711 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21711/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21714 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21714/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21715 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21715/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21716 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21716/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21718 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21718/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21719 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21719/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21723 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21723/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21724 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21724/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21725 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21725/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21726 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21726/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21727 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21727/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21728 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21728/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21731 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21731/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21732 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21732/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21733 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21733/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21734 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21734/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21735 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21735/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21736 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21736/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21738 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21738/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21739 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21739/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21741 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21741/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21742 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21742/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21743 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21743/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21744 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21744/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21745 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21745/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21749 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21749/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21750 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21750/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21753 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21753/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21754 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21754/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21756 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21756/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21759 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21759/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21760 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21760/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21761 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21761/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21762 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21762/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21763 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21763/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21764 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21764/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21765 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21765/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21766 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21766/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21767 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21767/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21772 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21772/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21773 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21773/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21775 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21775/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21776 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21776/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21779 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21779/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21780 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21780/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21781 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21781/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21782 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21782/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21784 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21784/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21785 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21785/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21790 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21790/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21791 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21791/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21793 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21793/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21794 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21794/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21795 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21795/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21796 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21796/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21799 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21799/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21802 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21802/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21804 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21804/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21810 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21810/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21815 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21815/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21819 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21819/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21820 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21820/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21821 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21821/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21823 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21823/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21825 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21825/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21828 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21828/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21829 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21829/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21830 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21830/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21831 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21831/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21832 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21832/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21835 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21835/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21838 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21838/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21844 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21844/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21846 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21846/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21847 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21847/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21848 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21848/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21850 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21850/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21855 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21855/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21856 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21856/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21857 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21857/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21858 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21858/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21859 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21859/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21861 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21861/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21862 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21862/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21864 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21864/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21865 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21865/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21866 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21866/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21869 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21869/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21870 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21870/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21871 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21871/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21876 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21876/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21877 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21877/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21878 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21878/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21883 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21883/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21885 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21885/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21886 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21886/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21888 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21888/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21890 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21890/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21891 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21891/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21892 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21892/"
}
],
"title": "Security update for the Linux Kernel",
"tracking": {
"current_release_date": "2025-04-17T09:25:13Z",
"generator": {
"date": "2025-04-17T09:25:13Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:20260-1",
"initial_release_date": "2025-04-17T09:25:13Z",
"revision_history": [
{
"date": "2025-04-17T09:25:13Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-rt-6.4.0-28.1.aarch64",
"product": {
"name": "kernel-rt-6.4.0-28.1.aarch64",
"product_id": "kernel-rt-6.4.0-28.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-rt-devel-6.4.0-28.1.aarch64",
"product": {
"name": "kernel-rt-devel-6.4.0-28.1.aarch64",
"product_id": "kernel-rt-devel-6.4.0-28.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-rt-6.4.0-28.1.noarch",
"product": {
"name": "kernel-devel-rt-6.4.0-28.1.noarch",
"product_id": "kernel-devel-rt-6.4.0-28.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-source-rt-6.4.0-28.1.noarch",
"product": {
"name": "kernel-source-rt-6.4.0-28.1.noarch",
"product_id": "kernel-source-rt-6.4.0-28.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"product": {
"name": "kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"product_id": "kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-6.4.0-28.1.x86_64",
"product": {
"name": "kernel-rt-6.4.0-28.1.x86_64",
"product_id": "kernel-rt-6.4.0-28.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-devel-6.4.0-28.1.x86_64",
"product": {
"name": "kernel-rt-devel-6.4.0-28.1.x86_64",
"product_id": "kernel-rt-devel-6.4.0-28.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-livepatch-6.4.0-28.1.x86_64",
"product": {
"name": "kernel-rt-livepatch-6.4.0-28.1.x86_64",
"product_id": "kernel-rt-livepatch-6.4.0-28.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.1",
"product": {
"name": "SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-rt-6.4.0-28.1.noarch as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch"
},
"product_reference": "kernel-devel-rt-6.4.0-28.1.noarch",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64"
},
"product_reference": "kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-6.4.0-28.1.aarch64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64"
},
"product_reference": "kernel-rt-6.4.0-28.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-6.4.0-28.1.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64"
},
"product_reference": "kernel-rt-6.4.0-28.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-devel-6.4.0-28.1.aarch64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64"
},
"product_reference": "kernel-rt-devel-6.4.0-28.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-devel-6.4.0-28.1.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64"
},
"product_reference": "kernel-rt-devel-6.4.0-28.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-livepatch-6.4.0-28.1.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64"
},
"product_reference": "kernel-rt-livepatch-6.4.0-28.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-rt-6.4.0-28.1.noarch as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
},
"product_reference": "kernel-source-rt-6.4.0-28.1.noarch",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-52831",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52831"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncpu/hotplug: Don\u0027t offline the last non-isolated CPU\n\nIf a system has isolated CPUs via the \"isolcpus=\" command line parameter,\nthen an attempt to offline the last housekeeping CPU will result in a\nWARN_ON() when rebuilding the scheduler domains and a subsequent panic due\nto and unhandled empty CPU mas in partition_sched_domains_locked().\n\ncpuset_hotplug_workfn()\n rebuild_sched_domains_locked()\n ndoms = generate_sched_domains(\u0026doms, \u0026attr);\n cpumask_and(doms[0], top_cpuset.effective_cpus, housekeeping_cpumask(HK_FLAG_DOMAIN));\n\nThus results in an empty CPU mask which triggers the warning and then the\nsubsequent crash:\n\nWARNING: CPU: 4 PID: 80 at kernel/sched/topology.c:2366 build_sched_domains+0x120c/0x1408\nCall trace:\n build_sched_domains+0x120c/0x1408\n partition_sched_domains_locked+0x234/0x880\n rebuild_sched_domains_locked+0x37c/0x798\n rebuild_sched_domains+0x30/0x58\n cpuset_hotplug_workfn+0x2a8/0x930\n\nUnable to handle kernel paging request at virtual address fffe80027ab37080\n partition_sched_domains_locked+0x318/0x880\n rebuild_sched_domains_locked+0x37c/0x798\n\nAside of the resulting crash, it does not make any sense to offline the last\nlast housekeeping CPU.\n\nPrevent this by masking out the non-housekeeping CPUs when selecting a\ntarget CPU for initiating the CPU unplug operation via the work queue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52831",
"url": "https://www.suse.com/security/cve/CVE-2023-52831"
},
{
"category": "external",
"summary": "SUSE Bug 1225533 for CVE-2023-52831",
"url": "https://bugzilla.suse.com/1225533"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2023-52831"
},
{
"cve": "CVE-2023-52924",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52924"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: don\u0027t skip expired elements during walk\n\nThere is an asymmetry between commit/abort and preparation phase if the\nfollowing conditions are met:\n\n1. set is a verdict map (\"1.2.3.4 : jump foo\")\n2. timeouts are enabled\n\nIn this case, following sequence is problematic:\n\n1. element E in set S refers to chain C\n2. userspace requests removal of set S\n3. kernel does a set walk to decrement chain-\u003euse count for all elements\n from preparation phase\n4. kernel does another set walk to remove elements from the commit phase\n (or another walk to do a chain-\u003euse increment for all elements from\n abort phase)\n\nIf E has already expired in 1), it will be ignored during list walk, so its use count\nwon\u0027t have been changed.\n\nThen, when set is culled, -\u003edestroy callback will zap the element via\nnf_tables_set_elem_destroy(), but this function is only safe for\nelements that have been deactivated earlier from the preparation phase:\nlack of earlier deactivate removes the element but leaks the chain use\ncount, which results in a WARN splat when the chain gets removed later,\nplus a leak of the nft_chain structure.\n\nUpdate pipapo_get() not to skip expired elements, otherwise flush\ncommand reports bogus ENOENT errors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52924",
"url": "https://www.suse.com/security/cve/CVE-2023-52924"
},
{
"category": "external",
"summary": "SUSE Bug 1236821 for CVE-2023-52924",
"url": "https://bugzilla.suse.com/1236821"
},
{
"category": "external",
"summary": "SUSE Bug 1244630 for CVE-2023-52924",
"url": "https://bugzilla.suse.com/1244630"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "important"
}
],
"title": "CVE-2023-52924"
},
{
"cve": "CVE-2023-52925",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52925"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: don\u0027t fail inserts if duplicate has expired\n\nnftables selftests fail:\nrun-tests.sh testcases/sets/0044interval_overlap_0\nExpected: 0-2 . 0-3, got:\nW: [FAILED] ./testcases/sets/0044interval_overlap_0: got 1\n\nInsertion must ignore duplicate but expired entries.\n\nMoreover, there is a strange asymmetry in nft_pipapo_activate:\n\nIt refetches the current element, whereas the other -\u003eactivate callbacks\n(bitmap, hash, rhash, rbtree) use elem-\u003epriv.\nSame for .remove: other set implementations take elem-\u003epriv,\nnft_pipapo_remove fetches elem-\u003epriv, then does a relookup,\nremove this.\n\nI suspect this was the reason for the change that prompted the\nremoval of the expired check in pipapo_get() in the first place,\nbut skipping exired elements there makes no sense to me, this helper\nis used for normal get requests, insertions (duplicate check)\nand deactivate callback.\n\nIn first two cases expired elements must be skipped.\n\nFor -\u003edeactivate(), this gets called for DELSETELEM, so it\nseems to me that expired elements should be skipped as well, i.e.\ndelete request should fail with -ENOENT error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52925",
"url": "https://www.suse.com/security/cve/CVE-2023-52925"
},
{
"category": "external",
"summary": "SUSE Bug 1236822 for CVE-2023-52925",
"url": "https://bugzilla.suse.com/1236822"
},
{
"category": "external",
"summary": "SUSE Bug 1246009 for CVE-2023-52925",
"url": "https://bugzilla.suse.com/1246009"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "important"
}
],
"title": "CVE-2023-52925"
},
{
"cve": "CVE-2023-52926",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52926"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nIORING_OP_READ did not correctly consume the provided buffer list when\nread i/o returned \u003c 0 (except for -EAGAIN and -EIOCBQUEUED return).\nThis can lead to a potential use-after-free when the completion via\nio_rw_done runs at separate context.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52926",
"url": "https://www.suse.com/security/cve/CVE-2023-52926"
},
{
"category": "external",
"summary": "SUSE Bug 1237565 for CVE-2023-52926",
"url": "https://bugzilla.suse.com/1237565"
},
{
"category": "external",
"summary": "SUSE Bug 1237567 for CVE-2023-52926",
"url": "https://bugzilla.suse.com/1237567"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "important"
}
],
"title": "CVE-2023-52926"
},
{
"cve": "CVE-2023-52927",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52927"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: allow exp not to be removed in nf_ct_find_expectation\n\nCurrently nf_conntrack_in() calling nf_ct_find_expectation() will\nremove the exp from the hash table. However, in some scenario, we\nexpect the exp not to be removed when the created ct will not be\nconfirmed, like in OVS and TC conntrack in the following patches.\n\nThis patch allows exp not to be removed by setting IPS_CONFIRMED\nin the status of the tmpl.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52927",
"url": "https://www.suse.com/security/cve/CVE-2023-52927"
},
{
"category": "external",
"summary": "SUSE Bug 1239644 for CVE-2023-52927",
"url": "https://bugzilla.suse.com/1239644"
},
{
"category": "external",
"summary": "SUSE Bug 1246016 for CVE-2023-52927",
"url": "https://bugzilla.suse.com/1246016"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "important"
}
],
"title": "CVE-2023-52927"
},
{
"cve": "CVE-2024-26634",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26634"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix removing a namespace with conflicting altnames\n\nMark reports a BUG() when a net namespace is removed.\n\n kernel BUG at net/core/dev.c:11520!\n\nPhysical interfaces moved outside of init_net get \"refunded\"\nto init_net when that namespace disappears. The main interface\nname may get overwritten in the process if it would have\nconflicted. We need to also discard all conflicting altnames.\nRecent fixes addressed ensuring that altnames get moved\nwith the main interface, which surfaced this problem.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26634",
"url": "https://www.suse.com/security/cve/CVE-2024-26634"
},
{
"category": "external",
"summary": "SUSE Bug 1221651 for CVE-2024-26634",
"url": "https://bugzilla.suse.com/1221651"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2024-26634"
},
{
"cve": "CVE-2024-26708",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26708"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: really cope with fastopen race\n\nFastopen and PM-trigger subflow shutdown can race, as reported by\nsyzkaller.\n\nIn my first attempt to close such race, I missed the fact that\nthe subflow status can change again before the subflow_state_change\ncallback is invoked.\n\nAddress the issue additionally copying with all the states directly\nreachable from TCP_FIN_WAIT1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26708",
"url": "https://www.suse.com/security/cve/CVE-2024-26708"
},
{
"category": "external",
"summary": "SUSE Bug 1222672 for CVE-2024-26708",
"url": "https://bugzilla.suse.com/1222672"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2024-26708"
},
{
"cve": "CVE-2024-26810",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26810"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvfio/pci: Lock external INTx masking ops\n\nMask operations through config space changes to DisINTx may race INTx\nconfiguration changes via ioctl. Create wrappers that add locking for\npaths outside of the core interrupt code.\n\nIn particular, irq_type is updated holding igate, therefore testing\nis_intx() requires holding igate. For example clearing DisINTx from\nconfig space can otherwise race changes of the interrupt configuration.\n\nThis aligns interfaces which may trigger the INTx eventfd into two\ncamps, one side serialized by igate and the other only enabled while\nINTx is configured. A subsequent patch introduces synchronization for\nthe latter flows.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26810",
"url": "https://www.suse.com/security/cve/CVE-2024-26810"
},
{
"category": "external",
"summary": "SUSE Bug 1222803 for CVE-2024-26810",
"url": "https://bugzilla.suse.com/1222803"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2024-26810"
},
{
"cve": "CVE-2024-26873",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26873"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: hisi_sas: Fix a deadlock issue related to automatic dump\n\nIf we issue a disabling PHY command, the device attached with it will go\noffline, if a 2 bit ECC error occurs at the same time, a hung task may be\nfound:\n\n[ 4613.652388] INFO: task kworker/u256:0:165233 blocked for more than 120 seconds.\n[ 4613.666297] \"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\n[ 4613.674809] task:kworker/u256:0 state:D stack: 0 pid:165233 ppid: 2 flags:0x00000208\n[ 4613.683959] Workqueue: 0000:74:02.0_disco_q sas_revalidate_domain [libsas]\n[ 4613.691518] Call trace:\n[ 4613.694678] __switch_to+0xf8/0x17c\n[ 4613.698872] __schedule+0x660/0xee0\n[ 4613.703063] schedule+0xac/0x240\n[ 4613.706994] schedule_timeout+0x500/0x610\n[ 4613.711705] __down+0x128/0x36c\n[ 4613.715548] down+0x240/0x2d0\n[ 4613.719221] hisi_sas_internal_abort_timeout+0x1bc/0x260 [hisi_sas_main]\n[ 4613.726618] sas_execute_internal_abort+0x144/0x310 [libsas]\n[ 4613.732976] sas_execute_internal_abort_dev+0x44/0x60 [libsas]\n[ 4613.739504] hisi_sas_internal_task_abort_dev.isra.0+0xbc/0x1b0 [hisi_sas_main]\n[ 4613.747499] hisi_sas_dev_gone+0x174/0x250 [hisi_sas_main]\n[ 4613.753682] sas_notify_lldd_dev_gone+0xec/0x2e0 [libsas]\n[ 4613.759781] sas_unregister_common_dev+0x4c/0x7a0 [libsas]\n[ 4613.765962] sas_destruct_devices+0xb8/0x120 [libsas]\n[ 4613.771709] sas_do_revalidate_domain.constprop.0+0x1b8/0x31c [libsas]\n[ 4613.778930] sas_revalidate_domain+0x60/0xa4 [libsas]\n[ 4613.784716] process_one_work+0x248/0x950\n[ 4613.789424] worker_thread+0x318/0x934\n[ 4613.793878] kthread+0x190/0x200\n[ 4613.797810] ret_from_fork+0x10/0x18\n[ 4613.802121] INFO: task kworker/u256:4:316722 blocked for more than 120 seconds.\n[ 4613.816026] \"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\n[ 4613.824538] task:kworker/u256:4 state:D stack: 0 pid:316722 ppid: 2 flags:0x00000208\n[ 4613.833670] Workqueue: 0000:74:02.0 hisi_sas_rst_work_handler [hisi_sas_main]\n[ 4613.841491] Call trace:\n[ 4613.844647] __switch_to+0xf8/0x17c\n[ 4613.848852] __schedule+0x660/0xee0\n[ 4613.853052] schedule+0xac/0x240\n[ 4613.856984] schedule_timeout+0x500/0x610\n[ 4613.861695] __down+0x128/0x36c\n[ 4613.865542] down+0x240/0x2d0\n[ 4613.869216] hisi_sas_controller_prereset+0x58/0x1fc [hisi_sas_main]\n[ 4613.876324] hisi_sas_rst_work_handler+0x40/0x8c [hisi_sas_main]\n[ 4613.883019] process_one_work+0x248/0x950\n[ 4613.887732] worker_thread+0x318/0x934\n[ 4613.892204] kthread+0x190/0x200\n[ 4613.896118] ret_from_fork+0x10/0x18\n[ 4613.900423] INFO: task kworker/u256:1:348985 blocked for more than 121 seconds.\n[ 4613.914341] \"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\n[ 4613.922852] task:kworker/u256:1 state:D stack: 0 pid:348985 ppid: 2 flags:0x00000208\n[ 4613.931984] Workqueue: 0000:74:02.0_event_q sas_port_event_worker [libsas]\n[ 4613.939549] Call trace:\n[ 4613.942702] __switch_to+0xf8/0x17c\n[ 4613.946892] __schedule+0x660/0xee0\n[ 4613.951083] schedule+0xac/0x240\n[ 4613.955015] schedule_timeout+0x500/0x610\n[ 4613.959725] wait_for_common+0x200/0x610\n[ 4613.964349] wait_for_completion+0x3c/0x5c\n[ 4613.969146] flush_workqueue+0x198/0x790\n[ 4613.973776] sas_porte_broadcast_rcvd+0x1e8/0x320 [libsas]\n[ 4613.979960] sas_port_event_worker+0x54/0xa0 [libsas]\n[ 4613.985708] process_one_work+0x248/0x950\n[ 4613.990420] worker_thread+0x318/0x934\n[ 4613.994868] kthread+0x190/0x200\n[ 4613.998800] ret_from_fork+0x10/0x18\n\nThis is because when the device goes offline, we obtain the hisi_hba\nsemaphore and send the ABORT_DEV command to the device. However, the\ninternal abort timed out due to the 2 bit ECC error and triggers automatic\ndump. In addition, since the hisi_hba semaphore has been obtained, the dump\ncannot be executed and the controller cannot be reset.\n\nTherefore, the deadlocks occur on the following circular dependencies\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26873",
"url": "https://www.suse.com/security/cve/CVE-2024-26873"
},
{
"category": "external",
"summary": "SUSE Bug 1223047 for CVE-2024-26873",
"url": "https://bugzilla.suse.com/1223047"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2024-26873"
},
{
"cve": "CVE-2024-35826",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-35826"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: Fix page refcounts for unaligned buffers in __bio_release_pages()\n\nFix an incorrect number of pages being released for buffers that do not\nstart at the beginning of a page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-35826",
"url": "https://www.suse.com/security/cve/CVE-2024-35826"
},
{
"category": "external",
"summary": "SUSE Bug 1224610 for CVE-2024-35826",
"url": "https://bugzilla.suse.com/1224610"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2024-35826"
},
{
"cve": "CVE-2024-35910",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-35910"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: properly terminate timers for kernel sockets\n\nWe had various syzbot reports about tcp timers firing after\nthe corresponding netns has been dismantled.\n\nFortunately Josef Bacik could trigger the issue more often,\nand could test a patch I wrote two years ago.\n\nWhen TCP sockets are closed, we call inet_csk_clear_xmit_timers()\nto \u0027stop\u0027 the timers.\n\ninet_csk_clear_xmit_timers() can be called from any context,\nincluding when socket lock is held.\nThis is the reason it uses sk_stop_timer(), aka del_timer().\nThis means that ongoing timers might finish much later.\n\nFor user sockets, this is fine because each running timer\nholds a reference on the socket, and the user socket holds\na reference on the netns.\n\nFor kernel sockets, we risk that the netns is freed before\ntimer can complete, because kernel sockets do not hold\nreference on the netns.\n\nThis patch adds inet_csk_clear_xmit_timers_sync() function\nthat using sk_stop_timer_sync() to make sure all timers\nare terminated before the kernel socket is released.\nModules using kernel sockets close them in their netns exit()\nhandler.\n\nAlso add sock_not_owned_by_me() helper to get LOCKDEP\nsupport : inet_csk_clear_xmit_timers_sync() must not be called\nwhile socket lock is held.\n\nIt is very possible we can revert in the future commit\n3a58f13a881e (\"net: rds: acquire refcount on TCP sockets\")\nwhich attempted to solve the issue in rds only.\n(net/smc/af_smc.c and net/mptcp/subflow.c have similar code)\n\nWe probably can remove the check_net() tests from\ntcp_out_of_resources() and __tcp_close() in the future.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-35910",
"url": "https://www.suse.com/security/cve/CVE-2024-35910"
},
{
"category": "external",
"summary": "SUSE Bug 1224489 for CVE-2024-35910",
"url": "https://bugzilla.suse.com/1224489"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2024-35910"
},
{
"cve": "CVE-2024-38606",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-38606"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: qat - validate slices count returned by FW\n\nThe function adf_send_admin_tl_start() enables the telemetry (TL)\nfeature on a QAT device by sending the ICP_QAT_FW_TL_START message to\nthe firmware. This triggers the FW to start writing TL data to a DMA\nbuffer in memory and returns an array containing the number of\naccelerators of each type (slices) supported by this HW.\nThe pointer to this array is stored in the adf_tl_hw_data data\nstructure called slice_cnt.\n\nThe array slice_cnt is then used in the function tl_print_dev_data()\nto report in debugfs only statistics about the supported accelerators.\nAn incorrect value of the elements in slice_cnt might lead to an out\nof bounds memory read.\nAt the moment, there isn\u0027t an implementation of FW that returns a wrong\nvalue, but for robustness validate the slice count array returned by FW.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-38606",
"url": "https://www.suse.com/security/cve/CVE-2024-38606"
},
{
"category": "external",
"summary": "SUSE Bug 1226871 for CVE-2024-38606",
"url": "https://bugzilla.suse.com/1226871"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2024-38606"
},
{
"cve": "CVE-2024-40980",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40980"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrop_monitor: replace spin_lock by raw_spin_lock\n\ntrace_drop_common() is called with preemption disabled, and it acquires\na spin_lock. This is problematic for RT kernels because spin_locks are\nsleeping locks in this configuration, which causes the following splat:\n\nBUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48\nin_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 449, name: rcuc/47\npreempt_count: 1, expected: 0\nRCU nest depth: 2, expected: 2\n5 locks held by rcuc/47/449:\n #0: ff1100086ec30a60 ((softirq_ctrl.lock)){+.+.}-{2:2}, at: __local_bh_disable_ip+0x105/0x210\n #1: ffffffffb394a280 (rcu_read_lock){....}-{1:2}, at: rt_spin_lock+0xbf/0x130\n #2: ffffffffb394a280 (rcu_read_lock){....}-{1:2}, at: __local_bh_disable_ip+0x11c/0x210\n #3: ffffffffb394a160 (rcu_callback){....}-{0:0}, at: rcu_do_batch+0x360/0xc70\n #4: ff1100086ee07520 (\u0026data-\u003elock){+.+.}-{2:2}, at: trace_drop_common.constprop.0+0xb5/0x290\nirq event stamp: 139909\nhardirqs last enabled at (139908): [\u003cffffffffb1df2b33\u003e] _raw_spin_unlock_irqrestore+0x63/0x80\nhardirqs last disabled at (139909): [\u003cffffffffb19bd03d\u003e] trace_drop_common.constprop.0+0x26d/0x290\nsoftirqs last enabled at (139892): [\u003cffffffffb07a1083\u003e] __local_bh_enable_ip+0x103/0x170\nsoftirqs last disabled at (139898): [\u003cffffffffb0909b33\u003e] rcu_cpu_kthread+0x93/0x1f0\nPreemption disabled at:\n[\u003cffffffffb1de786b\u003e] rt_mutex_slowunlock+0xab/0x2e0\nCPU: 47 PID: 449 Comm: rcuc/47 Not tainted 6.9.0-rc2-rt1+ #7\nHardware name: Dell Inc. PowerEdge R650/0Y2G81, BIOS 1.6.5 04/15/2022\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x8c/0xd0\n dump_stack+0x14/0x20\n __might_resched+0x21e/0x2f0\n rt_spin_lock+0x5e/0x130\n ? trace_drop_common.constprop.0+0xb5/0x290\n ? skb_queue_purge_reason.part.0+0x1bf/0x230\n trace_drop_common.constprop.0+0xb5/0x290\n ? preempt_count_sub+0x1c/0xd0\n ? _raw_spin_unlock_irqrestore+0x4a/0x80\n ? __pfx_trace_drop_common.constprop.0+0x10/0x10\n ? rt_mutex_slowunlock+0x26a/0x2e0\n ? skb_queue_purge_reason.part.0+0x1bf/0x230\n ? __pfx_rt_mutex_slowunlock+0x10/0x10\n ? skb_queue_purge_reason.part.0+0x1bf/0x230\n trace_kfree_skb_hit+0x15/0x20\n trace_kfree_skb+0xe9/0x150\n kfree_skb_reason+0x7b/0x110\n skb_queue_purge_reason.part.0+0x1bf/0x230\n ? __pfx_skb_queue_purge_reason.part.0+0x10/0x10\n ? mark_lock.part.0+0x8a/0x520\n...\n\ntrace_drop_common() also disables interrupts, but this is a minor issue\nbecause we could easily replace it with a local_lock.\n\nReplace the spin_lock with raw_spin_lock to avoid sleeping in atomic\ncontext.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40980",
"url": "https://www.suse.com/security/cve/CVE-2024-40980"
},
{
"category": "external",
"summary": "SUSE Bug 1227937 for CVE-2024-40980",
"url": "https://bugzilla.suse.com/1227937"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2024-40980"
},
{
"cve": "CVE-2024-41005",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41005"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetpoll: Fix race condition in netpoll_owner_active\n\nKCSAN detected a race condition in netpoll:\n\n\tBUG: KCSAN: data-race in net_rx_action / netpoll_send_skb\n\twrite (marked) to 0xffff8881164168b0 of 4 bytes by interrupt on cpu 10:\n\tnet_rx_action (./include/linux/netpoll.h:90 net/core/dev.c:6712 net/core/dev.c:6822)\n\u003csnip\u003e\n\tread to 0xffff8881164168b0 of 4 bytes by task 1 on cpu 2:\n\tnetpoll_send_skb (net/core/netpoll.c:319 net/core/netpoll.c:345 net/core/netpoll.c:393)\n\tnetpoll_send_udp (net/core/netpoll.c:?)\n\u003csnip\u003e\n\tvalue changed: 0x0000000a -\u003e 0xffffffff\n\nThis happens because netpoll_owner_active() needs to check if the\ncurrent CPU is the owner of the lock, touching napi-\u003epoll_owner\nnon atomically. The -\u003epoll_owner field contains the current CPU holding\nthe lock.\n\nUse an atomic read to check if the poll owner is the current CPU.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41005",
"url": "https://www.suse.com/security/cve/CVE-2024-41005"
},
{
"category": "external",
"summary": "SUSE Bug 1227858 for CVE-2024-41005",
"url": "https://bugzilla.suse.com/1227858"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2024-41005"
},
{
"cve": "CVE-2024-41055",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41055"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: prevent derefencing NULL ptr in pfn_section_valid()\n\nCommit 5ec8e8ea8b77 (\"mm/sparsemem: fix race in accessing\nmemory_section-\u003eusage\") changed pfn_section_valid() to add a READ_ONCE()\ncall around \"ms-\u003eusage\" to fix a race with section_deactivate() where\nms-\u003eusage can be cleared. The READ_ONCE() call, by itself, is not enough\nto prevent NULL pointer dereference. We need to check its value before\ndereferencing it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41055",
"url": "https://www.suse.com/security/cve/CVE-2024-41055"
},
{
"category": "external",
"summary": "SUSE Bug 1228521 for CVE-2024-41055",
"url": "https://bugzilla.suse.com/1228521"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2024-41055"
},
{
"cve": "CVE-2024-41077",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41077"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnull_blk: fix validation of block size\n\nBlock size should be between 512 and PAGE_SIZE and be a power of 2. The current\ncheck does not validate this, so update the check.\n\nWithout this patch, null_blk would Oops due to a null pointer deref when\nloaded with bs=1536 [1].\n\n\n[axboe: remove unnecessary braces and != 0 check]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41077",
"url": "https://www.suse.com/security/cve/CVE-2024-41077"
},
{
"category": "external",
"summary": "SUSE Bug 1228653 for CVE-2024-41077",
"url": "https://bugzilla.suse.com/1228653"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2024-41077"
},
{
"cve": "CVE-2024-41149",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41149"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: avoid to reuse `hctx` not removed from cpuhp callback list\n\nIf the \u0027hctx\u0027 isn\u0027t removed from cpuhp callback list, we can\u0027t reuse it,\notherwise use-after-free may be triggered.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41149",
"url": "https://www.suse.com/security/cve/CVE-2024-41149"
},
{
"category": "external",
"summary": "SUSE Bug 1235698 for CVE-2024-41149",
"url": "https://bugzilla.suse.com/1235698"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2024-41149"
},
{
"cve": "CVE-2024-42307",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42307"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: fix potential null pointer use in destroy_workqueue in init_cifs error path\n\nDan Carpenter reported a Smack static checker warning:\n fs/smb/client/cifsfs.c:1981 init_cifs()\n error: we previously assumed \u0027serverclose_wq\u0027 could be null (see line 1895)\n\nThe patch which introduced the serverclose workqueue used the wrong\noredering in error paths in init_cifs() for freeing it on errors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42307",
"url": "https://www.suse.com/security/cve/CVE-2024-42307"
},
{
"category": "external",
"summary": "SUSE Bug 1229361 for CVE-2024-42307",
"url": "https://bugzilla.suse.com/1229361"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2024-42307"
},
{
"cve": "CVE-2024-43820",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43820"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm-raid: Fix WARN_ON_ONCE check for sync_thread in raid_resume\n\nrm-raid devices will occasionally trigger the following warning when\nbeing resumed after a table load because DM_RECOVERY_RUNNING is set:\n\nWARNING: CPU: 7 PID: 5660 at drivers/md/dm-raid.c:4105 raid_resume+0xee/0x100 [dm_raid]\n\nThe failing check is:\nWARN_ON_ONCE(test_bit(MD_RECOVERY_RUNNING, \u0026mddev-\u003erecovery));\n\nThis check is designed to make sure that the sync thread isn\u0027t\nregistered, but md_check_recovery can set MD_RECOVERY_RUNNING without\nthe sync_thread ever getting registered. Instead of checking if\nMD_RECOVERY_RUNNING is set, check if sync_thread is non-NULL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43820",
"url": "https://www.suse.com/security/cve/CVE-2024-43820"
},
{
"category": "external",
"summary": "SUSE Bug 1229311 for CVE-2024-43820",
"url": "https://bugzilla.suse.com/1229311"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2024-43820"
},
{
"cve": "CVE-2024-44974",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-44974"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: avoid possible UaF when selecting endp\n\nselect_local_address() and select_signal_address() both select an\nendpoint entry from the list inside an RCU protected section, but return\na reference to it, to be read later on. If the entry is dereferenced\nafter the RCU unlock, reading info could cause a Use-after-Free.\n\nA simple solution is to copy the required info while inside the RCU\nprotected section to avoid any risk of UaF later. The address ID might\nneed to be modified later to handle the ID0 case later, so a copy seems\nOK to deal with.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-44974",
"url": "https://www.suse.com/security/cve/CVE-2024-44974"
},
{
"category": "external",
"summary": "SUSE Bug 1230235 for CVE-2024-44974",
"url": "https://bugzilla.suse.com/1230235"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2024-44974"
},
{
"cve": "CVE-2024-45009",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45009"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: only decrement add_addr_accepted for MPJ req\n\nAdding the following warning ...\n\n WARN_ON_ONCE(msk-\u003epm.add_addr_accepted == 0)\n\n... before decrementing the add_addr_accepted counter helped to find a\nbug when running the \"remove single subflow\" subtest from the\nmptcp_join.sh selftest.\n\nRemoving a \u0027subflow\u0027 endpoint will first trigger a RM_ADDR, then the\nsubflow closure. Before this patch, and upon the reception of the\nRM_ADDR, the other peer will then try to decrement this\nadd_addr_accepted. That\u0027s not correct because the attached subflows have\nnot been created upon the reception of an ADD_ADDR.\n\nA way to solve that is to decrement the counter only if the attached\nsubflow was an MP_JOIN to a remote id that was not 0, and initiated by\nthe host receiving the RM_ADDR.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45009",
"url": "https://www.suse.com/security/cve/CVE-2024-45009"
},
{
"category": "external",
"summary": "SUSE Bug 1230438 for CVE-2024-45009",
"url": "https://bugzilla.suse.com/1230438"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2024-45009"
},
{
"cve": "CVE-2024-45010",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45010"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: only mark \u0027subflow\u0027 endp as available\n\nAdding the following warning ...\n\n WARN_ON_ONCE(msk-\u003epm.local_addr_used == 0)\n\n... before decrementing the local_addr_used counter helped to find a bug\nwhen running the \"remove single address\" subtest from the mptcp_join.sh\nselftests.\n\nRemoving a \u0027signal\u0027 endpoint will trigger the removal of all subflows\nlinked to this endpoint via mptcp_pm_nl_rm_addr_or_subflow() with\nrm_type == MPTCP_MIB_RMSUBFLOW. This will decrement the local_addr_used\ncounter, which is wrong in this case because this counter is linked to\n\u0027subflow\u0027 endpoints, and here it is a \u0027signal\u0027 endpoint that is being\nremoved.\n\nNow, the counter is decremented, only if the ID is being used outside\nof mptcp_pm_nl_rm_addr_or_subflow(), only for \u0027subflow\u0027 endpoints, and\nif the ID is not 0 -- local_addr_used is not taking into account these\nones. This marking of the ID as being available, and the decrement is\ndone no matter if a subflow using this ID is currently available,\nbecause the subflow could have been closed before.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45010",
"url": "https://www.suse.com/security/cve/CVE-2024-45010"
},
{
"category": "external",
"summary": "SUSE Bug 1230439 for CVE-2024-45010",
"url": "https://bugzilla.suse.com/1230439"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2024-45010"
},
{
"cve": "CVE-2024-46736",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46736"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix double put of @cfile in smb2_rename_path()\n\nIf smb2_set_path_attr() is called with a valid @cfile and returned\n-EINVAL, we need to call cifs_get_writable_path() again as the\nreference of @cfile was already dropped by previous smb2_compound_op()\ncall.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46736",
"url": "https://www.suse.com/security/cve/CVE-2024-46736"
},
{
"category": "external",
"summary": "SUSE Bug 1230728 for CVE-2024-46736",
"url": "https://bugzilla.suse.com/1230728"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2024-46736"
},
{
"cve": "CVE-2024-46782",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46782"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nila: call nf_unregister_net_hooks() sooner\n\nsyzbot found an use-after-free Read in ila_nf_input [1]\n\nIssue here is that ila_xlat_exit_net() frees the rhashtable,\nthen call nf_unregister_net_hooks().\n\nIt should be done in the reverse way, with a synchronize_rcu().\n\nThis is a good match for a pre_exit() method.\n\n[1]\n BUG: KASAN: use-after-free in rht_key_hashfn include/linux/rhashtable.h:159 [inline]\n BUG: KASAN: use-after-free in __rhashtable_lookup include/linux/rhashtable.h:604 [inline]\n BUG: KASAN: use-after-free in rhashtable_lookup include/linux/rhashtable.h:646 [inline]\n BUG: KASAN: use-after-free in rhashtable_lookup_fast+0x77a/0x9b0 include/linux/rhashtable.h:672\nRead of size 4 at addr ffff888064620008 by task ksoftirqd/0/16\n\nCPU: 0 UID: 0 PID: 16 Comm: ksoftirqd/0 Not tainted 6.11.0-rc4-syzkaller-00238-g2ad6d23f465a #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:93 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:488\n kasan_report+0x143/0x180 mm/kasan/report.c:601\n rht_key_hashfn include/linux/rhashtable.h:159 [inline]\n __rhashtable_lookup include/linux/rhashtable.h:604 [inline]\n rhashtable_lookup include/linux/rhashtable.h:646 [inline]\n rhashtable_lookup_fast+0x77a/0x9b0 include/linux/rhashtable.h:672\n ila_lookup_wildcards net/ipv6/ila/ila_xlat.c:132 [inline]\n ila_xlat_addr net/ipv6/ila/ila_xlat.c:652 [inline]\n ila_nf_input+0x1fe/0x3c0 net/ipv6/ila/ila_xlat.c:190\n nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]\n nf_hook_slow+0xc3/0x220 net/netfilter/core.c:626\n nf_hook include/linux/netfilter.h:269 [inline]\n NF_HOOK+0x29e/0x450 include/linux/netfilter.h:312\n __netif_receive_skb_one_core net/core/dev.c:5661 [inline]\n __netif_receive_skb+0x1ea/0x650 net/core/dev.c:5775\n process_backlog+0x662/0x15b0 net/core/dev.c:6108\n __napi_poll+0xcb/0x490 net/core/dev.c:6772\n napi_poll net/core/dev.c:6841 [inline]\n net_rx_action+0x89b/0x1240 net/core/dev.c:6963\n handle_softirqs+0x2c4/0x970 kernel/softirq.c:554\n run_ksoftirqd+0xca/0x130 kernel/softirq.c:928\n smpboot_thread_fn+0x544/0xa30 kernel/smpboot.c:164\n kthread+0x2f0/0x390 kernel/kthread.c:389\n ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n \u003c/TASK\u003e\n\nThe buggy address belongs to the physical page:\npage: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x64620\nflags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)\npage_type: 0xbfffffff(buddy)\nraw: 00fff00000000000 ffffea0000959608 ffffea00019d9408 0000000000000000\nraw: 0000000000000000 0000000000000003 00000000bfffffff 0000000000000000\npage dumped because: kasan: bad access detected\npage_owner tracks the page as freed\npage last allocated via order 3, migratetype Unmovable, gfp_mask 0x52dc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_ZERO), pid 5242, tgid 5242 (syz-executor), ts 73611328570, free_ts 618981657187\n set_page_owner include/linux/page_owner.h:32 [inline]\n post_alloc_hook+0x1f3/0x230 mm/page_alloc.c:1493\n prep_new_page mm/page_alloc.c:1501 [inline]\n get_page_from_freelist+0x2e4c/0x2f10 mm/page_alloc.c:3439\n __alloc_pages_noprof+0x256/0x6c0 mm/page_alloc.c:4695\n __alloc_pages_node_noprof include/linux/gfp.h:269 [inline]\n alloc_pages_node_noprof include/linux/gfp.h:296 [inline]\n ___kmalloc_large_node+0x8b/0x1d0 mm/slub.c:4103\n __kmalloc_large_node_noprof+0x1a/0x80 mm/slub.c:4130\n __do_kmalloc_node mm/slub.c:4146 [inline]\n __kmalloc_node_noprof+0x2d2/0x440 mm/slub.c:4164\n __kvmalloc_node_noprof+0x72/0x190 mm/util.c:650\n bucket_table_alloc lib/rhashtable.c:186 [inline]\n rhashtable_init_noprof+0x534/0xa60 lib/rhashtable.c:1071\n ila_xlat_init_net+0xa0/0x110 net/ipv6/ila/ila_xlat.c:613\n ops_ini\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46782",
"url": "https://www.suse.com/security/cve/CVE-2024-46782"
},
{
"category": "external",
"summary": "SUSE Bug 1230769 for CVE-2024-46782",
"url": "https://bugzilla.suse.com/1230769"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2024-46782"
},
{
"cve": "CVE-2024-46796",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46796"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix double put of @cfile in smb2_set_path_size()\n\nIf smb2_compound_op() is called with a valid @cfile and returned\n-EINVAL, we need to call cifs_get_writable_path() before retrying it\nas the reference of @cfile was already dropped by previous call.\n\nThis fixes the following KASAN splat when running fstests generic/013\nagainst Windows Server 2022:\n\n CIFS: Attempting to mount //w22-fs0/scratch\n run fstests generic/013 at 2024-09-02 19:48:59\n ==================================================================\n BUG: KASAN: slab-use-after-free in detach_if_pending+0xab/0x200\n Write of size 8 at addr ffff88811f1a3730 by task kworker/3:2/176\n\n CPU: 3 UID: 0 PID: 176 Comm: kworker/3:2 Not tainted 6.11.0-rc6 #2\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-2.fc40\n 04/01/2014\n Workqueue: cifsoplockd cifs_oplock_break [cifs]\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x5d/0x80\n ? detach_if_pending+0xab/0x200\n print_report+0x156/0x4d9\n ? detach_if_pending+0xab/0x200\n ? __virt_addr_valid+0x145/0x300\n ? __phys_addr+0x46/0x90\n ? detach_if_pending+0xab/0x200\n kasan_report+0xda/0x110\n ? detach_if_pending+0xab/0x200\n detach_if_pending+0xab/0x200\n timer_delete+0x96/0xe0\n ? __pfx_timer_delete+0x10/0x10\n ? rcu_is_watching+0x20/0x50\n try_to_grab_pending+0x46/0x3b0\n __cancel_work+0x89/0x1b0\n ? __pfx___cancel_work+0x10/0x10\n ? kasan_save_track+0x14/0x30\n cifs_close_deferred_file+0x110/0x2c0 [cifs]\n ? __pfx_cifs_close_deferred_file+0x10/0x10 [cifs]\n ? __pfx_down_read+0x10/0x10\n cifs_oplock_break+0x4c1/0xa50 [cifs]\n ? __pfx_cifs_oplock_break+0x10/0x10 [cifs]\n ? lock_is_held_type+0x85/0xf0\n ? mark_held_locks+0x1a/0x90\n process_one_work+0x4c6/0x9f0\n ? find_held_lock+0x8a/0xa0\n ? __pfx_process_one_work+0x10/0x10\n ? lock_acquired+0x220/0x550\n ? __list_add_valid_or_report+0x37/0x100\n worker_thread+0x2e4/0x570\n ? __kthread_parkme+0xd1/0xf0\n ? __pfx_worker_thread+0x10/0x10\n kthread+0x17f/0x1c0\n ? kthread+0xda/0x1c0\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x31/0x60\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n\n Allocated by task 1118:\n kasan_save_stack+0x30/0x50\n kasan_save_track+0x14/0x30\n __kasan_kmalloc+0xaa/0xb0\n cifs_new_fileinfo+0xc8/0x9d0 [cifs]\n cifs_atomic_open+0x467/0x770 [cifs]\n lookup_open.isra.0+0x665/0x8b0\n path_openat+0x4c3/0x1380\n do_filp_open+0x167/0x270\n do_sys_openat2+0x129/0x160\n __x64_sys_creat+0xad/0xe0\n do_syscall_64+0xbb/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\n Freed by task 83:\n kasan_save_stack+0x30/0x50\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3b/0x70\n poison_slab_object+0xe9/0x160\n __kasan_slab_free+0x32/0x50\n kfree+0xf2/0x300\n process_one_work+0x4c6/0x9f0\n worker_thread+0x2e4/0x570\n kthread+0x17f/0x1c0\n ret_from_fork+0x31/0x60\n ret_from_fork_asm+0x1a/0x30\n\n Last potentially related work creation:\n kasan_save_stack+0x30/0x50\n __kasan_record_aux_stack+0xad/0xc0\n insert_work+0x29/0xe0\n __queue_work+0x5ea/0x760\n queue_work_on+0x6d/0x90\n _cifsFileInfo_put+0x3f6/0x770 [cifs]\n smb2_compound_op+0x911/0x3940 [cifs]\n smb2_set_path_size+0x228/0x270 [cifs]\n cifs_set_file_size+0x197/0x460 [cifs]\n cifs_setattr+0xd9c/0x14b0 [cifs]\n notify_change+0x4e3/0x740\n do_truncate+0xfa/0x180\n vfs_truncate+0x195/0x200\n __x64_sys_truncate+0x109/0x150\n do_syscall_64+0xbb/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46796",
"url": "https://www.suse.com/security/cve/CVE-2024-46796"
},
{
"category": "external",
"summary": "SUSE Bug 1230832 for CVE-2024-46796",
"url": "https://bugzilla.suse.com/1230832"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2024-46796"
},
{
"cve": "CVE-2024-46858",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46858"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: Fix uaf in __timer_delete_sync\n\nThere are two paths to access mptcp_pm_del_add_timer, result in a race\ncondition:\n\n CPU1\t\t\t\tCPU2\n ==== ====\n net_rx_action\n napi_poll netlink_sendmsg\n __napi_poll netlink_unicast\n process_backlog netlink_unicast_kernel\n __netif_receive_skb genl_rcv\n __netif_receive_skb_one_core netlink_rcv_skb\n NF_HOOK genl_rcv_msg\n ip_local_deliver_finish genl_family_rcv_msg\n ip_protocol_deliver_rcu genl_family_rcv_msg_doit\n tcp_v4_rcv mptcp_pm_nl_flush_addrs_doit\n tcp_v4_do_rcv mptcp_nl_remove_addrs_list\n tcp_rcv_established mptcp_pm_remove_addrs_and_subflows\n tcp_data_queue remove_anno_list_by_saddr\n mptcp_incoming_options mptcp_pm_del_add_timer\n mptcp_pm_del_add_timer kfree(entry)\n\nIn remove_anno_list_by_saddr(running on CPU2), after leaving the critical\nzone protected by \"pm.lock\", the entry will be released, which leads to the\noccurrence of uaf in the mptcp_pm_del_add_timer(running on CPU1).\n\nKeeping a reference to add_timer inside the lock, and calling\nsk_stop_timer_sync() with this reference, instead of \"entry-\u003eadd_timer\".\n\nMove list_del(\u0026entry-\u003elist) to mptcp_pm_del_add_timer and inside the pm lock,\ndo not directly access any members of the entry outside the pm lock, which\ncan avoid similar \"entry-\u003ex\" uaf.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46858",
"url": "https://www.suse.com/security/cve/CVE-2024-46858"
},
{
"category": "external",
"summary": "SUSE Bug 1231088 for CVE-2024-46858",
"url": "https://bugzilla.suse.com/1231088"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2024-46858"
},
{
"cve": "CVE-2024-47408",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47408"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: check smcd_v2_ext_offset when receiving proposal msg\n\nWhen receiving proposal msg in server, the field smcd_v2_ext_offset in\nproposal msg is from the remote client and can not be fully trusted.\nOnce the value of smcd_v2_ext_offset exceed the max value, there has\nthe chance to access wrong address, and crash may happen.\n\nThis patch checks the value of smcd_v2_ext_offset before using it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47408",
"url": "https://www.suse.com/security/cve/CVE-2024-47408"
},
{
"category": "external",
"summary": "SUSE Bug 1235711 for CVE-2024-47408",
"url": "https://bugzilla.suse.com/1235711"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2024-47408"
},
{
"cve": "CVE-2024-47701",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47701"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: avoid OOB when system.data xattr changes underneath the filesystem\n\nWhen looking up for an entry in an inlined directory, if e_value_offs is\nchanged underneath the filesystem by some change in the block device, it\nwill lead to an out-of-bounds access that KASAN detects as an UAF.\n\nEXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.\nloop0: detected capacity change from 2048 to 2047\n==================================================================\nBUG: KASAN: use-after-free in ext4_search_dir+0xf2/0x1c0 fs/ext4/namei.c:1500\nRead of size 1 at addr ffff88803e91130f by task syz-executor269/5103\n\nCPU: 0 UID: 0 PID: 5103 Comm: syz-executor269 Not tainted 6.11.0-rc4-syzkaller #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:93 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:488\n kasan_report+0x143/0x180 mm/kasan/report.c:601\n ext4_search_dir+0xf2/0x1c0 fs/ext4/namei.c:1500\n ext4_find_inline_entry+0x4be/0x5e0 fs/ext4/inline.c:1697\n __ext4_find_entry+0x2b4/0x1b30 fs/ext4/namei.c:1573\n ext4_lookup_entry fs/ext4/namei.c:1727 [inline]\n ext4_lookup+0x15f/0x750 fs/ext4/namei.c:1795\n lookup_one_qstr_excl+0x11f/0x260 fs/namei.c:1633\n filename_create+0x297/0x540 fs/namei.c:3980\n do_symlinkat+0xf9/0x3a0 fs/namei.c:4587\n __do_sys_symlinkat fs/namei.c:4610 [inline]\n __se_sys_symlinkat fs/namei.c:4607 [inline]\n __x64_sys_symlinkat+0x95/0xb0 fs/namei.c:4607\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f3e73ced469\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007fff4d40c258 EFLAGS: 00000246 ORIG_RAX: 000000000000010a\nRAX: ffffffffffffffda RBX: 0032656c69662f2e RCX: 00007f3e73ced469\nRDX: 0000000020000200 RSI: 00000000ffffff9c RDI: 00000000200001c0\nRBP: 0000000000000000 R08: 00007fff4d40c290 R09: 00007fff4d40c290\nR10: 0023706f6f6c2f76 R11: 0000000000000246 R12: 00007fff4d40c27c\nR13: 0000000000000003 R14: 431bde82d7b634db R15: 00007fff4d40c2b0\n \u003c/TASK\u003e\n\nCalling ext4_xattr_ibody_find right after reading the inode with\next4_get_inode_loc will lead to a check of the validity of the xattrs,\navoiding this problem.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47701",
"url": "https://www.suse.com/security/cve/CVE-2024-47701"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-47701",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "external",
"summary": "SUSE Bug 1231920 for CVE-2024-47701",
"url": "https://bugzilla.suse.com/1231920"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2024-47701"
},
{
"cve": "CVE-2024-47794",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47794"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Prevent tailcall infinite loop caused by freplace\n\nThere is a potential infinite loop issue that can occur when using a\ncombination of tail calls and freplace.\n\nIn an upcoming selftest, the attach target for entry_freplace of\ntailcall_freplace.c is subprog_tc of tc_bpf2bpf.c, while the tail call in\nentry_freplace leads to entry_tc. This results in an infinite loop:\n\nentry_tc -\u003e subprog_tc -\u003e entry_freplace --tailcall-\u003e entry_tc.\n\nThe problem arises because the tail_call_cnt in entry_freplace resets to\nzero each time entry_freplace is executed, causing the tail call mechanism\nto never terminate, eventually leading to a kernel panic.\n\nTo fix this issue, the solution is twofold:\n\n1. Prevent updating a program extended by an freplace program to a\n prog_array map.\n2. Prevent extending a program that is already part of a prog_array map\n with an freplace program.\n\nThis ensures that:\n\n* If a program or its subprogram has been extended by an freplace program,\n it can no longer be updated to a prog_array map.\n* If a program has been added to a prog_array map, neither it nor its\n subprograms can be extended by an freplace program.\n\nMoreover, an extension program should not be tailcalled. As such, return\n-EINVAL if the program has a type of BPF_PROG_TYPE_EXT when adding it to a\nprog_array map.\n\nAdditionally, fix a minor code style issue by replacing eight spaces with a\ntab for proper formatting.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47794",
"url": "https://www.suse.com/security/cve/CVE-2024-47794"
},
{
"category": "external",
"summary": "SUSE Bug 1235712 for CVE-2024-47794",
"url": "https://bugzilla.suse.com/1235712"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2024-47794"
},
{
"cve": "CVE-2024-49571",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49571"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: check iparea_offset and ipv6_prefixes_cnt when receiving proposal msg\n\nWhen receiving proposal msg in server, the field iparea_offset\nand the field ipv6_prefixes_cnt in proposal msg are from the\nremote client and can not be fully trusted. Especially the\nfield iparea_offset, once exceed the max value, there has the\nchance to access wrong address, and crash may happen.\n\nThis patch checks iparea_offset and ipv6_prefixes_cnt before using them.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49571",
"url": "https://www.suse.com/security/cve/CVE-2024-49571"
},
{
"category": "external",
"summary": "SUSE Bug 1235733 for CVE-2024-49571",
"url": "https://bugzilla.suse.com/1235733"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2024-49571"
},
{
"cve": "CVE-2024-49884",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49884"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix slab-use-after-free in ext4_split_extent_at()\n\nWe hit the following use-after-free:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in ext4_split_extent_at+0xba8/0xcc0\nRead of size 2 at addr ffff88810548ed08 by task kworker/u20:0/40\nCPU: 0 PID: 40 Comm: kworker/u20:0 Not tainted 6.9.0-dirty #724\nCall Trace:\n \u003cTASK\u003e\n kasan_report+0x93/0xc0\n ext4_split_extent_at+0xba8/0xcc0\n ext4_split_extent.isra.0+0x18f/0x500\n ext4_split_convert_extents+0x275/0x750\n ext4_ext_handle_unwritten_extents+0x73e/0x1580\n ext4_ext_map_blocks+0xe20/0x2dc0\n ext4_map_blocks+0x724/0x1700\n ext4_do_writepages+0x12d6/0x2a70\n[...]\n\nAllocated by task 40:\n __kmalloc_noprof+0x1ac/0x480\n ext4_find_extent+0xf3b/0x1e70\n ext4_ext_map_blocks+0x188/0x2dc0\n ext4_map_blocks+0x724/0x1700\n ext4_do_writepages+0x12d6/0x2a70\n[...]\n\nFreed by task 40:\n kfree+0xf1/0x2b0\n ext4_find_extent+0xa71/0x1e70\n ext4_ext_insert_extent+0xa22/0x3260\n ext4_split_extent_at+0x3ef/0xcc0\n ext4_split_extent.isra.0+0x18f/0x500\n ext4_split_convert_extents+0x275/0x750\n ext4_ext_handle_unwritten_extents+0x73e/0x1580\n ext4_ext_map_blocks+0xe20/0x2dc0\n ext4_map_blocks+0x724/0x1700\n ext4_do_writepages+0x12d6/0x2a70\n[...]\n==================================================================\n\nThe flow of issue triggering is as follows:\n\next4_split_extent_at\n path = *ppath\n ext4_ext_insert_extent(ppath)\n ext4_ext_create_new_leaf(ppath)\n ext4_find_extent(orig_path)\n path = *orig_path\n read_extent_tree_block\n // return -ENOMEM or -EIO\n ext4_free_ext_path(path)\n kfree(path)\n *orig_path = NULL\n a. If err is -ENOMEM:\n ext4_ext_dirty(path + path-\u003ep_depth)\n // path use-after-free !!!\n b. If err is -EIO and we have EXT_DEBUG defined:\n ext4_ext_show_leaf(path)\n eh = path[depth].p_hdr\n // path also use-after-free !!!\n\nSo when trying to zeroout or fix the extent length, call ext4_find_extent()\nto update the path.\n\nIn addition we use *ppath directly as an ext4_ext_show_leaf() input to\navoid possible use-after-free when EXT_DEBUG is defined, and to avoid\nunnecessary path updates.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49884",
"url": "https://www.suse.com/security/cve/CVE-2024-49884"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-49884",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "external",
"summary": "SUSE Bug 1232198 for CVE-2024-49884",
"url": "https://bugzilla.suse.com/1232198"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2024-49884"
},
{
"cve": "CVE-2024-49924",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49924"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: pxafb: Fix possible use after free in pxafb_task()\n\nIn the pxafb_probe function, it calls the pxafb_init_fbinfo function,\nafter which \u0026fbi-\u003etask is associated with pxafb_task. Moreover,\nwithin this pxafb_init_fbinfo function, the pxafb_blank function\nwithin the \u0026pxafb_ops struct is capable of scheduling work.\n\nIf we remove the module which will call pxafb_remove to make cleanup,\nit will call unregister_framebuffer function which can call\ndo_unregister_framebuffer to free fbi-\u003efb through\nput_fb_info(fb_info), while the work mentioned above will be used.\nThe sequence of operations that may lead to a UAF bug is as follows:\n\nCPU0 CPU1\n\n | pxafb_task\npxafb_remove |\nunregister_framebuffer(info) |\ndo_unregister_framebuffer(fb_info) |\nput_fb_info(fb_info) |\n// free fbi-\u003efb | set_ctrlr_state(fbi, state)\n | __pxafb_lcd_power(fbi, 0)\n | fbi-\u003elcd_power(on, \u0026fbi-\u003efb.var)\n | //use fbi-\u003efb\n\nFix it by ensuring that the work is canceled before proceeding\nwith the cleanup in pxafb_remove.\n\nNote that only root user can remove the driver at runtime.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49924",
"url": "https://www.suse.com/security/cve/CVE-2024-49924"
},
{
"category": "external",
"summary": "SUSE Bug 1232364 for CVE-2024-49924",
"url": "https://bugzilla.suse.com/1232364"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2024-49924"
},
{
"cve": "CVE-2024-49940",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49940"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nl2tp: prevent possible tunnel refcount underflow\n\nWhen a session is created, it sets a backpointer to its tunnel. When\nthe session refcount drops to 0, l2tp_session_free drops the tunnel\nrefcount if session-\u003etunnel is non-NULL. However, session-\u003etunnel is\nset in l2tp_session_create, before the tunnel refcount is incremented\nby l2tp_session_register, which leaves a small window where\nsession-\u003etunnel is non-NULL when the tunnel refcount hasn\u0027t been\nbumped.\n\nMoving the assignment to l2tp_session_register is trivial but\nl2tp_session_create calls l2tp_session_set_header_len which uses\nsession-\u003etunnel to get the tunnel\u0027s encap. Add an encap arg to\nl2tp_session_set_header_len to avoid using session-\u003etunnel.\n\nIf l2tpv3 sessions have colliding IDs, it is possible for\nl2tp_v3_session_get to race with l2tp_session_register and fetch a\nsession which doesn\u0027t yet have session-\u003etunnel set. Add a check for\nthis case.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49940",
"url": "https://www.suse.com/security/cve/CVE-2024-49940"
},
{
"category": "external",
"summary": "SUSE Bug 1232812 for CVE-2024-49940",
"url": "https://bugzilla.suse.com/1232812"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2024-49940"
},
{
"cve": "CVE-2024-49950",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49950"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: Fix uaf in l2cap_connect\n\n[Syzbot reported]\nBUG: KASAN: slab-use-after-free in l2cap_connect.constprop.0+0x10d8/0x1270 net/bluetooth/l2cap_core.c:3949\nRead of size 8 at addr ffff8880241e9800 by task kworker/u9:0/54\n\nCPU: 0 UID: 0 PID: 54 Comm: kworker/u9:0 Not tainted 6.11.0-rc6-syzkaller-00268-g788220eee30d #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024\nWorkqueue: hci2 hci_rx_work\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:93 [inline]\n dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:119\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0xc3/0x620 mm/kasan/report.c:488\n kasan_report+0xd9/0x110 mm/kasan/report.c:601\n l2cap_connect.constprop.0+0x10d8/0x1270 net/bluetooth/l2cap_core.c:3949\n l2cap_connect_req net/bluetooth/l2cap_core.c:4080 [inline]\n l2cap_bredr_sig_cmd net/bluetooth/l2cap_core.c:4772 [inline]\n l2cap_sig_channel net/bluetooth/l2cap_core.c:5543 [inline]\n l2cap_recv_frame+0xf0b/0x8eb0 net/bluetooth/l2cap_core.c:6825\n l2cap_recv_acldata+0x9b4/0xb70 net/bluetooth/l2cap_core.c:7514\n hci_acldata_packet net/bluetooth/hci_core.c:3791 [inline]\n hci_rx_work+0xaab/0x1610 net/bluetooth/hci_core.c:4028\n process_one_work+0x9c5/0x1b40 kernel/workqueue.c:3231\n process_scheduled_works kernel/workqueue.c:3312 [inline]\n worker_thread+0x6c8/0xed0 kernel/workqueue.c:3389\n kthread+0x2c1/0x3a0 kernel/kthread.c:389\n ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n...\n\nFreed by task 5245:\n kasan_save_stack+0x33/0x60 mm/kasan/common.c:47\n kasan_save_track+0x14/0x30 mm/kasan/common.c:68\n kasan_save_free_info+0x3b/0x60 mm/kasan/generic.c:579\n poison_slab_object+0xf7/0x160 mm/kasan/common.c:240\n __kasan_slab_free+0x32/0x50 mm/kasan/common.c:256\n kasan_slab_free include/linux/kasan.h:184 [inline]\n slab_free_hook mm/slub.c:2256 [inline]\n slab_free mm/slub.c:4477 [inline]\n kfree+0x12a/0x3b0 mm/slub.c:4598\n l2cap_conn_free net/bluetooth/l2cap_core.c:1810 [inline]\n kref_put include/linux/kref.h:65 [inline]\n l2cap_conn_put net/bluetooth/l2cap_core.c:1822 [inline]\n l2cap_conn_del+0x59d/0x730 net/bluetooth/l2cap_core.c:1802\n l2cap_connect_cfm+0x9e6/0xf80 net/bluetooth/l2cap_core.c:7241\n hci_connect_cfm include/net/bluetooth/hci_core.h:1960 [inline]\n hci_conn_failed+0x1c3/0x370 net/bluetooth/hci_conn.c:1265\n hci_abort_conn_sync+0x75a/0xb50 net/bluetooth/hci_sync.c:5583\n abort_conn_sync+0x197/0x360 net/bluetooth/hci_conn.c:2917\n hci_cmd_sync_work+0x1a4/0x410 net/bluetooth/hci_sync.c:328\n process_one_work+0x9c5/0x1b40 kernel/workqueue.c:3231\n process_scheduled_works kernel/workqueue.c:3312 [inline]\n worker_thread+0x6c8/0xed0 kernel/workqueue.c:3389\n kthread+0x2c1/0x3a0 kernel/kthread.c:389\n ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49950",
"url": "https://www.suse.com/security/cve/CVE-2024-49950"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-49950",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "external",
"summary": "SUSE Bug 1232159 for CVE-2024-49950",
"url": "https://bugzilla.suse.com/1232159"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2024-49950"
},
{
"cve": "CVE-2024-49994",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49994"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: fix integer overflow in BLKSECDISCARD\n\nI independently rediscovered\n\n\tcommit 22d24a544b0d49bbcbd61c8c0eaf77d3c9297155\n\tblock: fix overflow in blk_ioctl_discard()\n\nbut for secure erase.\n\nSame problem:\n\n\tuint64_t r[2] = {512, 18446744073709551104ULL};\n\tioctl(fd, BLKSECDISCARD, r);\n\nwill enter near infinite loop inside blkdev_issue_secure_erase():\n\n\ta.out: attempt to access beyond end of device\n\tloop0: rw=5, sector=3399043073, nr_sectors = 1024 limit=2048\n\tbio_check_eod: 3286214 callbacks suppressed",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49994",
"url": "https://www.suse.com/security/cve/CVE-2024-49994"
},
{
"category": "external",
"summary": "SUSE Bug 1237757 for CVE-2024-49994",
"url": "https://bugzilla.suse.com/1237757"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2024-49994"
},
{
"cve": "CVE-2024-50029",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50029"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_conn: Fix UAF in hci_enhanced_setup_sync\n\nThis checks if the ACL connection remains valid as it could be destroyed\nwhile hci_enhanced_setup_sync is pending on cmd_sync leading to the\nfollowing trace:\n\nBUG: KASAN: slab-use-after-free in hci_enhanced_setup_sync+0x91b/0xa60\nRead of size 1 at addr ffff888002328ffd by task kworker/u5:2/37\n\nCPU: 0 UID: 0 PID: 37 Comm: kworker/u5:2 Not tainted 6.11.0-rc6-01300-g810be445d8d6 #7099\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-2.fc40 04/01/2014\nWorkqueue: hci0 hci_cmd_sync_work\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x5d/0x80\n ? hci_enhanced_setup_sync+0x91b/0xa60\n print_report+0x152/0x4c0\n ? hci_enhanced_setup_sync+0x91b/0xa60\n ? __virt_addr_valid+0x1fa/0x420\n ? hci_enhanced_setup_sync+0x91b/0xa60\n kasan_report+0xda/0x1b0\n ? hci_enhanced_setup_sync+0x91b/0xa60\n hci_enhanced_setup_sync+0x91b/0xa60\n ? __pfx_hci_enhanced_setup_sync+0x10/0x10\n ? __pfx___mutex_lock+0x10/0x10\n hci_cmd_sync_work+0x1c2/0x330\n process_one_work+0x7d9/0x1360\n ? __pfx_lock_acquire+0x10/0x10\n ? __pfx_process_one_work+0x10/0x10\n ? assign_work+0x167/0x240\n worker_thread+0x5b7/0xf60\n ? __kthread_parkme+0xac/0x1c0\n ? __pfx_worker_thread+0x10/0x10\n ? __pfx_worker_thread+0x10/0x10\n kthread+0x293/0x360\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x2f/0x70\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n\nAllocated by task 34:\n kasan_save_stack+0x30/0x50\n kasan_save_track+0x14/0x30\n __kasan_kmalloc+0x8f/0xa0\n __hci_conn_add+0x187/0x17d0\n hci_connect_sco+0x2e1/0xb90\n sco_sock_connect+0x2a2/0xb80\n __sys_connect+0x227/0x2a0\n __x64_sys_connect+0x6d/0xb0\n do_syscall_64+0x71/0x140\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nFreed by task 37:\n kasan_save_stack+0x30/0x50\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3b/0x60\n __kasan_slab_free+0x101/0x160\n kfree+0xd0/0x250\n device_release+0x9a/0x210\n kobject_put+0x151/0x280\n hci_conn_del+0x448/0xbf0\n hci_abort_conn_sync+0x46f/0x980\n hci_cmd_sync_work+0x1c2/0x330\n process_one_work+0x7d9/0x1360\n worker_thread+0x5b7/0xf60\n kthread+0x293/0x360\n ret_from_fork+0x2f/0x70\n ret_from_fork_asm+0x1a/0x30",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50029",
"url": "https://www.suse.com/security/cve/CVE-2024-50029"
},
{
"category": "external",
"summary": "SUSE Bug 1231949 for CVE-2024-50029",
"url": "https://bugzilla.suse.com/1231949"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2024-50029"
},
{
"cve": "CVE-2024-50036",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50036"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: do not delay dst_entries_add() in dst_release()\n\ndst_entries_add() uses per-cpu data that might be freed at netns\ndismantle from ip6_route_net_exit() calling dst_entries_destroy()\n\nBefore ip6_route_net_exit() can be called, we release all\nthe dsts associated with this netns, via calls to dst_release(),\nwhich waits an rcu grace period before calling dst_destroy()\n\ndst_entries_add() use in dst_destroy() is racy, because\ndst_entries_destroy() could have been called already.\n\nDecrementing the number of dsts must happen sooner.\n\nNotes:\n\n1) in CONFIG_XFRM case, dst_destroy() can call\n dst_release_immediate(child), this might also cause UAF\n if the child does not have DST_NOCOUNT set.\n IPSEC maintainers might take a look and see how to address this.\n\n2) There is also discussion about removing this count of dst,\n which might happen in future kernels.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50036",
"url": "https://www.suse.com/security/cve/CVE-2024-50036"
},
{
"category": "external",
"summary": "SUSE Bug 1231912 for CVE-2024-50036",
"url": "https://bugzilla.suse.com/1231912"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2024-50036"
},
{
"cve": "CVE-2024-50056",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50056"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: uvc: Fix ERR_PTR dereference in uvc_v4l2.c\n\nFix potential dereferencing of ERR_PTR() in find_format_by_pix()\nand uvc_v4l2_enum_format().\n\nFix the following smatch errors:\n\ndrivers/usb/gadget/function/uvc_v4l2.c:124 find_format_by_pix()\nerror: \u0027fmtdesc\u0027 dereferencing possible ERR_PTR()\n\ndrivers/usb/gadget/function/uvc_v4l2.c:392 uvc_v4l2_enum_format()\nerror: \u0027fmtdesc\u0027 dereferencing possible ERR_PTR()\n\nAlso, fix similar issue in uvc_v4l2_try_format() for potential\ndereferencing of ERR_PTR().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50056",
"url": "https://www.suse.com/security/cve/CVE-2024-50056"
},
{
"category": "external",
"summary": "SUSE Bug 1232389 for CVE-2024-50056",
"url": "https://bugzilla.suse.com/1232389"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2024-50056"
},
{
"cve": "CVE-2024-50073",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50073"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: n_gsm: Fix use-after-free in gsm_cleanup_mux\n\nBUG: KASAN: slab-use-after-free in gsm_cleanup_mux+0x77b/0x7b0\ndrivers/tty/n_gsm.c:3160 [n_gsm]\nRead of size 8 at addr ffff88815fe99c00 by task poc/3379\nCPU: 0 UID: 0 PID: 3379 Comm: poc Not tainted 6.11.0+ #56\nHardware name: VMware, Inc. VMware Virtual Platform/440BX\nDesktop Reference Platform, BIOS 6.00 11/12/2020\nCall Trace:\n \u003cTASK\u003e\n gsm_cleanup_mux+0x77b/0x7b0 drivers/tty/n_gsm.c:3160 [n_gsm]\n __pfx_gsm_cleanup_mux+0x10/0x10 drivers/tty/n_gsm.c:3124 [n_gsm]\n __pfx_sched_clock_cpu+0x10/0x10 kernel/sched/clock.c:389\n update_load_avg+0x1c1/0x27b0 kernel/sched/fair.c:4500\n __pfx_min_vruntime_cb_rotate+0x10/0x10 kernel/sched/fair.c:846\n __rb_insert_augmented+0x492/0xbf0 lib/rbtree.c:161\n gsmld_ioctl+0x395/0x1450 drivers/tty/n_gsm.c:3408 [n_gsm]\n _raw_spin_lock_irqsave+0x92/0xf0 arch/x86/include/asm/atomic.h:107\n __pfx_gsmld_ioctl+0x10/0x10 drivers/tty/n_gsm.c:3822 [n_gsm]\n ktime_get+0x5e/0x140 kernel/time/timekeeping.c:195\n ldsem_down_read+0x94/0x4e0 arch/x86/include/asm/atomic64_64.h:79\n __pfx_ldsem_down_read+0x10/0x10 drivers/tty/tty_ldsem.c:338\n __pfx_do_vfs_ioctl+0x10/0x10 fs/ioctl.c:805\n tty_ioctl+0x643/0x1100 drivers/tty/tty_io.c:2818\n\nAllocated by task 65:\n gsm_data_alloc.constprop.0+0x27/0x190 drivers/tty/n_gsm.c:926 [n_gsm]\n gsm_send+0x2c/0x580 drivers/tty/n_gsm.c:819 [n_gsm]\n gsm1_receive+0x547/0xad0 drivers/tty/n_gsm.c:3038 [n_gsm]\n gsmld_receive_buf+0x176/0x280 drivers/tty/n_gsm.c:3609 [n_gsm]\n tty_ldisc_receive_buf+0x101/0x1e0 drivers/tty/tty_buffer.c:391\n tty_port_default_receive_buf+0x61/0xa0 drivers/tty/tty_port.c:39\n flush_to_ldisc+0x1b0/0x750 drivers/tty/tty_buffer.c:445\n process_scheduled_works+0x2b0/0x10d0 kernel/workqueue.c:3229\n worker_thread+0x3dc/0x950 kernel/workqueue.c:3391\n kthread+0x2a3/0x370 kernel/kthread.c:389\n ret_from_fork+0x2d/0x70 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:257\n\nFreed by task 3367:\n kfree+0x126/0x420 mm/slub.c:4580\n gsm_cleanup_mux+0x36c/0x7b0 drivers/tty/n_gsm.c:3160 [n_gsm]\n gsmld_ioctl+0x395/0x1450 drivers/tty/n_gsm.c:3408 [n_gsm]\n tty_ioctl+0x643/0x1100 drivers/tty/tty_io.c:2818\n\n[Analysis]\ngsm_msg on the tx_ctrl_list or tx_data_list of gsm_mux\ncan be freed by multi threads through ioctl,which leads\nto the occurrence of uaf. Protect it by gsm tx lock.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50073",
"url": "https://www.suse.com/security/cve/CVE-2024-50073"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-50073",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "external",
"summary": "SUSE Bug 1232520 for CVE-2024-50073",
"url": "https://bugzilla.suse.com/1232520"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "important"
}
],
"title": "CVE-2024-50073"
},
{
"cve": "CVE-2024-50085",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50085"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: fix UaF read in mptcp_pm_nl_rm_addr_or_subflow\n\nSyzkaller reported this splat:\n\n ==================================================================\n BUG: KASAN: slab-use-after-free in mptcp_pm_nl_rm_addr_or_subflow+0xb44/0xcc0 net/mptcp/pm_netlink.c:881\n Read of size 4 at addr ffff8880569ac858 by task syz.1.2799/14662\n\n CPU: 0 UID: 0 PID: 14662 Comm: syz.1.2799 Not tainted 6.12.0-rc2-syzkaller-00307-g36c254515dc6 #0\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\n Call Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0xc3/0x620 mm/kasan/report.c:488\n kasan_report+0xd9/0x110 mm/kasan/report.c:601\n mptcp_pm_nl_rm_addr_or_subflow+0xb44/0xcc0 net/mptcp/pm_netlink.c:881\n mptcp_pm_nl_rm_subflow_received net/mptcp/pm_netlink.c:914 [inline]\n mptcp_nl_remove_id_zero_address+0x305/0x4a0 net/mptcp/pm_netlink.c:1572\n mptcp_pm_nl_del_addr_doit+0x5c9/0x770 net/mptcp/pm_netlink.c:1603\n genl_family_rcv_msg_doit+0x202/0x2f0 net/netlink/genetlink.c:1115\n genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]\n genl_rcv_msg+0x565/0x800 net/netlink/genetlink.c:1210\n netlink_rcv_skb+0x165/0x410 net/netlink/af_netlink.c:2551\n genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219\n netlink_unicast_kernel net/netlink/af_netlink.c:1331 [inline]\n netlink_unicast+0x53c/0x7f0 net/netlink/af_netlink.c:1357\n netlink_sendmsg+0x8b8/0xd70 net/netlink/af_netlink.c:1901\n sock_sendmsg_nosec net/socket.c:729 [inline]\n __sock_sendmsg net/socket.c:744 [inline]\n ____sys_sendmsg+0x9ae/0xb40 net/socket.c:2607\n ___sys_sendmsg+0x135/0x1e0 net/socket.c:2661\n __sys_sendmsg+0x117/0x1f0 net/socket.c:2690\n do_syscall_32_irqs_on arch/x86/entry/common.c:165 [inline]\n __do_fast_syscall_32+0x73/0x120 arch/x86/entry/common.c:386\n do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411\n entry_SYSENTER_compat_after_hwframe+0x84/0x8e\n RIP: 0023:0xf7fe4579\n Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 \u003c5d\u003e 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00\n RSP: 002b:00000000f574556c EFLAGS: 00000296 ORIG_RAX: 0000000000000172\n RAX: ffffffffffffffda RBX: 000000000000000b RCX: 0000000020000140\n RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\n RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000\n R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000\n R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000\n \u003c/TASK\u003e\n\n Allocated by task 5387:\n kasan_save_stack+0x33/0x60 mm/kasan/common.c:47\n kasan_save_track+0x14/0x30 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0xaa/0xb0 mm/kasan/common.c:394\n kmalloc_noprof include/linux/slab.h:878 [inline]\n kzalloc_noprof include/linux/slab.h:1014 [inline]\n subflow_create_ctx+0x87/0x2a0 net/mptcp/subflow.c:1803\n subflow_ulp_init+0xc3/0x4d0 net/mptcp/subflow.c:1956\n __tcp_set_ulp net/ipv4/tcp_ulp.c:146 [inline]\n tcp_set_ulp+0x326/0x7f0 net/ipv4/tcp_ulp.c:167\n mptcp_subflow_create_socket+0x4ae/0x10a0 net/mptcp/subflow.c:1764\n __mptcp_subflow_connect+0x3cc/0x1490 net/mptcp/subflow.c:1592\n mptcp_pm_create_subflow_or_signal_addr+0xbda/0x23a0 net/mptcp/pm_netlink.c:642\n mptcp_pm_nl_fully_established net/mptcp/pm_netlink.c:650 [inline]\n mptcp_pm_nl_work+0x3a1/0x4f0 net/mptcp/pm_netlink.c:943\n mptcp_worker+0x15a/0x1240 net/mptcp/protocol.c:2777\n process_one_work+0x958/0x1b30 kernel/workqueue.c:3229\n process_scheduled_works kernel/workqueue.c:3310 [inline]\n worker_thread+0x6c8/0xf00 kernel/workqueue.c:3391\n kthread+0x2c1/0x3a0 kernel/kthread.c:389\n ret_from_fork+0x45/0x80 arch/x86/ke\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50085",
"url": "https://www.suse.com/security/cve/CVE-2024-50085"
},
{
"category": "external",
"summary": "SUSE Bug 1232508 for CVE-2024-50085",
"url": "https://bugzilla.suse.com/1232508"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2024-50085"
},
{
"cve": "CVE-2024-50115",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50115"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory\n\nIgnore nCR3[4:0] when loading PDPTEs from memory for nested SVM, as bits\n4:0 of CR3 are ignored when PAE paging is used, and thus VMRUN doesn\u0027t\nenforce 32-byte alignment of nCR3.\n\nIn the absolute worst case scenario, failure to ignore bits 4:0 can result\nin an out-of-bounds read, e.g. if the target page is at the end of a\nmemslot, and the VMM isn\u0027t using guard pages.\n\nPer the APM:\n\n The CR3 register points to the base address of the page-directory-pointer\n table. The page-directory-pointer table is aligned on a 32-byte boundary,\n with the low 5 address bits 4:0 assumed to be 0.\n\nAnd the SDM\u0027s much more explicit:\n\n 4:0 Ignored\n\nNote, KVM gets this right when loading PDPTRs, it\u0027s only the nSVM flow\nthat is broken.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50115",
"url": "https://www.suse.com/security/cve/CVE-2024-50115"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-50115",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "external",
"summary": "SUSE Bug 1232919 for CVE-2024-50115",
"url": "https://bugzilla.suse.com/1232919"
},
{
"category": "external",
"summary": "SUSE Bug 1233019 for CVE-2024-50115",
"url": "https://bugzilla.suse.com/1233019"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "important"
}
],
"title": "CVE-2024-50115"
},
{
"cve": "CVE-2024-50126",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50126"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sched: use RCU read-side critical section in taprio_dump()\n\nFix possible use-after-free in \u0027taprio_dump()\u0027 by adding RCU\nread-side critical section there. Never seen on x86 but\nfound on a KASAN-enabled arm64 system when investigating\nhttps://syzkaller.appspot.com/bug?extid=b65e0af58423fc8a73aa:\n\n[T15862] BUG: KASAN: slab-use-after-free in taprio_dump+0xa0c/0xbb0\n[T15862] Read of size 4 at addr ffff0000d4bb88f8 by task repro/15862\n[T15862]\n[T15862] CPU: 0 UID: 0 PID: 15862 Comm: repro Not tainted 6.11.0-rc1-00293-gdefaf1a2113a-dirty #2\n[T15862] Hardware name: QEMU QEMU Virtual Machine, BIOS edk2-20240524-5.fc40 05/24/2024\n[T15862] Call trace:\n[T15862] dump_backtrace+0x20c/0x220\n[T15862] show_stack+0x2c/0x40\n[T15862] dump_stack_lvl+0xf8/0x174\n[T15862] print_report+0x170/0x4d8\n[T15862] kasan_report+0xb8/0x1d4\n[T15862] __asan_report_load4_noabort+0x20/0x2c\n[T15862] taprio_dump+0xa0c/0xbb0\n[T15862] tc_fill_qdisc+0x540/0x1020\n[T15862] qdisc_notify.isra.0+0x330/0x3a0\n[T15862] tc_modify_qdisc+0x7b8/0x1838\n[T15862] rtnetlink_rcv_msg+0x3c8/0xc20\n[T15862] netlink_rcv_skb+0x1f8/0x3d4\n[T15862] rtnetlink_rcv+0x28/0x40\n[T15862] netlink_unicast+0x51c/0x790\n[T15862] netlink_sendmsg+0x79c/0xc20\n[T15862] __sock_sendmsg+0xe0/0x1a0\n[T15862] ____sys_sendmsg+0x6c0/0x840\n[T15862] ___sys_sendmsg+0x1ac/0x1f0\n[T15862] __sys_sendmsg+0x110/0x1d0\n[T15862] __arm64_sys_sendmsg+0x74/0xb0\n[T15862] invoke_syscall+0x88/0x2e0\n[T15862] el0_svc_common.constprop.0+0xe4/0x2a0\n[T15862] do_el0_svc+0x44/0x60\n[T15862] el0_svc+0x50/0x184\n[T15862] el0t_64_sync_handler+0x120/0x12c\n[T15862] el0t_64_sync+0x190/0x194\n[T15862]\n[T15862] Allocated by task 15857:\n[T15862] kasan_save_stack+0x3c/0x70\n[T15862] kasan_save_track+0x20/0x3c\n[T15862] kasan_save_alloc_info+0x40/0x60\n[T15862] __kasan_kmalloc+0xd4/0xe0\n[T15862] __kmalloc_cache_noprof+0x194/0x334\n[T15862] taprio_change+0x45c/0x2fe0\n[T15862] tc_modify_qdisc+0x6a8/0x1838\n[T15862] rtnetlink_rcv_msg+0x3c8/0xc20\n[T15862] netlink_rcv_skb+0x1f8/0x3d4\n[T15862] rtnetlink_rcv+0x28/0x40\n[T15862] netlink_unicast+0x51c/0x790\n[T15862] netlink_sendmsg+0x79c/0xc20\n[T15862] __sock_sendmsg+0xe0/0x1a0\n[T15862] ____sys_sendmsg+0x6c0/0x840\n[T15862] ___sys_sendmsg+0x1ac/0x1f0\n[T15862] __sys_sendmsg+0x110/0x1d0\n[T15862] __arm64_sys_sendmsg+0x74/0xb0\n[T15862] invoke_syscall+0x88/0x2e0\n[T15862] el0_svc_common.constprop.0+0xe4/0x2a0\n[T15862] do_el0_svc+0x44/0x60\n[T15862] el0_svc+0x50/0x184\n[T15862] el0t_64_sync_handler+0x120/0x12c\n[T15862] el0t_64_sync+0x190/0x194\n[T15862]\n[T15862] Freed by task 6192:\n[T15862] kasan_save_stack+0x3c/0x70\n[T15862] kasan_save_track+0x20/0x3c\n[T15862] kasan_save_free_info+0x4c/0x80\n[T15862] poison_slab_object+0x110/0x160\n[T15862] __kasan_slab_free+0x3c/0x74\n[T15862] kfree+0x134/0x3c0\n[T15862] taprio_free_sched_cb+0x18c/0x220\n[T15862] rcu_core+0x920/0x1b7c\n[T15862] rcu_core_si+0x10/0x1c\n[T15862] handle_softirqs+0x2e8/0xd64\n[T15862] __do_softirq+0x14/0x20",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50126",
"url": "https://www.suse.com/security/cve/CVE-2024-50126"
},
{
"category": "external",
"summary": "SUSE Bug 1232895 for CVE-2024-50126",
"url": "https://bugzilla.suse.com/1232895"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2024-50126"
},
{
"cve": "CVE-2024-50140",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50140"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched/core: Disable page allocation in task_tick_mm_cid()\n\nWith KASAN and PREEMPT_RT enabled, calling task_work_add() in\ntask_tick_mm_cid() may cause the following splat.\n\n[ 63.696416] BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48\n[ 63.696416] in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 610, name: modprobe\n[ 63.696416] preempt_count: 10001, expected: 0\n[ 63.696416] RCU nest depth: 1, expected: 1\n\nThis problem is caused by the following call trace.\n\n sched_tick() [ acquire rq-\u003e__lock ]\n -\u003e task_tick_mm_cid()\n -\u003e task_work_add()\n -\u003e __kasan_record_aux_stack()\n -\u003e kasan_save_stack()\n -\u003e stack_depot_save_flags()\n -\u003e alloc_pages_mpol_noprof()\n -\u003e __alloc_pages_noprof()\n\t -\u003e get_page_from_freelist()\n\t -\u003e rmqueue()\n\t -\u003e rmqueue_pcplist()\n\t -\u003e __rmqueue_pcplist()\n\t -\u003e rmqueue_bulk()\n\t -\u003e rt_spin_lock()\n\nThe rq lock is a raw_spinlock_t. We can\u0027t sleep while holding\nit. IOW, we can\u0027t call alloc_pages() in stack_depot_save_flags().\n\nThe task_tick_mm_cid() function with its task_work_add() call was\nintroduced by commit 223baf9d17f2 (\"sched: Fix performance regression\nintroduced by mm_cid\") in v6.4 kernel.\n\nFortunately, there is a kasan_record_aux_stack_noalloc() variant that\ncalls stack_depot_save_flags() while not allowing it to allocate\nnew pages. To allow task_tick_mm_cid() to use task_work without\npage allocation, a new TWAF_NO_ALLOC flag is added to enable calling\nkasan_record_aux_stack_noalloc() instead of kasan_record_aux_stack()\nif set. The task_tick_mm_cid() function is modified to add this new flag.\n\nThe possible downside is the missing stack trace in a KASAN report due\nto new page allocation required when task_work_add_noallloc() is called\nwhich should be rare.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50140",
"url": "https://www.suse.com/security/cve/CVE-2024-50140"
},
{
"category": "external",
"summary": "SUSE Bug 1233060 for CVE-2024-50140",
"url": "https://bugzilla.suse.com/1233060"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2024-50140"
},
{
"cve": "CVE-2024-50142",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50142"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm: validate new SA\u0027s prefixlen using SA family when sel.family is unset\n\nThis expands the validation introduced in commit 07bf7908950a (\"xfrm:\nValidate address prefix lengths in the xfrm selector.\")\n\nsyzbot created an SA with\n usersa.sel.family = AF_UNSPEC\n usersa.sel.prefixlen_s = 128\n usersa.family = AF_INET\n\nBecause of the AF_UNSPEC selector, verify_newsa_info doesn\u0027t put\nlimits on prefixlen_{s,d}. But then copy_from_user_state sets\nx-\u003esel.family to usersa.family (AF_INET). Do the same conversion in\nverify_newsa_info before validating prefixlen_{s,d}, since that\u0027s how\nprefixlen is going to be used later on.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50142",
"url": "https://www.suse.com/security/cve/CVE-2024-50142"
},
{
"category": "external",
"summary": "SUSE Bug 1233028 for CVE-2024-50142",
"url": "https://bugzilla.suse.com/1233028"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2024-50142"
},
{
"cve": "CVE-2024-50152",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50152"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix possible double free in smb2_set_ea()\n\nClang static checker(scan-build) warning:\nfs/smb/client/smb2ops.c:1304:2: Attempt to free released memory.\n 1304 | kfree(ea);\n | ^~~~~~~~~\n\nThere is a double free in such case:\n\u0027ea is initialized to NULL\u0027 -\u003e \u0027first successful memory allocation for\nea\u0027 -\u003e \u0027something failed, goto sea_exit\u0027 -\u003e \u0027first memory release for ea\u0027\n-\u003e \u0027goto replay_again\u0027 -\u003e \u0027second goto sea_exit before allocate memory\nfor ea\u0027 -\u003e \u0027second memory release for ea resulted in double free\u0027.\n\nRe-initialie \u0027ea\u0027 to NULL near to the replay_again label, it can fix this\ndouble free problem.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50152",
"url": "https://www.suse.com/security/cve/CVE-2024-50152"
},
{
"category": "external",
"summary": "SUSE Bug 1233033 for CVE-2024-50152",
"url": "https://bugzilla.suse.com/1233033"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2024-50152"
},
{
"cve": "CVE-2024-50185",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50185"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: handle consistently DSS corruption\n\nBugged peer implementation can send corrupted DSS options, consistently\nhitting a few warning in the data path. Use DEBUG_NET assertions, to\navoid the splat on some builds and handle consistently the error, dumping\nrelated MIBs and performing fallback and/or reset according to the\nsubflow type.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50185",
"url": "https://www.suse.com/security/cve/CVE-2024-50185"
},
{
"category": "external",
"summary": "SUSE Bug 1233109 for CVE-2024-50185",
"url": "https://bugzilla.suse.com/1233109"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2024-50185"
},
{
"cve": "CVE-2024-50251",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50251"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_payload: sanitize offset and length before calling skb_checksum()\n\nIf access to offset + length is larger than the skbuff length, then\nskb_checksum() triggers BUG_ON().\n\nskb_checksum() internally subtracts the length parameter while iterating\nover skbuff, BUG_ON(len) at the end of it checks that the expected\nlength to be included in the checksum calculation is fully consumed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50251",
"url": "https://www.suse.com/security/cve/CVE-2024-50251"
},
{
"category": "external",
"summary": "SUSE Bug 1233248 for CVE-2024-50251",
"url": "https://bugzilla.suse.com/1233248"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2024-50251"
},
{
"cve": "CVE-2024-50258",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50258"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix crash when config small gso_max_size/gso_ipv4_max_size\n\nConfig a small gso_max_size/gso_ipv4_max_size will lead to an underflow\nin sk_dst_gso_max_size(), which may trigger a BUG_ON crash,\nbecause sk-\u003esk_gso_max_size would be much bigger than device limits.\nCall Trace:\ntcp_write_xmit\n tso_segs = tcp_init_tso_segs(skb, mss_now);\n tcp_set_skb_tso_segs\n tcp_skb_pcount_set\n // skb-\u003elen = 524288, mss_now = 8\n // u16 tso_segs = 524288/8 = 65535 -\u003e 0\n tso_segs = DIV_ROUND_UP(skb-\u003elen, mss_now)\n BUG_ON(!tso_segs)\nAdd check for the minimum value of gso_max_size and gso_ipv4_max_size.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50258",
"url": "https://www.suse.com/security/cve/CVE-2024-50258"
},
{
"category": "external",
"summary": "SUSE Bug 1233221 for CVE-2024-50258",
"url": "https://bugzilla.suse.com/1233221"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2024-50258"
},
{
"cve": "CVE-2024-50290",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50290"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: cx24116: prevent overflows on SNR calculus\n\nas reported by Coverity, if reading SNR registers fail, a negative\nnumber will be returned, causing an underflow when reading SNR\nregisters.\n\nPrevent that.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50290",
"url": "https://www.suse.com/security/cve/CVE-2024-50290"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-50290",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "external",
"summary": "SUSE Bug 1233479 for CVE-2024-50290",
"url": "https://bugzilla.suse.com/1233479"
},
{
"category": "external",
"summary": "SUSE Bug 1233681 for CVE-2024-50290",
"url": "https://bugzilla.suse.com/1233681"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "important"
}
],
"title": "CVE-2024-50290"
},
{
"cve": "CVE-2024-50294",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50294"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nrxrpc: Fix missing locking causing hanging calls\n\nIf a call gets aborted (e.g. because kafs saw a signal) between it being\nqueued for connection and the I/O thread picking up the call, the abort\nwill be prioritised over the connection and it will be removed from\nlocal-\u003enew_client_calls by rxrpc_disconnect_client_call() without a lock\nbeing held. This may cause other calls on the list to disappear if a race\noccurs.\n\nFix this by taking the client_call_lock when removing a call from whatever\nlist its -\u003ewait_link happens to be on.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50294",
"url": "https://www.suse.com/security/cve/CVE-2024-50294"
},
{
"category": "external",
"summary": "SUSE Bug 1233483 for CVE-2024-50294",
"url": "https://bugzilla.suse.com/1233483"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2024-50294"
},
{
"cve": "CVE-2024-50304",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50304"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_find()\n\nThe per-netns IP tunnel hash table is protected by the RTNL mutex and\nip_tunnel_find() is only called from the control path where the mutex is\ntaken.\n\nAdd a lockdep expression to hlist_for_each_entry_rcu() in\nip_tunnel_find() in order to validate that the mutex is held and to\nsilence the suspicious RCU usage warning [1].\n\n[1]\nWARNING: suspicious RCU usage\n6.12.0-rc3-custom-gd95d9a31aceb #139 Not tainted\n-----------------------------\nnet/ipv4/ip_tunnel.c:221 RCU-list traversed in non-reader section!!\n\nother info that might help us debug this:\n\nrcu_scheduler_active = 2, debug_locks = 1\n1 lock held by ip/362:\n #0: ffffffff86fc7cb0 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x377/0xf60\n\nstack backtrace:\nCPU: 12 UID: 0 PID: 362 Comm: ip Not tainted 6.12.0-rc3-custom-gd95d9a31aceb #139\nHardware name: Bochs Bochs, BIOS Bochs 01/01/2011\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0xba/0x110\n lockdep_rcu_suspicious.cold+0x4f/0xd6\n ip_tunnel_find+0x435/0x4d0\n ip_tunnel_newlink+0x517/0x7a0\n ipgre_newlink+0x14c/0x170\n __rtnl_newlink+0x1173/0x19c0\n rtnl_newlink+0x6c/0xa0\n rtnetlink_rcv_msg+0x3cc/0xf60\n netlink_rcv_skb+0x171/0x450\n netlink_unicast+0x539/0x7f0\n netlink_sendmsg+0x8c1/0xd80\n ____sys_sendmsg+0x8f9/0xc20\n ___sys_sendmsg+0x197/0x1e0\n __sys_sendmsg+0x122/0x1f0\n do_syscall_64+0xbb/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50304",
"url": "https://www.suse.com/security/cve/CVE-2024-50304"
},
{
"category": "external",
"summary": "SUSE Bug 1233522 for CVE-2024-50304",
"url": "https://bugzilla.suse.com/1233522"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2024-50304"
},
{
"cve": "CVE-2024-52559",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-52559"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/gem: prevent integer overflow in msm_ioctl_gem_submit()\n\nThe \"submit-\u003ecmd[i].size\" and \"submit-\u003ecmd[i].offset\" variables are u32\nvalues that come from the user via the submit_lookup_cmds() function.\nThis addition could lead to an integer wrapping bug so use size_add()\nto prevent that.\n\nPatchwork: https://patchwork.freedesktop.org/patch/624696/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-52559",
"url": "https://www.suse.com/security/cve/CVE-2024-52559"
},
{
"category": "external",
"summary": "SUSE Bug 1238507 for CVE-2024-52559",
"url": "https://bugzilla.suse.com/1238507"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2024-52559"
},
{
"cve": "CVE-2024-53057",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53057"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT\n\nIn qdisc_tree_reduce_backlog, Qdiscs with major handle ffff: are assumed\nto be either root or ingress. This assumption is bogus since it\u0027s valid\nto create egress qdiscs with major handle ffff:\nBudimir Markovic found that for qdiscs like DRR that maintain an active\nclass list, it will cause a UAF with a dangling class pointer.\n\nIn 066a3b5b2346, the concern was to avoid iterating over the ingress\nqdisc since its parent is itself. The proper fix is to stop when parent\nTC_H_ROOT is reached because the only way to retrieve ingress is when a\nhierarchy which does not contain a ffff: major handle call into\nqdisc_lookup with TC_H_MAJ(TC_H_ROOT).\n\nIn the scenario where major ffff: is an egress qdisc in any of the tree\nlevels, the updates will also propagate to TC_H_ROOT, which then the\niteration must stop.\n\n\n net/sched/sch_api.c | 2 +-\n 1 file changed, 1 insertion(+), 1 deletion(-)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53057",
"url": "https://www.suse.com/security/cve/CVE-2024-53057"
},
{
"category": "external",
"summary": "SUSE Bug 1233551 for CVE-2024-53057",
"url": "https://bugzilla.suse.com/1233551"
},
{
"category": "external",
"summary": "SUSE Bug 1245816 for CVE-2024-53057",
"url": "https://bugzilla.suse.com/1245816"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "important"
}
],
"title": "CVE-2024-53057"
},
{
"cve": "CVE-2024-53063",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53063"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: dvbdev: prevent the risk of out of memory access\n\nThe dvbdev contains a static variable used to store dvb minors.\n\nThe behavior of it depends if CONFIG_DVB_DYNAMIC_MINORS is set\nor not. When not set, dvb_register_device() won\u0027t check for\nboundaries, as it will rely that a previous call to\ndvb_register_adapter() would already be enforcing it.\n\nOn a similar way, dvb_device_open() uses the assumption\nthat the register functions already did the needed checks.\n\nThis can be fragile if some device ends using different\ncalls. This also generate warnings on static check analysers\nlike Coverity.\n\nSo, add explicit guards to prevent potential risk of OOM issues.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53063",
"url": "https://www.suse.com/security/cve/CVE-2024-53063"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-53063",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "external",
"summary": "SUSE Bug 1233557 for CVE-2024-53063",
"url": "https://bugzilla.suse.com/1233557"
},
{
"category": "external",
"summary": "SUSE Bug 1233619 for CVE-2024-53063",
"url": "https://bugzilla.suse.com/1233619"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "important"
}
],
"title": "CVE-2024-53063"
},
{
"cve": "CVE-2024-53123",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53123"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: error out earlier on disconnect\n\nEric reported a division by zero splat in the MPTCP protocol:\n\nOops: divide error: 0000 [#1] PREEMPT SMP KASAN PTI\nCPU: 1 UID: 0 PID: 6094 Comm: syz-executor317 Not tainted\n6.12.0-rc5-syzkaller-00291-g05b92660cdfe #0\nHardware name: Google Google Compute Engine/Google Compute Engine,\nBIOS Google 09/13/2024\nRIP: 0010:__tcp_select_window+0x5b4/0x1310 net/ipv4/tcp_output.c:3163\nCode: f6 44 01 e3 89 df e8 9b 75 09 f8 44 39 f3 0f 8d 11 ff ff ff e8\n0d 74 09 f8 45 89 f4 e9 04 ff ff ff e8 00 74 09 f8 44 89 f0 99 \u003cf7\u003e 7c\n24 14 41 29 d6 45 89 f4 e9 ec fe ff ff e8 e8 73 09 f8 48 89\nRSP: 0018:ffffc900041f7930 EFLAGS: 00010293\nRAX: 0000000000017e67 RBX: 0000000000017e67 RCX: ffffffff8983314b\nRDX: 0000000000000000 RSI: ffffffff898331b0 RDI: 0000000000000004\nRBP: 00000000005d6000 R08: 0000000000000004 R09: 0000000000017e67\nR10: 0000000000003e80 R11: 0000000000000000 R12: 0000000000003e80\nR13: ffff888031d9b440 R14: 0000000000017e67 R15: 00000000002eb000\nFS: 00007feb5d7f16c0(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007feb5d8adbb8 CR3: 0000000074e4c000 CR4: 00000000003526f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n\u003cTASK\u003e\n__tcp_cleanup_rbuf+0x3e7/0x4b0 net/ipv4/tcp.c:1493\nmptcp_rcv_space_adjust net/mptcp/protocol.c:2085 [inline]\nmptcp_recvmsg+0x2156/0x2600 net/mptcp/protocol.c:2289\ninet_recvmsg+0x469/0x6a0 net/ipv4/af_inet.c:885\nsock_recvmsg_nosec net/socket.c:1051 [inline]\nsock_recvmsg+0x1b2/0x250 net/socket.c:1073\n__sys_recvfrom+0x1a5/0x2e0 net/socket.c:2265\n__do_sys_recvfrom net/socket.c:2283 [inline]\n__se_sys_recvfrom net/socket.c:2279 [inline]\n__x64_sys_recvfrom+0xe0/0x1c0 net/socket.c:2279\ndo_syscall_x64 arch/x86/entry/common.c:52 [inline]\ndo_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83\nentry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7feb5d857559\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48\n89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d\n01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007feb5d7f1208 EFLAGS: 00000246 ORIG_RAX: 000000000000002d\nRAX: ffffffffffffffda RBX: 00007feb5d8e1318 RCX: 00007feb5d857559\nRDX: 000000800000000e RSI: 0000000000000000 RDI: 0000000000000003\nRBP: 00007feb5d8e1310 R08: 0000000000000000 R09: ffffffff81000000\nR10: 0000000000000100 R11: 0000000000000246 R12: 00007feb5d8e131c\nR13: 00007feb5d8ae074 R14: 000000800000000e R15: 00000000fffffdef\n\nand provided a nice reproducer.\n\nThe root cause is the current bad handling of racing disconnect.\nAfter the blamed commit below, sk_wait_data() can return (with\nerror) with the underlying socket disconnected and a zero rcv_mss.\n\nCatch the error and return without performing any additional\noperations on the current socket.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53123",
"url": "https://www.suse.com/security/cve/CVE-2024-53123"
},
{
"category": "external",
"summary": "SUSE Bug 1234070 for CVE-2024-53123",
"url": "https://bugzilla.suse.com/1234070"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2024-53123"
},
{
"cve": "CVE-2024-53140",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53140"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetlink: terminate outstanding dump on socket close\n\nNetlink supports iterative dumping of data. It provides the families\nthe following ops:\n - start - (optional) kicks off the dumping process\n - dump - actual dump helper, keeps getting called until it returns 0\n - done - (optional) pairs with .start, can be used for cleanup\nThe whole process is asynchronous and the repeated calls to .dump\ndon\u0027t actually happen in a tight loop, but rather are triggered\nin response to recvmsg() on the socket.\n\nThis gives the user full control over the dump, but also means that\nthe user can close the socket without getting to the end of the dump.\nTo make sure .start is always paired with .done we check if there\nis an ongoing dump before freeing the socket, and if so call .done.\n\nThe complication is that sockets can get freed from BH and .done\nis allowed to sleep. So we use a workqueue to defer the call, when\nneeded.\n\nUnfortunately this does not work correctly. What we defer is not\nthe cleanup but rather releasing a reference on the socket.\nWe have no guarantee that we own the last reference, if someone\nelse holds the socket they may release it in BH and we\u0027re back\nto square one.\n\nThe whole dance, however, appears to be unnecessary. Only the user\ncan interact with dumps, so we can clean up when socket is closed.\nAnd close always happens in process context. Some async code may\nstill access the socket after close, queue notification skbs to it etc.\nbut no dumps can start, end or otherwise make progress.\n\nDelete the workqueue and flush the dump state directly from the release\nhandler. Note that further cleanup is possible in -next, for instance\nwe now always call .done before releasing the main module reference,\nso dump doesn\u0027t have to take a reference of its own.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53140",
"url": "https://www.suse.com/security/cve/CVE-2024-53140"
},
{
"category": "external",
"summary": "SUSE Bug 1234222 for CVE-2024-53140",
"url": "https://bugzilla.suse.com/1234222"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2024-53140"
},
{
"cve": "CVE-2024-53147",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53147"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nexfat: fix out-of-bounds access of directory entries\n\nIn the case of the directory size is greater than or equal to\nthe cluster size, if start_clu becomes an EOF cluster(an invalid\ncluster) due to file system corruption, then the directory entry\nwhere ei-\u003ehint_femp.eidx hint is outside the directory, resulting\nin an out-of-bounds access, which may cause further file system\ncorruption.\n\nThis commit adds a check for start_clu, if it is an invalid cluster,\nthe file or directory will be treated as empty.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53147",
"url": "https://www.suse.com/security/cve/CVE-2024-53147"
},
{
"category": "external",
"summary": "SUSE Bug 1234857 for CVE-2024-53147",
"url": "https://bugzilla.suse.com/1234857"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2024-53147"
},
{
"cve": "CVE-2024-53163",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53163"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: qat/qat_420xx - fix off by one in uof_get_name()\n\nThis is called from uof_get_name_420xx() where \"num_objs\" is the\nARRAY_SIZE() of fw_objs[]. The \u003e needs to be \u003e= to prevent an out of\nbounds access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53163",
"url": "https://www.suse.com/security/cve/CVE-2024-53163"
},
{
"category": "external",
"summary": "SUSE Bug 1234828 for CVE-2024-53163",
"url": "https://bugzilla.suse.com/1234828"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2024-53163"
},
{
"cve": "CVE-2024-53173",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53173"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSv4.0: Fix a use-after-free problem in the asynchronous open()\n\nYang Erkun reports that when two threads are opening files at the same\ntime, and are forced to abort before a reply is seen, then the call to\nnfs_release_seqid() in nfs4_opendata_free() can result in a\nuse-after-free of the pointer to the defunct rpc task of the other\nthread.\nThe fix is to ensure that if the RPC call is aborted before the call to\nnfs_wait_on_sequence() is complete, then we must call nfs_release_seqid()\nin nfs4_open_release() before the rpc_task is freed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53173",
"url": "https://www.suse.com/security/cve/CVE-2024-53173"
},
{
"category": "external",
"summary": "SUSE Bug 1234853 for CVE-2024-53173",
"url": "https://bugzilla.suse.com/1234853"
},
{
"category": "external",
"summary": "SUSE Bug 1234891 for CVE-2024-53173",
"url": "https://bugzilla.suse.com/1234891"
},
{
"category": "external",
"summary": "SUSE Bug 1234892 for CVE-2024-53173",
"url": "https://bugzilla.suse.com/1234892"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "important"
}
],
"title": "CVE-2024-53173"
},
{
"cve": "CVE-2024-53176",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53176"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: During unmount, ensure all cached dir instances drop their dentry\n\nThe unmount process (cifs_kill_sb() calling close_all_cached_dirs()) can\nrace with various cached directory operations, which ultimately results\nin dentries not being dropped and these kernel BUGs:\n\nBUG: Dentry ffff88814f37e358{i=1000000000080,n=/} still in use (2) [unmount of cifs cifs]\nVFS: Busy inodes after unmount of cifs (cifs)\n------------[ cut here ]------------\nkernel BUG at fs/super.c:661!\n\nThis happens when a cfid is in the process of being cleaned up when, and\nhas been removed from the cfids-\u003eentries list, including:\n\n- Receiving a lease break from the server\n- Server reconnection triggers invalidate_all_cached_dirs(), which\n removes all the cfids from the list\n- The laundromat thread decides to expire an old cfid.\n\nTo solve these problems, dropping the dentry is done in queued work done\nin a newly-added cfid_put_wq workqueue, and close_all_cached_dirs()\nflushes that workqueue after it drops all the dentries of which it\u0027s\naware. This is a global workqueue (rather than scoped to a mount), but\nthe queued work is minimal.\n\nThe final cleanup work for cleaning up a cfid is performed via work\nqueued in the serverclose_wq workqueue; this is done separate from\ndropping the dentries so that close_all_cached_dirs() doesn\u0027t block on\nany server operations.\n\nBoth of these queued works expect to invoked with a cfid reference and\na tcon reference to avoid those objects from being freed while the work\nis ongoing.\n\nWhile we\u0027re here, add proper locking to close_all_cached_dirs(), and\nlocking around the freeing of cfid-\u003edentry.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53176",
"url": "https://www.suse.com/security/cve/CVE-2024-53176"
},
{
"category": "external",
"summary": "SUSE Bug 1234894 for CVE-2024-53176",
"url": "https://bugzilla.suse.com/1234894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2024-53176"
},
{
"cve": "CVE-2024-53177",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53177"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: prevent use-after-free due to open_cached_dir error paths\n\nIf open_cached_dir() encounters an error parsing the lease from the\nserver, the error handling may race with receiving a lease break,\nresulting in open_cached_dir() freeing the cfid while the queued work is\npending.\n\nUpdate open_cached_dir() to drop refs rather than directly freeing the\ncfid.\n\nHave cached_dir_lease_break(), cfids_laundromat_worker(), and\ninvalidate_all_cached_dirs() clear has_lease immediately while still\nholding cfids-\u003ecfid_list_lock, and then use this to also simplify the\nreference counting in cfids_laundromat_worker() and\ninvalidate_all_cached_dirs().\n\nFixes this KASAN splat (which manually injects an error and lease break\nin open_cached_dir()):\n\n==================================================================\nBUG: KASAN: slab-use-after-free in smb2_cached_lease_break+0x27/0xb0\nRead of size 8 at addr ffff88811cc24c10 by task kworker/3:1/65\n\nCPU: 3 UID: 0 PID: 65 Comm: kworker/3:1 Not tainted 6.12.0-rc6-g255cf264e6e5-dirty #87\nHardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 11/12/2020\nWorkqueue: cifsiod smb2_cached_lease_break\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x77/0xb0\n print_report+0xce/0x660\n kasan_report+0xd3/0x110\n smb2_cached_lease_break+0x27/0xb0\n process_one_work+0x50a/0xc50\n worker_thread+0x2ba/0x530\n kthread+0x17c/0x1c0\n ret_from_fork+0x34/0x60\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n\nAllocated by task 2464:\n kasan_save_stack+0x33/0x60\n kasan_save_track+0x14/0x30\n __kasan_kmalloc+0xaa/0xb0\n open_cached_dir+0xa7d/0x1fb0\n smb2_query_path_info+0x43c/0x6e0\n cifs_get_fattr+0x346/0xf10\n cifs_get_inode_info+0x157/0x210\n cifs_revalidate_dentry_attr+0x2d1/0x460\n cifs_getattr+0x173/0x470\n vfs_statx_path+0x10f/0x160\n vfs_statx+0xe9/0x150\n vfs_fstatat+0x5e/0xc0\n __do_sys_newfstatat+0x91/0xf0\n do_syscall_64+0x95/0x1a0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nFreed by task 2464:\n kasan_save_stack+0x33/0x60\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3b/0x60\n __kasan_slab_free+0x51/0x70\n kfree+0x174/0x520\n open_cached_dir+0x97f/0x1fb0\n smb2_query_path_info+0x43c/0x6e0\n cifs_get_fattr+0x346/0xf10\n cifs_get_inode_info+0x157/0x210\n cifs_revalidate_dentry_attr+0x2d1/0x460\n cifs_getattr+0x173/0x470\n vfs_statx_path+0x10f/0x160\n vfs_statx+0xe9/0x150\n vfs_fstatat+0x5e/0xc0\n __do_sys_newfstatat+0x91/0xf0\n do_syscall_64+0x95/0x1a0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nLast potentially related work creation:\n kasan_save_stack+0x33/0x60\n __kasan_record_aux_stack+0xad/0xc0\n insert_work+0x32/0x100\n __queue_work+0x5c9/0x870\n queue_work_on+0x82/0x90\n open_cached_dir+0x1369/0x1fb0\n smb2_query_path_info+0x43c/0x6e0\n cifs_get_fattr+0x346/0xf10\n cifs_get_inode_info+0x157/0x210\n cifs_revalidate_dentry_attr+0x2d1/0x460\n cifs_getattr+0x173/0x470\n vfs_statx_path+0x10f/0x160\n vfs_statx+0xe9/0x150\n vfs_fstatat+0x5e/0xc0\n __do_sys_newfstatat+0x91/0xf0\n do_syscall_64+0x95/0x1a0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nThe buggy address belongs to the object at ffff88811cc24c00\n which belongs to the cache kmalloc-1k of size 1024\nThe buggy address is located 16 bytes inside of\n freed 1024-byte region [ffff88811cc24c00, ffff88811cc25000)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53177",
"url": "https://www.suse.com/security/cve/CVE-2024-53177"
},
{
"category": "external",
"summary": "SUSE Bug 1234896 for CVE-2024-53177",
"url": "https://bugzilla.suse.com/1234896"
},
{
"category": "external",
"summary": "SUSE Bug 1235103 for CVE-2024-53177",
"url": "https://bugzilla.suse.com/1235103"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "important"
}
],
"title": "CVE-2024-53177"
},
{
"cve": "CVE-2024-53178",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53178"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: Don\u0027t leak cfid when reconnect races with open_cached_dir\n\nopen_cached_dir() may either race with the tcon reconnection even before\ncompound_send_recv() or directly trigger a reconnection via\nSMB2_open_init() or SMB_query_info_init().\n\nThe reconnection process invokes invalidate_all_cached_dirs() via\ncifs_mark_open_files_invalid(), which removes all cfids from the\ncfids-\u003eentries list but doesn\u0027t drop a ref if has_lease isn\u0027t true. This\nresults in the currently-being-constructed cfid not being on the list,\nbut still having a refcount of 2. It leaks if returned from\nopen_cached_dir().\n\nFix this by setting cfid-\u003ehas_lease when the ref is actually taken; the\ncfid will not be used by other threads until it has a valid time.\n\nAddresses these kmemleaks:\n\nunreferenced object 0xffff8881090c4000 (size 1024):\n comm \"bash\", pid 1860, jiffies 4295126592\n hex dump (first 32 bytes):\n 00 01 00 00 00 00 ad de 22 01 00 00 00 00 ad de ........\".......\n 00 ca 45 22 81 88 ff ff f8 dc 4f 04 81 88 ff ff ..E\"......O.....\n backtrace (crc 6f58c20f):\n [\u003cffffffff8b895a1e\u003e] __kmalloc_cache_noprof+0x2be/0x350\n [\u003cffffffff8bda06e3\u003e] open_cached_dir+0x993/0x1fb0\n [\u003cffffffff8bdaa750\u003e] cifs_readdir+0x15a0/0x1d50\n [\u003cffffffff8b9a853f\u003e] iterate_dir+0x28f/0x4b0\n [\u003cffffffff8b9a9aed\u003e] __x64_sys_getdents64+0xfd/0x200\n [\u003cffffffff8cf6da05\u003e] do_syscall_64+0x95/0x1a0\n [\u003cffffffff8d00012f\u003e] entry_SYSCALL_64_after_hwframe+0x76/0x7e\nunreferenced object 0xffff8881044fdcf8 (size 8):\n comm \"bash\", pid 1860, jiffies 4295126592\n hex dump (first 8 bytes):\n 00 cc cc cc cc cc cc cc ........\n backtrace (crc 10c106a9):\n [\u003cffffffff8b89a3d3\u003e] __kmalloc_node_track_caller_noprof+0x363/0x480\n [\u003cffffffff8b7d7256\u003e] kstrdup+0x36/0x60\n [\u003cffffffff8bda0700\u003e] open_cached_dir+0x9b0/0x1fb0\n [\u003cffffffff8bdaa750\u003e] cifs_readdir+0x15a0/0x1d50\n [\u003cffffffff8b9a853f\u003e] iterate_dir+0x28f/0x4b0\n [\u003cffffffff8b9a9aed\u003e] __x64_sys_getdents64+0xfd/0x200\n [\u003cffffffff8cf6da05\u003e] do_syscall_64+0x95/0x1a0\n [\u003cffffffff8d00012f\u003e] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nAnd addresses these BUG splats when unmounting the SMB filesystem:\n\nBUG: Dentry ffff888140590ba0{i=1000000000080,n=/} still in use (2) [unmount of cifs cifs]\nWARNING: CPU: 3 PID: 3433 at fs/dcache.c:1536 umount_check+0xd0/0x100\nModules linked in:\nCPU: 3 UID: 0 PID: 3433 Comm: bash Not tainted 6.12.0-rc4-g850925a8133c-dirty #49\nHardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 11/12/2020\nRIP: 0010:umount_check+0xd0/0x100\nCode: 8d 7c 24 40 e8 31 5a f4 ff 49 8b 54 24 40 41 56 49 89 e9 45 89 e8 48 89 d9 41 57 48 89 de 48 c7 c7 80 e7 db ac e8 f0 72 9a ff \u003c0f\u003e 0b 58 31 c0 5a 5b 5d 41 5c 41 5d 41 5e 41 5f e9 2b e5 5d 01 41\nRSP: 0018:ffff88811cc27978 EFLAGS: 00010286\nRAX: 0000000000000000 RBX: ffff888140590ba0 RCX: ffffffffaaf20bae\nRDX: dffffc0000000000 RSI: 0000000000000008 RDI: ffff8881f6fb6f40\nRBP: ffff8881462ec000 R08: 0000000000000001 R09: ffffed1023984ee3\nR10: ffff88811cc2771f R11: 00000000016cfcc0 R12: ffff888134383e08\nR13: 0000000000000002 R14: ffff8881462ec668 R15: ffffffffaceab4c0\nFS: 00007f23bfa98740(0000) GS:ffff8881f6f80000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000556de4a6f808 CR3: 0000000123c80000 CR4: 0000000000350ef0\nCall Trace:\n \u003cTASK\u003e\n d_walk+0x6a/0x530\n shrink_dcache_for_umount+0x6a/0x200\n generic_shutdown_super+0x52/0x2a0\n kill_anon_super+0x22/0x40\n cifs_kill_sb+0x159/0x1e0\n deactivate_locked_super+0x66/0xe0\n cleanup_mnt+0x140/0x210\n task_work_run+0xfb/0x170\n syscall_exit_to_user_mode+0x29f/0x2b0\n do_syscall_64+0xa1/0x1a0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\nRIP: 0033:0x7f23bfb93ae7\nCode: ff ff ff ff c3 66 0f 1f 44 00 00 48 8b 0d 11 93 0d 00 f7 d8 64 89 01 b8 ff ff ff ff eb bf 0f 1f 44 00 00 b8 50 00 00 00 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 0d e9 92 0d 00 f7 d8 64 89 \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53178",
"url": "https://www.suse.com/security/cve/CVE-2024-53178"
},
{
"category": "external",
"summary": "SUSE Bug 1234895 for CVE-2024-53178",
"url": "https://bugzilla.suse.com/1234895"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2024-53178"
},
{
"cve": "CVE-2024-53226",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53226"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/hns: Fix NULL pointer derefernce in hns_roce_map_mr_sg()\n\nib_map_mr_sg() allows ULPs to specify NULL as the sg_offset argument.\nThe driver needs to check whether it is a NULL pointer before\ndereferencing it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53226",
"url": "https://www.suse.com/security/cve/CVE-2024-53226"
},
{
"category": "external",
"summary": "SUSE Bug 1236576 for CVE-2024-53226",
"url": "https://bugzilla.suse.com/1236576"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2024-53226"
},
{
"cve": "CVE-2024-53239",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53239"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: 6fire: Release resources at card release\n\nThe current 6fire code tries to release the resources right after the\ncall of usb6fire_chip_abort(). But at this moment, the card object\nmight be still in use (as we\u0027re calling snd_card_free_when_closed()).\n\nFor avoid potential UAFs, move the release of resources to the card\u0027s\nprivate_free instead of the manual call of usb6fire_chip_destroy() at\nthe USB disconnect callback.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53239",
"url": "https://www.suse.com/security/cve/CVE-2024-53239"
},
{
"category": "external",
"summary": "SUSE Bug 1234853 for CVE-2024-53239",
"url": "https://bugzilla.suse.com/1234853"
},
{
"category": "external",
"summary": "SUSE Bug 1235054 for CVE-2024-53239",
"url": "https://bugzilla.suse.com/1235054"
},
{
"category": "external",
"summary": "SUSE Bug 1235055 for CVE-2024-53239",
"url": "https://bugzilla.suse.com/1235055"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "important"
}
],
"title": "CVE-2024-53239"
},
{
"cve": "CVE-2024-53680",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53680"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init()\n\nUnder certain kernel configurations when building with Clang/LLVM, the\ncompiler does not generate a return or jump as the terminator\ninstruction for ip_vs_protocol_init(), triggering the following objtool\nwarning during build time:\n\n vmlinux.o: warning: objtool: ip_vs_protocol_init() falls through to next function __initstub__kmod_ip_vs_rr__935_123_ip_vs_rr_init6()\n\nAt runtime, this either causes an oops when trying to load the ipvs\nmodule or a boot-time panic if ipvs is built-in. This same issue has\nbeen reported by the Intel kernel test robot previously.\n\nDigging deeper into both LLVM and the kernel code reveals this to be a\nundefined behavior problem. ip_vs_protocol_init() uses a on-stack buffer\nof 64 chars to store the registered protocol names and leaves it\nuninitialized after definition. The function calls strnlen() when\nconcatenating protocol names into the buffer. With CONFIG_FORTIFY_SOURCE\nstrnlen() performs an extra step to check whether the last byte of the\ninput char buffer is a null character (commit 3009f891bb9f (\"fortify:\nAllow strlen() and strnlen() to pass compile-time known lengths\")).\nThis, together with possibly other configurations, cause the following\nIR to be generated:\n\n define hidden i32 @ip_vs_protocol_init() local_unnamed_addr #5 section \".init.text\" align 16 !kcfi_type !29 {\n %1 = alloca [64 x i8], align 16\n ...\n\n 14: ; preds = %11\n %15 = getelementptr inbounds i8, ptr %1, i64 63\n %16 = load i8, ptr %15, align 1\n %17 = tail call i1 @llvm.is.constant.i8(i8 %16)\n %18 = icmp eq i8 %16, 0\n %19 = select i1 %17, i1 %18, i1 false\n br i1 %19, label %20, label %23\n\n 20: ; preds = %14\n %21 = call i64 @strlen(ptr noundef nonnull dereferenceable(1) %1) #23\n ...\n\n 23: ; preds = %14, %11, %20\n %24 = call i64 @strnlen(ptr noundef nonnull dereferenceable(1) %1, i64 noundef 64) #24\n ...\n }\n\nThe above code calculates the address of the last char in the buffer\n(value %15) and then loads from it (value %16). Because the buffer is\nnever initialized, the LLVM GVN pass marks value %16 as undefined:\n\n %13 = getelementptr inbounds i8, ptr %1, i64 63\n br i1 undef, label %14, label %17\n\nThis gives later passes (SCCP, in particular) more DCE opportunities by\npropagating the undef value further, and eventually removes everything\nafter the load on the uninitialized stack location:\n\n define hidden i32 @ip_vs_protocol_init() local_unnamed_addr #0 section \".init.text\" align 16 !kcfi_type !11 {\n %1 = alloca [64 x i8], align 16\n ...\n\n 12: ; preds = %11\n %13 = getelementptr inbounds i8, ptr %1, i64 63\n unreachable\n }\n\nIn this way, the generated native code will just fall through to the\nnext function, as LLVM does not generate any code for the unreachable IR\ninstruction and leaves the function without a terminator.\n\nZero the on-stack buffer to avoid this possible UB.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53680",
"url": "https://www.suse.com/security/cve/CVE-2024-53680"
},
{
"category": "external",
"summary": "SUSE Bug 1235715 for CVE-2024-53680",
"url": "https://bugzilla.suse.com/1235715"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2024-53680"
},
{
"cve": "CVE-2024-54683",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-54683"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: IDLETIMER: Fix for possible ABBA deadlock\n\nDeletion of the last rule referencing a given idletimer may happen at\nthe same time as a read of its file in sysfs:\n\n| ======================================================\n| WARNING: possible circular locking dependency detected\n| 6.12.0-rc7-01692-g5e9a28f41134-dirty #594 Not tainted\n| ------------------------------------------------------\n| iptables/3303 is trying to acquire lock:\n| ffff8881057e04b8 (kn-\u003eactive#48){++++}-{0:0}, at: __kernfs_remove+0x20\n|\n| but task is already holding lock:\n| ffffffffa0249068 (list_mutex){+.+.}-{3:3}, at: idletimer_tg_destroy_v]\n|\n| which lock already depends on the new lock.\n\nA simple reproducer is:\n\n| #!/bin/bash\n|\n| while true; do\n| iptables -A INPUT -i foo -j IDLETIMER --timeout 10 --label \"testme\"\n| iptables -D INPUT -i foo -j IDLETIMER --timeout 10 --label \"testme\"\n| done \u0026\n| while true; do\n| cat /sys/class/xt_idletimer/timers/testme \u003e/dev/null\n| done\n\nAvoid this by freeing list_mutex right after deleting the element from\nthe list, then continuing with the teardown.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-54683",
"url": "https://www.suse.com/security/cve/CVE-2024-54683"
},
{
"category": "external",
"summary": "SUSE Bug 1235729 for CVE-2024-54683",
"url": "https://bugzilla.suse.com/1235729"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2024-54683"
},
{
"cve": "CVE-2024-56539",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56539"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan()\n\nReplace one-element array with a flexible-array member in `struct\nmwifiex_ie_types_wildcard_ssid_params` to fix the following warning\non a MT8173 Chromebook (mt8173-elm-hana):\n\n[ 356.775250] ------------[ cut here ]------------\n[ 356.784543] memcpy: detected field-spanning write (size 6) of single field \"wildcard_ssid_tlv-\u003essid\" at drivers/net/wireless/marvell/mwifiex/scan.c:904 (size 1)\n[ 356.813403] WARNING: CPU: 3 PID: 742 at drivers/net/wireless/marvell/mwifiex/scan.c:904 mwifiex_scan_networks+0x4fc/0xf28 [mwifiex]\n\nThe \"(size 6)\" above is exactly the length of the SSID of the network\nthis device was connected to. The source of the warning looks like:\n\n ssid_len = user_scan_in-\u003essid_list[i].ssid_len;\n [...]\n memcpy(wildcard_ssid_tlv-\u003essid,\n user_scan_in-\u003essid_list[i].ssid, ssid_len);\n\nThere is a #define WILDCARD_SSID_TLV_MAX_SIZE that uses sizeof() on this\nstruct, but it already didn\u0027t account for the size of the one-element\narray, so it doesn\u0027t need to be changed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56539",
"url": "https://www.suse.com/security/cve/CVE-2024-56539"
},
{
"category": "external",
"summary": "SUSE Bug 1234853 for CVE-2024-56539",
"url": "https://bugzilla.suse.com/1234853"
},
{
"category": "external",
"summary": "SUSE Bug 1234963 for CVE-2024-56539",
"url": "https://bugzilla.suse.com/1234963"
},
{
"category": "external",
"summary": "SUSE Bug 1234964 for CVE-2024-56539",
"url": "https://bugzilla.suse.com/1234964"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "important"
}
],
"title": "CVE-2024-56539"
},
{
"cve": "CVE-2024-56548",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56548"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nhfsplus: don\u0027t query the device logical block size multiple times\n\nDevices block sizes may change. One of these cases is a loop device by\nusing ioctl LOOP_SET_BLOCK_SIZE.\n\nWhile this may cause other issues like IO being rejected, in the case of\nhfsplus, it will allocate a block by using that size and potentially write\nout-of-bounds when hfsplus_read_wrapper calls hfsplus_submit_bio and the\nlatter function reads a different io_size.\n\nUsing a new min_io_size initally set to sb_min_blocksize works for the\npurposes of the original fix, since it will be set to the max between\nHFSPLUS_SECTOR_SIZE and the first seen logical block size. We still use the\nmax between HFSPLUS_SECTOR_SIZE and min_io_size in case the latter is not\ninitialized.\n\nTested by mounting an hfsplus filesystem with loop block sizes 512, 1024\nand 4096.\n\nThe produced KASAN report before the fix looks like this:\n\n[ 419.944641] ==================================================================\n[ 419.945655] BUG: KASAN: slab-use-after-free in hfsplus_read_wrapper+0x659/0xa0a\n[ 419.946703] Read of size 2 at addr ffff88800721fc00 by task repro/10678\n[ 419.947612]\n[ 419.947846] CPU: 0 UID: 0 PID: 10678 Comm: repro Not tainted 6.12.0-rc5-00008-gdf56e0f2f3ca #84\n[ 419.949007] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014\n[ 419.950035] Call Trace:\n[ 419.950384] \u003cTASK\u003e\n[ 419.950676] dump_stack_lvl+0x57/0x78\n[ 419.951212] ? hfsplus_read_wrapper+0x659/0xa0a\n[ 419.951830] print_report+0x14c/0x49e\n[ 419.952361] ? __virt_addr_valid+0x267/0x278\n[ 419.952979] ? kmem_cache_debug_flags+0xc/0x1d\n[ 419.953561] ? hfsplus_read_wrapper+0x659/0xa0a\n[ 419.954231] kasan_report+0x89/0xb0\n[ 419.954748] ? hfsplus_read_wrapper+0x659/0xa0a\n[ 419.955367] hfsplus_read_wrapper+0x659/0xa0a\n[ 419.955948] ? __pfx_hfsplus_read_wrapper+0x10/0x10\n[ 419.956618] ? do_raw_spin_unlock+0x59/0x1a9\n[ 419.957214] ? _raw_spin_unlock+0x1a/0x2e\n[ 419.957772] hfsplus_fill_super+0x348/0x1590\n[ 419.958355] ? hlock_class+0x4c/0x109\n[ 419.958867] ? __pfx_hfsplus_fill_super+0x10/0x10\n[ 419.959499] ? __pfx_string+0x10/0x10\n[ 419.960006] ? lock_acquire+0x3e2/0x454\n[ 419.960532] ? bdev_name.constprop.0+0xce/0x243\n[ 419.961129] ? __pfx_bdev_name.constprop.0+0x10/0x10\n[ 419.961799] ? pointer+0x3f0/0x62f\n[ 419.962277] ? __pfx_pointer+0x10/0x10\n[ 419.962761] ? vsnprintf+0x6c4/0xfba\n[ 419.963178] ? __pfx_vsnprintf+0x10/0x10\n[ 419.963621] ? setup_bdev_super+0x376/0x3b3\n[ 419.964029] ? snprintf+0x9d/0xd2\n[ 419.964344] ? __pfx_snprintf+0x10/0x10\n[ 419.964675] ? lock_acquired+0x45c/0x5e9\n[ 419.965016] ? set_blocksize+0x139/0x1c1\n[ 419.965381] ? sb_set_blocksize+0x6d/0xae\n[ 419.965742] ? __pfx_hfsplus_fill_super+0x10/0x10\n[ 419.966179] mount_bdev+0x12f/0x1bf\n[ 419.966512] ? __pfx_mount_bdev+0x10/0x10\n[ 419.966886] ? vfs_parse_fs_string+0xce/0x111\n[ 419.967293] ? __pfx_vfs_parse_fs_string+0x10/0x10\n[ 419.967702] ? __pfx_hfsplus_mount+0x10/0x10\n[ 419.968073] legacy_get_tree+0x104/0x178\n[ 419.968414] vfs_get_tree+0x86/0x296\n[ 419.968751] path_mount+0xba3/0xd0b\n[ 419.969157] ? __pfx_path_mount+0x10/0x10\n[ 419.969594] ? kmem_cache_free+0x1e2/0x260\n[ 419.970311] do_mount+0x99/0xe0\n[ 419.970630] ? __pfx_do_mount+0x10/0x10\n[ 419.971008] __do_sys_mount+0x199/0x1c9\n[ 419.971397] do_syscall_64+0xd0/0x135\n[ 419.971761] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n[ 419.972233] RIP: 0033:0x7c3cb812972e\n[ 419.972564] Code: 48 8b 0d f5 46 0d 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 49 89 ca b8 a5 00 00 00 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 0d c2 46 0d 00 f7 d8 64 89 01 48\n[ 419.974371] RSP: 002b:00007ffe30632548 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5\n[ 419.975048] RAX: ffffffffffffffda RBX: 00007ffe306328d8 RCX: 00007c3cb812972e\n[ 419.975701] RDX: 0000000020000000 RSI: 0000000020000c80 RDI:\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56548",
"url": "https://www.suse.com/security/cve/CVE-2024-56548"
},
{
"category": "external",
"summary": "SUSE Bug 1234853 for CVE-2024-56548",
"url": "https://bugzilla.suse.com/1234853"
},
{
"category": "external",
"summary": "SUSE Bug 1235073 for CVE-2024-56548",
"url": "https://bugzilla.suse.com/1235073"
},
{
"category": "external",
"summary": "SUSE Bug 1235074 for CVE-2024-56548",
"url": "https://bugzilla.suse.com/1235074"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "important"
}
],
"title": "CVE-2024-56548"
},
{
"cve": "CVE-2024-56579",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56579"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: amphion: Set video drvdata before register video device\n\nThe video drvdata should be set before the video device is registered,\notherwise video_drvdata() may return NULL in the open() file ops, and led\nto oops.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56579",
"url": "https://www.suse.com/security/cve/CVE-2024-56579"
},
{
"category": "external",
"summary": "SUSE Bug 1236575 for CVE-2024-56579",
"url": "https://bugzilla.suse.com/1236575"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2024-56579"
},
{
"cve": "CVE-2024-56592",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56592"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Call free_htab_elem() after htab_unlock_bucket()\n\nFor htab of maps, when the map is removed from the htab, it may hold the\nlast reference of the map. bpf_map_fd_put_ptr() will invoke\nbpf_map_free_id() to free the id of the removed map element. However,\nbpf_map_fd_put_ptr() is invoked while holding a bucket lock\n(raw_spin_lock_t), and bpf_map_free_id() attempts to acquire map_idr_lock\n(spinlock_t), triggering the following lockdep warning:\n\n =============================\n [ BUG: Invalid wait context ]\n 6.11.0-rc4+ #49 Not tainted\n -----------------------------\n test_maps/4881 is trying to lock:\n ffffffff84884578 (map_idr_lock){+...}-{3:3}, at: bpf_map_free_id.part.0+0x21/0x70\n other info that might help us debug this:\n context-{5:5}\n 2 locks held by test_maps/4881:\n #0: ffffffff846caf60 (rcu_read_lock){....}-{1:3}, at: bpf_fd_htab_map_update_elem+0xf9/0x270\n #1: ffff888149ced148 (\u0026htab-\u003elockdep_key#2){....}-{2:2}, at: htab_map_update_elem+0x178/0xa80\n stack backtrace:\n CPU: 0 UID: 0 PID: 4881 Comm: test_maps Not tainted 6.11.0-rc4+ #49\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), ...\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x6e/0xb0\n dump_stack+0x10/0x20\n __lock_acquire+0x73e/0x36c0\n lock_acquire+0x182/0x450\n _raw_spin_lock_irqsave+0x43/0x70\n bpf_map_free_id.part.0+0x21/0x70\n bpf_map_put+0xcf/0x110\n bpf_map_fd_put_ptr+0x9a/0xb0\n free_htab_elem+0x69/0xe0\n htab_map_update_elem+0x50f/0xa80\n bpf_fd_htab_map_update_elem+0x131/0x270\n htab_map_update_elem+0x50f/0xa80\n bpf_fd_htab_map_update_elem+0x131/0x270\n bpf_map_update_value+0x266/0x380\n __sys_bpf+0x21bb/0x36b0\n __x64_sys_bpf+0x45/0x60\n x64_sys_call+0x1b2a/0x20d0\n do_syscall_64+0x5d/0x100\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nOne way to fix the lockdep warning is using raw_spinlock_t for\nmap_idr_lock as well. However, bpf_map_alloc_id() invokes\nidr_alloc_cyclic() after acquiring map_idr_lock, it will trigger a\nsimilar lockdep warning because the slab\u0027s lock (s-\u003ecpu_slab-\u003elock) is\nstill a spinlock.\n\nInstead of changing map_idr_lock\u0027s type, fix the issue by invoking\nhtab_put_fd_value() after htab_unlock_bucket(). However, only deferring\nthe invocation of htab_put_fd_value() is not enough, because the old map\npointers in htab of maps can not be saved during batched deletion.\nTherefore, also defer the invocation of free_htab_elem(), so these\nto-be-freed elements could be linked together similar to lru map.\n\nThere are four callers for -\u003emap_fd_put_ptr:\n\n(1) alloc_htab_elem() (through htab_put_fd_value())\nIt invokes -\u003emap_fd_put_ptr() under a raw_spinlock_t. The invocation of\nhtab_put_fd_value() can not simply move after htab_unlock_bucket(),\nbecause the old element has already been stashed in htab-\u003eextra_elems.\nIt may be reused immediately after htab_unlock_bucket() and the\ninvocation of htab_put_fd_value() after htab_unlock_bucket() may release\nthe newly-added element incorrectly. Therefore, saving the map pointer\nof the old element for htab of maps before unlocking the bucket and\nreleasing the map_ptr after unlock. Beside the map pointer in the old\nelement, should do the same thing for the special fields in the old\nelement as well.\n\n(2) free_htab_elem() (through htab_put_fd_value())\nIts caller includes __htab_map_lookup_and_delete_elem(),\nhtab_map_delete_elem() and __htab_map_lookup_and_delete_batch().\n\nFor htab_map_delete_elem(), simply invoke free_htab_elem() after\nhtab_unlock_bucket(). For __htab_map_lookup_and_delete_batch(), just\nlike lru map, linking the to-be-freed element into node_to_free list\nand invoking free_htab_elem() for these element after unlock. It is safe\nto reuse batch_flink as the link for node_to_free, because these\nelements have been removed from the hash llist.\n\nBecause htab of maps doesn\u0027t support lookup_and_delete operation,\n__htab_map_lookup_and_delete_elem() doesn\u0027t have the problem, so kept\nit as\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56592",
"url": "https://www.suse.com/security/cve/CVE-2024-56592"
},
{
"category": "external",
"summary": "SUSE Bug 1235244 for CVE-2024-56592",
"url": "https://bugzilla.suse.com/1235244"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2024-56592"
},
{
"cve": "CVE-2024-56605",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56605"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create()\n\nbt_sock_alloc() allocates the sk object and attaches it to the provided\nsock object. On error l2cap_sock_alloc() frees the sk object, but the\ndangling pointer is still attached to the sock object, which may create\nuse-after-free in other code.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56605",
"url": "https://www.suse.com/security/cve/CVE-2024-56605"
},
{
"category": "external",
"summary": "SUSE Bug 1234853 for CVE-2024-56605",
"url": "https://bugzilla.suse.com/1234853"
},
{
"category": "external",
"summary": "SUSE Bug 1235061 for CVE-2024-56605",
"url": "https://bugzilla.suse.com/1235061"
},
{
"category": "external",
"summary": "SUSE Bug 1235062 for CVE-2024-56605",
"url": "https://bugzilla.suse.com/1235062"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "important"
}
],
"title": "CVE-2024-56605"
},
{
"cve": "CVE-2024-56633",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56633"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp_bpf: Fix the sk_mem_uncharge logic in tcp_bpf_sendmsg\n\nThe current sk memory accounting logic in __SK_REDIRECT is pre-uncharging\ntosend bytes, which is either msg-\u003esg.size or a smaller value apply_bytes.\n\nPotential problems with this strategy are as follows:\n\n- If the actual sent bytes are smaller than tosend, we need to charge some\n bytes back, as in line 487, which is okay but seems not clean.\n\n- When tosend is set to apply_bytes, as in line 417, and (ret \u003c 0), we may\n miss uncharging (msg-\u003esg.size - apply_bytes) bytes.\n\n[...]\n415 tosend = msg-\u003esg.size;\n416 if (psock-\u003eapply_bytes \u0026\u0026 psock-\u003eapply_bytes \u003c tosend)\n417 tosend = psock-\u003eapply_bytes;\n[...]\n443 sk_msg_return(sk, msg, tosend);\n444 release_sock(sk);\n446 origsize = msg-\u003esg.size;\n447 ret = tcp_bpf_sendmsg_redir(sk_redir, redir_ingress,\n448 msg, tosend, flags);\n449 sent = origsize - msg-\u003esg.size;\n[...]\n454 lock_sock(sk);\n455 if (unlikely(ret \u003c 0)) {\n456 int free = sk_msg_free_nocharge(sk, msg);\n458 if (!cork)\n459 *copied -= free;\n460 }\n[...]\n487 if (eval == __SK_REDIRECT)\n488 sk_mem_charge(sk, tosend - sent);\n[...]\n\nWhen running the selftest test_txmsg_redir_wait_sndmem with txmsg_apply,\nthe following warning will be reported:\n\n------------[ cut here ]------------\nWARNING: CPU: 6 PID: 57 at net/ipv4/af_inet.c:156 inet_sock_destruct+0x190/0x1a0\nModules linked in:\nCPU: 6 UID: 0 PID: 57 Comm: kworker/6:0 Not tainted 6.12.0-rc1.bm.1-amd64+ #43\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014\nWorkqueue: events sk_psock_destroy\nRIP: 0010:inet_sock_destruct+0x190/0x1a0\nRSP: 0018:ffffad0a8021fe08 EFLAGS: 00010206\nRAX: 0000000000000011 RBX: ffff9aab4475b900 RCX: ffff9aab481a0800\nRDX: 0000000000000303 RSI: 0000000000000011 RDI: ffff9aab4475b900\nRBP: ffff9aab4475b990 R08: 0000000000000000 R09: ffff9aab40050ec0\nR10: 0000000000000000 R11: ffff9aae6fdb1d01 R12: ffff9aab49c60400\nR13: ffff9aab49c60598 R14: ffff9aab49c60598 R15: dead000000000100\nFS: 0000000000000000(0000) GS:ffff9aae6fd80000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007ffec7e47bd8 CR3: 00000001a1a1c004 CR4: 0000000000770ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n\u003cTASK\u003e\n? __warn+0x89/0x130\n? inet_sock_destruct+0x190/0x1a0\n? report_bug+0xfc/0x1e0\n? handle_bug+0x5c/0xa0\n? exc_invalid_op+0x17/0x70\n? asm_exc_invalid_op+0x1a/0x20\n? inet_sock_destruct+0x190/0x1a0\n__sk_destruct+0x25/0x220\nsk_psock_destroy+0x2b2/0x310\nprocess_scheduled_works+0xa3/0x3e0\nworker_thread+0x117/0x240\n? __pfx_worker_thread+0x10/0x10\nkthread+0xcf/0x100\n? __pfx_kthread+0x10/0x10\nret_from_fork+0x31/0x40\n? __pfx_kthread+0x10/0x10\nret_from_fork_asm+0x1a/0x30\n\u003c/TASK\u003e\n---[ end trace 0000000000000000 ]---\n\nIn __SK_REDIRECT, a more concise way is delaying the uncharging after sent\nbytes are finalized, and uncharge this value. When (ret \u003c 0), we shall\ninvoke sk_msg_free.\n\nSame thing happens in case __SK_DROP, when tosend is set to apply_bytes,\nwe may miss uncharging (msg-\u003esg.size - apply_bytes) bytes. The same\nwarning will be reported in selftest.\n\n[...]\n468 case __SK_DROP:\n469 default:\n470 sk_msg_free_partial(sk, msg, tosend);\n471 sk_msg_apply_bytes(psock, tosend);\n472 *copied -= (tosend + delta);\n473 return -EACCES;\n[...]\n\nSo instead of sk_msg_free_partial we can do sk_msg_free here.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56633",
"url": "https://www.suse.com/security/cve/CVE-2024-56633"
},
{
"category": "external",
"summary": "SUSE Bug 1235485 for CVE-2024-56633",
"url": "https://bugzilla.suse.com/1235485"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2024-56633"
},
{
"cve": "CVE-2024-56638",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56638"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_inner: incorrect percpu area handling under softirq\n\nSoftirq can interrupt ongoing packet from process context that is\nwalking over the percpu area that contains inner header offsets.\n\nDisable bh and perform three checks before restoring the percpu inner\nheader offsets to validate that the percpu area is valid for this\nskbuff:\n\n1) If the NFT_PKTINFO_INNER_FULL flag is set on, then this skbuff\n has already been parsed before for inner header fetching to\n register.\n\n2) Validate that the percpu area refers to this skbuff using the\n skbuff pointer as a cookie. If there is a cookie mismatch, then\n this skbuff needs to be parsed again.\n\n3) Finally, validate if the percpu area refers to this tunnel type.\n\nOnly after these three checks the percpu area is restored to a on-stack\ncopy and bh is enabled again.\n\nAfter inner header fetching, the on-stack copy is stored back to the\npercpu area.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56638",
"url": "https://www.suse.com/security/cve/CVE-2024-56638"
},
{
"category": "external",
"summary": "SUSE Bug 1235524 for CVE-2024-56638",
"url": "https://bugzilla.suse.com/1235524"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2024-56638"
},
{
"cve": "CVE-2024-56640",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56640"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: fix LGR and link use-after-free issue\n\nWe encountered a LGR/link use-after-free issue, which manifested as\nthe LGR/link refcnt reaching 0 early and entering the clear process,\nmaking resource access unsafe.\n\n refcount_t: addition on 0; use-after-free.\n WARNING: CPU: 14 PID: 107447 at lib/refcount.c:25 refcount_warn_saturate+0x9c/0x140\n Workqueue: events smc_lgr_terminate_work [smc]\n Call trace:\n refcount_warn_saturate+0x9c/0x140\n __smc_lgr_terminate.part.45+0x2a8/0x370 [smc]\n smc_lgr_terminate_work+0x28/0x30 [smc]\n process_one_work+0x1b8/0x420\n worker_thread+0x158/0x510\n kthread+0x114/0x118\n\nor\n\n refcount_t: underflow; use-after-free.\n WARNING: CPU: 6 PID: 93140 at lib/refcount.c:28 refcount_warn_saturate+0xf0/0x140\n Workqueue: smc_hs_wq smc_listen_work [smc]\n Call trace:\n refcount_warn_saturate+0xf0/0x140\n smcr_link_put+0x1cc/0x1d8 [smc]\n smc_conn_free+0x110/0x1b0 [smc]\n smc_conn_abort+0x50/0x60 [smc]\n smc_listen_find_device+0x75c/0x790 [smc]\n smc_listen_work+0x368/0x8a0 [smc]\n process_one_work+0x1b8/0x420\n worker_thread+0x158/0x510\n kthread+0x114/0x118\n\nIt is caused by repeated release of LGR/link refcnt. One suspect is that\nsmc_conn_free() is called repeatedly because some smc_conn_free() from\nserver listening path are not protected by sock lock.\n\ne.g.\n\nCalls under socklock | smc_listen_work\n-------------------------------------------------------\nlock_sock(sk) | smc_conn_abort\nsmc_conn_free | \\- smc_conn_free\n\\- smcr_link_put | \\- smcr_link_put (duplicated)\nrelease_sock(sk)\n\nSo here add sock lock protection in smc_listen_work() path, making it\nexclusive with other connection operations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56640",
"url": "https://www.suse.com/security/cve/CVE-2024-56640"
},
{
"category": "external",
"summary": "SUSE Bug 1235436 for CVE-2024-56640",
"url": "https://bugzilla.suse.com/1235436"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2024-56640"
},
{
"cve": "CVE-2024-56647",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56647"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: Fix icmp host relookup triggering ip_rt_bug\n\narp link failure may trigger ip_rt_bug while xfrm enabled, call trace is:\n\nWARNING: CPU: 0 PID: 0 at net/ipv4/route.c:1241 ip_rt_bug+0x14/0x20\nModules linked in:\nCPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.12.0-rc6-00077-g2e1b3cc9d7f7\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996),\nBIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\nRIP: 0010:ip_rt_bug+0x14/0x20\nCall Trace:\n \u003cIRQ\u003e\n ip_send_skb+0x14/0x40\n __icmp_send+0x42d/0x6a0\n ipv4_link_failure+0xe2/0x1d0\n arp_error_report+0x3c/0x50\n neigh_invalidate+0x8d/0x100\n neigh_timer_handler+0x2e1/0x330\n call_timer_fn+0x21/0x120\n __run_timer_base.part.0+0x1c9/0x270\n run_timer_softirq+0x4c/0x80\n handle_softirqs+0xac/0x280\n irq_exit_rcu+0x62/0x80\n sysvec_apic_timer_interrupt+0x77/0x90\n\nThe script below reproduces this scenario:\nip xfrm policy add src 0.0.0.0/0 dst 0.0.0.0/0 \\\n\tdir out priority 0 ptype main flag localok icmp\nip l a veth1 type veth\nip a a 192.168.141.111/24 dev veth0\nip l s veth0 up\nping 192.168.141.155 -c 1\n\nicmp_route_lookup() create input routes for locally generated packets\nwhile xfrm relookup ICMP traffic.Then it will set input route\n(dst-\u003eout = ip_rt_bug) to skb for DESTUNREACH.\n\nFor ICMP err triggered by locally generated packets, dst-\u003edev of output\nroute is loopback. Generally, xfrm relookup verification is not required\non loopback interfaces (net.ipv4.conf.lo.disable_xfrm = 1).\n\nSkip icmp relookup for locally generated packets to fix it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56647",
"url": "https://www.suse.com/security/cve/CVE-2024-56647"
},
{
"category": "external",
"summary": "SUSE Bug 1235435 for CVE-2024-56647",
"url": "https://bugzilla.suse.com/1235435"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2024-56647"
},
{
"cve": "CVE-2024-56658",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56658"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: defer final \u0027struct net\u0027 free in netns dismantle\n\nIlya reported a slab-use-after-free in dst_destroy [1]\n\nIssue is in xfrm6_net_init() and xfrm4_net_init() :\n\nThey copy xfrm[46]_dst_ops_template into net-\u003exfrm.xfrm[46]_dst_ops.\n\nBut net structure might be freed before all the dst callbacks are\ncalled. So when dst_destroy() calls later :\n\nif (dst-\u003eops-\u003edestroy)\n dst-\u003eops-\u003edestroy(dst);\n\ndst-\u003eops points to the old net-\u003exfrm.xfrm[46]_dst_ops, which has been freed.\n\nSee a relevant issue fixed in :\n\nac888d58869b (\"net: do not delay dst_entries_add() in dst_release()\")\n\nA fix is to queue the \u0027struct net\u0027 to be freed after one\nanother cleanup_net() round (and existing rcu_barrier())\n\n[1]\n\nBUG: KASAN: slab-use-after-free in dst_destroy (net/core/dst.c:112)\nRead of size 8 at addr ffff8882137ccab0 by task swapper/37/0\nDec 03 05:46:18 kernel:\nCPU: 37 UID: 0 PID: 0 Comm: swapper/37 Kdump: loaded Not tainted 6.12.0 #67\nHardware name: Red Hat KVM/RHEL, BIOS 1.16.1-1.el9 04/01/2014\nCall Trace:\n \u003cIRQ\u003e\ndump_stack_lvl (lib/dump_stack.c:124)\nprint_address_description.constprop.0 (mm/kasan/report.c:378)\n? dst_destroy (net/core/dst.c:112)\nprint_report (mm/kasan/report.c:489)\n? dst_destroy (net/core/dst.c:112)\n? kasan_addr_to_slab (mm/kasan/common.c:37)\nkasan_report (mm/kasan/report.c:603)\n? dst_destroy (net/core/dst.c:112)\n? rcu_do_batch (kernel/rcu/tree.c:2567)\ndst_destroy (net/core/dst.c:112)\nrcu_do_batch (kernel/rcu/tree.c:2567)\n? __pfx_rcu_do_batch (kernel/rcu/tree.c:2491)\n? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4339 kernel/locking/lockdep.c:4406)\nrcu_core (kernel/rcu/tree.c:2825)\nhandle_softirqs (kernel/softirq.c:554)\n__irq_exit_rcu (kernel/softirq.c:589 kernel/softirq.c:428 kernel/softirq.c:637)\nirq_exit_rcu (kernel/softirq.c:651)\nsysvec_apic_timer_interrupt (arch/x86/kernel/apic/apic.c:1049 arch/x86/kernel/apic/apic.c:1049)\n \u003c/IRQ\u003e\n \u003cTASK\u003e\nasm_sysvec_apic_timer_interrupt (./arch/x86/include/asm/idtentry.h:702)\nRIP: 0010:default_idle (./arch/x86/include/asm/irqflags.h:37 ./arch/x86/include/asm/irqflags.h:92 arch/x86/kernel/process.c:743)\nCode: 00 4d 29 c8 4c 01 c7 4c 29 c2 e9 6e ff ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 90 0f 00 2d c7 c9 27 00 fb f4 \u003cfa\u003e c3 cc cc cc cc 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 90\nRSP: 0018:ffff888100d2fe00 EFLAGS: 00000246\nRAX: 00000000001870ed RBX: 1ffff110201a5fc2 RCX: ffffffffb61a3e46\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffffb3d4d123\nRBP: 0000000000000000 R08: 0000000000000001 R09: ffffed11c7e1835d\nR10: ffff888e3f0c1aeb R11: 0000000000000000 R12: 0000000000000000\nR13: ffff888100d20000 R14: dffffc0000000000 R15: 0000000000000000\n? ct_kernel_exit.constprop.0 (kernel/context_tracking.c:148)\n? cpuidle_idle_call (kernel/sched/idle.c:186)\ndefault_idle_call (./include/linux/cpuidle.h:143 kernel/sched/idle.c:118)\ncpuidle_idle_call (kernel/sched/idle.c:186)\n? __pfx_cpuidle_idle_call (kernel/sched/idle.c:168)\n? lock_release (kernel/locking/lockdep.c:467 kernel/locking/lockdep.c:5848)\n? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4347 kernel/locking/lockdep.c:4406)\n? tsc_verify_tsc_adjust (arch/x86/kernel/tsc_sync.c:59)\ndo_idle (kernel/sched/idle.c:326)\ncpu_startup_entry (kernel/sched/idle.c:423 (discriminator 1))\nstart_secondary (arch/x86/kernel/smpboot.c:202 arch/x86/kernel/smpboot.c:282)\n? __pfx_start_secondary (arch/x86/kernel/smpboot.c:232)\n? soft_restart_cpu (arch/x86/kernel/head_64.S:452)\ncommon_startup_64 (arch/x86/kernel/head_64.S:414)\n \u003c/TASK\u003e\nDec 03 05:46:18 kernel:\nAllocated by task 12184:\nkasan_save_stack (mm/kasan/common.c:48)\nkasan_save_track (./arch/x86/include/asm/current.h:49 mm/kasan/common.c:60 mm/kasan/common.c:69)\n__kasan_slab_alloc (mm/kasan/common.c:319 mm/kasan/common.c:345)\nkmem_cache_alloc_noprof (mm/slub.c:4085 mm/slub.c:4134 mm/slub.c:4141)\ncopy_net_ns (net/core/net_namespace.c:421 net/core/net_namespace.c:480)\ncreate_new_namespaces\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56658",
"url": "https://www.suse.com/security/cve/CVE-2024-56658"
},
{
"category": "external",
"summary": "SUSE Bug 1235441 for CVE-2024-56658",
"url": "https://bugzilla.suse.com/1235441"
},
{
"category": "external",
"summary": "SUSE Bug 1235442 for CVE-2024-56658",
"url": "https://bugzilla.suse.com/1235442"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "important"
}
],
"title": "CVE-2024-56658"
},
{
"cve": "CVE-2024-56702",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56702"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Mark raw_tp arguments with PTR_MAYBE_NULL\n\nArguments to a raw tracepoint are tagged as trusted, which carries the\nsemantics that the pointer will be non-NULL. However, in certain cases,\na raw tracepoint argument may end up being NULL. More context about this\nissue is available in [0].\n\nThus, there is a discrepancy between the reality, that raw_tp arguments\ncan actually be NULL, and the verifier\u0027s knowledge, that they are never\nNULL, causing explicit NULL checks to be deleted, and accesses to such\npointers potentially crashing the kernel.\n\nTo fix this, mark raw_tp arguments as PTR_MAYBE_NULL, and then special\ncase the dereference and pointer arithmetic to permit it, and allow\npassing them into helpers/kfuncs; these exceptions are made for raw_tp\nprograms only. Ensure that we don\u0027t do this when ref_obj_id \u003e 0, as in\nthat case this is an acquired object and doesn\u0027t need such adjustment.\n\nThe reason we do mask_raw_tp_trusted_reg logic is because other will\nrecheck in places whether the register is a trusted_reg, and then\nconsider our register as untrusted when detecting the presence of the\nPTR_MAYBE_NULL flag.\n\nTo allow safe dereference, we enable PROBE_MEM marking when we see loads\ninto trusted pointers with PTR_MAYBE_NULL.\n\nWhile trusted raw_tp arguments can also be passed into helpers or kfuncs\nwhere such broken assumption may cause issues, a future patch set will\ntackle their case separately, as PTR_TO_BTF_ID (without PTR_TRUSTED) can\nalready be passed into helpers and causes similar problems. Thus, they\nare left alone for now.\n\nIt is possible that these checks also permit passing non-raw_tp args\nthat are trusted PTR_TO_BTF_ID with null marking. In such a case,\nallowing dereference when pointer is NULL expands allowed behavior, so\nwon\u0027t regress existing programs, and the case of passing these into\nhelpers is the same as above and will be dealt with later.\n\nAlso update the failure case in tp_btf_nullable selftest to capture the\nnew behavior, as the verifier will no longer cause an error when\ndirectly dereference a raw tracepoint argument marked as __nullable.\n\n [0]: https://lore.kernel.org/bpf/ZrCZS6nisraEqehw@jlelli-thinkpadt14gen4.remote.csb",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56702",
"url": "https://www.suse.com/security/cve/CVE-2024-56702"
},
{
"category": "external",
"summary": "SUSE Bug 1235501 for CVE-2024-56702",
"url": "https://bugzilla.suse.com/1235501"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2024-56702"
},
{
"cve": "CVE-2024-56703",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56703"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: Fix soft lockups in fib6_select_path under high next hop churn\n\nSoft lockups have been observed on a cluster of Linux-based edge routers\nlocated in a highly dynamic environment. Using the `bird` service, these\nrouters continuously update BGP-advertised routes due to frequently\nchanging nexthop destinations, while also managing significant IPv6\ntraffic. The lockups occur during the traversal of the multipath\ncircular linked-list in the `fib6_select_path` function, particularly\nwhile iterating through the siblings in the list. The issue typically\narises when the nodes of the linked list are unexpectedly deleted\nconcurrently on a different core-indicated by their \u0027next\u0027 and\n\u0027previous\u0027 elements pointing back to the node itself and their reference\ncount dropping to zero. This results in an infinite loop, leading to a\nsoft lockup that triggers a system panic via the watchdog timer.\n\nApply RCU primitives in the problematic code sections to resolve the\nissue. Where necessary, update the references to fib6_siblings to\nannotate or use the RCU APIs.\n\nInclude a test script that reproduces the issue. The script\nperiodically updates the routing table while generating a heavy load\nof outgoing IPv6 traffic through multiple iperf3 clients. It\nconsistently induces infinite soft lockups within a couple of minutes.\n\nKernel log:\n\n 0 [ffffbd13003e8d30] machine_kexec at ffffffff8ceaf3eb\n 1 [ffffbd13003e8d90] __crash_kexec at ffffffff8d0120e3\n 2 [ffffbd13003e8e58] panic at ffffffff8cef65d4\n 3 [ffffbd13003e8ed8] watchdog_timer_fn at ffffffff8d05cb03\n 4 [ffffbd13003e8f08] __hrtimer_run_queues at ffffffff8cfec62f\n 5 [ffffbd13003e8f70] hrtimer_interrupt at ffffffff8cfed756\n 6 [ffffbd13003e8fd0] __sysvec_apic_timer_interrupt at ffffffff8cea01af\n 7 [ffffbd13003e8ff0] sysvec_apic_timer_interrupt at ffffffff8df1b83d\n-- \u003cIRQ stack\u003e --\n 8 [ffffbd13003d3708] asm_sysvec_apic_timer_interrupt at ffffffff8e000ecb\n [exception RIP: fib6_select_path+299]\n RIP: ffffffff8ddafe7b RSP: ffffbd13003d37b8 RFLAGS: 00000287\n RAX: ffff975850b43600 RBX: ffff975850b40200 RCX: 0000000000000000\n RDX: 000000003fffffff RSI: 0000000051d383e4 RDI: ffff975850b43618\n RBP: ffffbd13003d3800 R8: 0000000000000000 R9: ffff975850b40200\n R10: 0000000000000000 R11: 0000000000000000 R12: ffffbd13003d3830\n R13: ffff975850b436a8 R14: ffff975850b43600 R15: 0000000000000007\n ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018\n 9 [ffffbd13003d3808] ip6_pol_route at ffffffff8ddb030c\n10 [ffffbd13003d3888] ip6_pol_route_input at ffffffff8ddb068c\n11 [ffffbd13003d3898] fib6_rule_lookup at ffffffff8ddf02b5\n12 [ffffbd13003d3928] ip6_route_input at ffffffff8ddb0f47\n13 [ffffbd13003d3a18] ip6_rcv_finish_core.constprop.0 at ffffffff8dd950d0\n14 [ffffbd13003d3a30] ip6_list_rcv_finish.constprop.0 at ffffffff8dd96274\n15 [ffffbd13003d3a98] ip6_sublist_rcv at ffffffff8dd96474\n16 [ffffbd13003d3af8] ipv6_list_rcv at ffffffff8dd96615\n17 [ffffbd13003d3b60] __netif_receive_skb_list_core at ffffffff8dc16fec\n18 [ffffbd13003d3be0] netif_receive_skb_list_internal at ffffffff8dc176b3\n19 [ffffbd13003d3c50] napi_gro_receive at ffffffff8dc565b9\n20 [ffffbd13003d3c80] ice_receive_skb at ffffffffc087e4f5 [ice]\n21 [ffffbd13003d3c90] ice_clean_rx_irq at ffffffffc0881b80 [ice]\n22 [ffffbd13003d3d20] ice_napi_poll at ffffffffc088232f [ice]\n23 [ffffbd13003d3d80] __napi_poll at ffffffff8dc18000\n24 [ffffbd13003d3db8] net_rx_action at ffffffff8dc18581\n25 [ffffbd13003d3e40] __do_softirq at ffffffff8df352e9\n26 [ffffbd13003d3eb0] run_ksoftirqd at ffffffff8ceffe47\n27 [ffffbd13003d3ec0] smpboot_thread_fn at ffffffff8cf36a30\n28 [ffffbd13003d3ee8] kthread at ffffffff8cf2b39f\n29 [ffffbd13003d3f28] ret_from_fork at ffffffff8ce5fa64\n30 [ffffbd13003d3f50] ret_from_fork_asm at ffffffff8ce03cbb",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56703",
"url": "https://www.suse.com/security/cve/CVE-2024-56703"
},
{
"category": "external",
"summary": "SUSE Bug 1235455 for CVE-2024-56703",
"url": "https://bugzilla.suse.com/1235455"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2024-56703"
},
{
"cve": "CVE-2024-56718",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56718"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: protect link down work from execute after lgr freed\n\nlink down work may be scheduled before lgr freed but execute\nafter lgr freed, which may result in crash. So it is need to\nhold a reference before shedule link down work, and put the\nreference after work executed or canceled.\n\nThe relevant crash call stack as follows:\n list_del corruption. prev-\u003enext should be ffffb638c9c0fe20,\n but was 0000000000000000\n ------------[ cut here ]------------\n kernel BUG at lib/list_debug.c:51!\n invalid opcode: 0000 [#1] SMP NOPTI\n CPU: 6 PID: 978112 Comm: kworker/6:119 Kdump: loaded Tainted: G #1\n Hardware name: Alibaba Cloud Alibaba Cloud ECS, BIOS 2221b89 04/01/2014\n Workqueue: events smc_link_down_work [smc]\n RIP: 0010:__list_del_entry_valid.cold+0x31/0x47\n RSP: 0018:ffffb638c9c0fdd8 EFLAGS: 00010086\n RAX: 0000000000000054 RBX: ffff942fb75e5128 RCX: 0000000000000000\n RDX: ffff943520930aa0 RSI: ffff94352091fc80 RDI: ffff94352091fc80\n RBP: 0000000000000000 R08: 0000000000000000 R09: ffffb638c9c0fc38\n R10: ffffb638c9c0fc30 R11: ffffffffa015eb28 R12: 0000000000000002\n R13: ffffb638c9c0fe20 R14: 0000000000000001 R15: ffff942f9cd051c0\n FS: 0000000000000000(0000) GS:ffff943520900000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f4f25214000 CR3: 000000025fbae004 CR4: 00000000007706e0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n PKRU: 55555554\n Call Trace:\n rwsem_down_write_slowpath+0x17e/0x470\n smc_link_down_work+0x3c/0x60 [smc]\n process_one_work+0x1ac/0x350\n worker_thread+0x49/0x2f0\n ? rescuer_thread+0x360/0x360\n kthread+0x118/0x140\n ? __kthread_bind_mask+0x60/0x60\n ret_from_fork+0x1f/0x30",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56718",
"url": "https://www.suse.com/security/cve/CVE-2024-56718"
},
{
"category": "external",
"summary": "SUSE Bug 1235589 for CVE-2024-56718",
"url": "https://bugzilla.suse.com/1235589"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2024-56718"
},
{
"cve": "CVE-2024-56719",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56719"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: stmmac: fix TSO DMA API usage causing oops\n\nCommit 66600fac7a98 (\"net: stmmac: TSO: Fix unbalanced DMA map/unmap\nfor non-paged SKB data\") moved the assignment of tx_skbuff_dma[]\u0027s\nmembers to be later in stmmac_tso_xmit().\n\nThe buf (dma cookie) and len stored in this structure are passed to\ndma_unmap_single() by stmmac_tx_clean(). The DMA API requires that\nthe dma cookie passed to dma_unmap_single() is the same as the value\nreturned from dma_map_single(). However, by moving the assignment\nlater, this is not the case when priv-\u003edma_cap.addr64 \u003e 32 as \"des\"\nis offset by proto_hdr_len.\n\nThis causes problems such as:\n\n dwc-eth-dwmac 2490000.ethernet eth0: Tx DMA map failed\n\nand with DMA_API_DEBUG enabled:\n\n DMA-API: dwc-eth-dwmac 2490000.ethernet: device driver tries to +free DMA memory it has not allocated [device address=0x000000ffffcf65c0] [size=66 bytes]\n\nFix this by maintaining \"des\" as the original DMA cookie, and use\ntso_des to pass the offset DMA cookie to stmmac_tso_allocator().\n\nFull details of the crashes can be found at:\nhttps://lore.kernel.org/all/d8112193-0386-4e14-b516-37c2d838171a@nvidia.com/\nhttps://lore.kernel.org/all/klkzp5yn5kq5efgtrow6wbvnc46bcqfxs65nz3qy77ujr5turc@bwwhelz2l4dw/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56719",
"url": "https://www.suse.com/security/cve/CVE-2024-56719"
},
{
"category": "external",
"summary": "SUSE Bug 1235591 for CVE-2024-56719",
"url": "https://bugzilla.suse.com/1235591"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2024-56719"
},
{
"cve": "CVE-2024-56720",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56720"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, sockmap: Several fixes to bpf_msg_pop_data\n\nSeveral fixes to bpf_msg_pop_data,\n1. In sk_msg_shift_left, we should put_page\n2. if (len == 0), return early is better\n3. pop the entire sk_msg (last == msg-\u003esg.size) should be supported\n4. Fix for the value of variable \"a\"\n5. In sk_msg_shift_left, after shifting, i has already pointed to the next\nelement. Addtional sk_msg_iter_var_next may result in BUG.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56720",
"url": "https://www.suse.com/security/cve/CVE-2024-56720"
},
{
"category": "external",
"summary": "SUSE Bug 1235592 for CVE-2024-56720",
"url": "https://bugzilla.suse.com/1235592"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2024-56720"
},
{
"cve": "CVE-2024-56751",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56751"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: release nexthop on device removal\n\nThe CI is hitting some aperiodic hangup at device removal time in the\npmtu.sh self-test:\n\nunregister_netdevice: waiting for veth_A-R1 to become free. Usage count = 6\nref_tracker: veth_A-R1@ffff888013df15d8 has 1/5 users at\n\tdst_init+0x84/0x4a0\n\tdst_alloc+0x97/0x150\n\tip6_dst_alloc+0x23/0x90\n\tip6_rt_pcpu_alloc+0x1e6/0x520\n\tip6_pol_route+0x56f/0x840\n\tfib6_rule_lookup+0x334/0x630\n\tip6_route_output_flags+0x259/0x480\n\tip6_dst_lookup_tail.constprop.0+0x5c2/0x940\n\tip6_dst_lookup_flow+0x88/0x190\n\tudp_tunnel6_dst_lookup+0x2a7/0x4c0\n\tvxlan_xmit_one+0xbde/0x4a50 [vxlan]\n\tvxlan_xmit+0x9ad/0xf20 [vxlan]\n\tdev_hard_start_xmit+0x10e/0x360\n\t__dev_queue_xmit+0xf95/0x18c0\n\tarp_solicit+0x4a2/0xe00\n\tneigh_probe+0xaa/0xf0\n\nWhile the first suspect is the dst_cache, explicitly tracking the dst\nowing the last device reference via probes proved such dst is held by\nthe nexthop in the originating fib6_info.\n\nSimilar to commit f5b51fe804ec (\"ipv6: route: purge exception on\nremoval\"), we need to explicitly release the originating fib info when\ndisconnecting a to-be-removed device from a live ipv6 dst: move the\nfib6_info cleanup into ip6_dst_ifdown().\n\nTested running:\n\n./pmtu.sh cleanup_ipv6_exception\n\nin a tight loop for more than 400 iterations with no spat, running an\nunpatched kernel I observed a splat every ~10 iterations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56751",
"url": "https://www.suse.com/security/cve/CVE-2024-56751"
},
{
"category": "external",
"summary": "SUSE Bug 1234936 for CVE-2024-56751",
"url": "https://bugzilla.suse.com/1234936"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2024-56751"
},
{
"cve": "CVE-2024-56758",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56758"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: check folio mapping after unlock in relocate_one_folio()\n\nWhen we call btrfs_read_folio() to bring a folio uptodate, we unlock the\nfolio. The result of that is that a different thread can modify the\nmapping (like remove it with invalidate) before we call folio_lock().\nThis results in an invalid page and we need to try again.\n\nIn particular, if we are relocating concurrently with aborting a\ntransaction, this can result in a crash like the following:\n\n BUG: kernel NULL pointer dereference, address: 0000000000000000\n PGD 0 P4D 0\n Oops: 0000 [#1] SMP\n CPU: 76 PID: 1411631 Comm: kworker/u322:5\n Workqueue: events_unbound btrfs_reclaim_bgs_work\n RIP: 0010:set_page_extent_mapped+0x20/0xb0\n RSP: 0018:ffffc900516a7be8 EFLAGS: 00010246\n RAX: ffffea009e851d08 RBX: ffffea009e0b1880 RCX: 0000000000000000\n RDX: 0000000000000000 RSI: ffffc900516a7b90 RDI: ffffea009e0b1880\n RBP: 0000000003573000 R08: 0000000000000001 R09: ffff88c07fd2f3f0\n R10: 0000000000000000 R11: 0000194754b575be R12: 0000000003572000\n R13: 0000000003572fff R14: 0000000000100cca R15: 0000000005582fff\n FS: 0000000000000000(0000) GS:ffff88c07fd00000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000000000000000 CR3: 000000407d00f002 CR4: 00000000007706f0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n PKRU: 55555554\n Call Trace:\n \u003cTASK\u003e\n ? __die+0x78/0xc0\n ? page_fault_oops+0x2a8/0x3a0\n ? __switch_to+0x133/0x530\n ? wq_worker_running+0xa/0x40\n ? exc_page_fault+0x63/0x130\n ? asm_exc_page_fault+0x22/0x30\n ? set_page_extent_mapped+0x20/0xb0\n relocate_file_extent_cluster+0x1a7/0x940\n relocate_data_extent+0xaf/0x120\n relocate_block_group+0x20f/0x480\n btrfs_relocate_block_group+0x152/0x320\n btrfs_relocate_chunk+0x3d/0x120\n btrfs_reclaim_bgs_work+0x2ae/0x4e0\n process_scheduled_works+0x184/0x370\n worker_thread+0xc6/0x3e0\n ? blk_add_timer+0xb0/0xb0\n kthread+0xae/0xe0\n ? flush_tlb_kernel_range+0x90/0x90\n ret_from_fork+0x2f/0x40\n ? flush_tlb_kernel_range+0x90/0x90\n ret_from_fork_asm+0x11/0x20\n \u003c/TASK\u003e\n\nThis occurs because cleanup_one_transaction() calls\ndestroy_delalloc_inodes() which calls invalidate_inode_pages2() which\ntakes the folio_lock before setting mapping to NULL. We fail to check\nthis, and subsequently call set_extent_mapping(), which assumes that\nmapping != NULL (in fact it asserts that in debug mode)\n\nNote that the \"fixes\" patch here is not the one that introduced the\nrace (the very first iteration of this code from 2009) but a more recent\nchange that made this particular crash happen in practice.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56758",
"url": "https://www.suse.com/security/cve/CVE-2024-56758"
},
{
"category": "external",
"summary": "SUSE Bug 1235621 for CVE-2024-56758",
"url": "https://bugzilla.suse.com/1235621"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2024-56758"
},
{
"cve": "CVE-2024-56770",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56770"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: netem: account for backlog updates from child qdisc\n\nIn general, \u0027qlen\u0027 of any classful qdisc should keep track of the\nnumber of packets that the qdisc itself and all of its children holds.\nIn case of netem, \u0027qlen\u0027 only accounts for the packets in its internal\ntfifo. When netem is used with a child qdisc, the child qdisc can use\n\u0027qdisc_tree_reduce_backlog\u0027 to inform its parent, netem, about created\nor dropped SKBs. This function updates \u0027qlen\u0027 and the backlog statistics\nof netem, but netem does not account for changes made by a child qdisc.\n\u0027qlen\u0027 then indicates the wrong number of packets in the tfifo.\nIf a child qdisc creates new SKBs during enqueue and informs its parent\nabout this, netem\u0027s \u0027qlen\u0027 value is increased. When netem dequeues the\nnewly created SKBs from the child, the \u0027qlen\u0027 in netem is not updated.\nIf \u0027qlen\u0027 reaches the configured sch-\u003elimit, the enqueue function stops\nworking, even though the tfifo is not full.\n\nReproduce the bug:\nEnsure that the sender machine has GSO enabled. Configure netem as root\nqdisc and tbf as its child on the outgoing interface of the machine\nas follows:\n$ tc qdisc add dev \u003coif\u003e root handle 1: netem delay 100ms limit 100\n$ tc qdisc add dev \u003coif\u003e parent 1:0 tbf rate 50Mbit burst 1542 latency 50ms\n\nSend bulk TCP traffic out via this interface, e.g., by running an iPerf3\nclient on the machine. Check the qdisc statistics:\n$ tc -s qdisc show dev \u003coif\u003e\n\nStatistics after 10s of iPerf3 TCP test before the fix (note that\nnetem\u0027s backlog \u003e limit, netem stopped accepting packets):\nqdisc netem 1: root refcnt 2 limit 1000 delay 100ms\n Sent 2767766 bytes 1848 pkt (dropped 652, overlimits 0 requeues 0)\n backlog 4294528236b 1155p requeues 0\nqdisc tbf 10: parent 1:1 rate 50Mbit burst 1537b lat 50ms\n Sent 2767766 bytes 1848 pkt (dropped 327, overlimits 7601 requeues 0)\n backlog 0b 0p requeues 0\n\nStatistics after the fix:\nqdisc netem 1: root refcnt 2 limit 1000 delay 100ms\n Sent 37766372 bytes 24974 pkt (dropped 9, overlimits 0 requeues 0)\n backlog 0b 0p requeues 0\nqdisc tbf 10: parent 1:1 rate 50Mbit burst 1537b lat 50ms\n Sent 37766372 bytes 24974 pkt (dropped 327, overlimits 96017 requeues 0)\n backlog 0b 0p requeues 0\n\ntbf segments the GSO SKBs (tbf_segment) and updates the netem\u0027s \u0027qlen\u0027.\nThe interface fully stops transferring packets and \"locks\". In this case,\nthe child qdisc and tfifo are empty, but \u0027qlen\u0027 indicates the tfifo is at\nits limit and no more packets are accepted.\n\nThis patch adds a counter for the entries in the tfifo. Netem\u0027s \u0027qlen\u0027 is\nonly decreased when a packet is returned by its dequeue function, and not\nduring enqueuing into the child qdisc. External updates to \u0027qlen\u0027 are thus\naccounted for and only the behavior of the backlog statistics changes. As\nin other qdiscs, \u0027qlen\u0027 then keeps track of how many packets are held in\nnetem and all of its children. As before, sch-\u003elimit remains as the\nmaximum number of packets in the tfifo. The same applies to netem\u0027s\nbacklog statistics.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56770",
"url": "https://www.suse.com/security/cve/CVE-2024-56770"
},
{
"category": "external",
"summary": "SUSE Bug 1235637 for CVE-2024-56770",
"url": "https://bugzilla.suse.com/1235637"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2024-56770"
},
{
"cve": "CVE-2024-57807",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57807"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: megaraid_sas: Fix for a potential deadlock\n\nThis fixes a \u0027possible circular locking dependency detected\u0027 warning\n CPU0 CPU1\n ---- ----\n lock(\u0026instance-\u003ereset_mutex);\n lock(\u0026shost-\u003escan_mutex);\n lock(\u0026instance-\u003ereset_mutex);\n lock(\u0026shost-\u003escan_mutex);\n\nFix this by temporarily releasing the reset_mutex.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57807",
"url": "https://www.suse.com/security/cve/CVE-2024-57807"
},
{
"category": "external",
"summary": "SUSE Bug 1235761 for CVE-2024-57807",
"url": "https://bugzilla.suse.com/1235761"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2024-57807"
},
{
"cve": "CVE-2024-57834",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57834"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: vidtv: Fix a null-ptr-deref in vidtv_mux_stop_thread\n\nsyzbot report a null-ptr-deref in vidtv_mux_stop_thread. [1]\n\nIf dvb-\u003emux is not initialized successfully by vidtv_mux_init() in the\nvidtv_start_streaming(), it will trigger null pointer dereference about mux\nin vidtv_mux_stop_thread().\n\nAdjust the timing of streaming initialization and check it before\nstopping it.\n\n[1]\nKASAN: null-ptr-deref in range [0x0000000000000128-0x000000000000012f]\nCPU: 0 UID: 0 PID: 5842 Comm: syz-executor248 Not tainted 6.13.0-rc4-syzkaller-00012-g9b2ffa6148b1 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nRIP: 0010:vidtv_mux_stop_thread+0x26/0x80 drivers/media/test-drivers/vidtv/vidtv_mux.c:471\nCode: 90 90 90 90 66 0f 1f 00 55 53 48 89 fb e8 82 2e c8 f9 48 8d bb 28 01 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 \u003c0f\u003e b6 04 02 84 c0 74 02 7e 3b 0f b6 ab 28 01 00 00 31 ff 89 ee e8\nRSP: 0018:ffffc90003f2faa8 EFLAGS: 00010202\nRAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffff87cfb125\nRDX: 0000000000000025 RSI: ffffffff87d120ce RDI: 0000000000000128\nRBP: ffff888029b8d220 R08: 0000000000000005 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000003 R12: ffff888029b8d188\nR13: ffffffff8f590aa0 R14: ffffc9000581c5c8 R15: ffff888029a17710\nFS: 00007f7eef5156c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f7eef5e635c CR3: 0000000076ca6000 CR4: 00000000003526f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n vidtv_stop_streaming drivers/media/test-drivers/vidtv/vidtv_bridge.c:209 [inline]\n vidtv_stop_feed+0x151/0x250 drivers/media/test-drivers/vidtv/vidtv_bridge.c:252\n dmx_section_feed_stop_filtering+0x90/0x160 drivers/media/dvb-core/dvb_demux.c:1000\n dvb_dmxdev_feed_stop.isra.0+0x1ee/0x270 drivers/media/dvb-core/dmxdev.c:486\n dvb_dmxdev_filter_stop+0x22a/0x3a0 drivers/media/dvb-core/dmxdev.c:559\n dvb_dmxdev_filter_free drivers/media/dvb-core/dmxdev.c:840 [inline]\n dvb_demux_release+0x92/0x550 drivers/media/dvb-core/dmxdev.c:1246\n __fput+0x3f8/0xb60 fs/file_table.c:450\n task_work_run+0x14e/0x250 kernel/task_work.c:239\n get_signal+0x1d3/0x2610 kernel/signal.c:2790\n arch_do_signal_or_restart+0x90/0x7e0 arch/x86/kernel/signal.c:337\n exit_to_user_mode_loop kernel/entry/common.c:111 [inline]\n exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline]\n __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]\n syscall_exit_to_user_mode+0x150/0x2a0 kernel/entry/common.c:218\n do_syscall_64+0xda/0x250 arch/x86/entry/common.c:89\n entry_SYSCALL_64_after_hwframe+0x77/0x7f",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57834",
"url": "https://www.suse.com/security/cve/CVE-2024-57834"
},
{
"category": "external",
"summary": "SUSE Bug 1238993 for CVE-2024-57834",
"url": "https://bugzilla.suse.com/1238993"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2024-57834"
},
{
"cve": "CVE-2024-57882",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57882"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: fix TCP options overflow.\n\nSyzbot reported the following splat:\n\nOops: general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN PTI\nKASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]\nCPU: 1 UID: 0 PID: 5836 Comm: sshd Not tainted 6.13.0-rc3-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024\nRIP: 0010:_compound_head include/linux/page-flags.h:242 [inline]\nRIP: 0010:put_page+0x23/0x260 include/linux/mm.h:1552\nCode: 90 90 90 90 90 90 90 55 41 57 41 56 53 49 89 fe 48 bd 00 00 00 00 00 fc ff df e8 f8 5e 12 f8 49 8d 5e 08 48 89 d8 48 c1 e8 03 \u003c80\u003e 3c 28 00 74 08 48 89 df e8 8f c7 78 f8 48 8b 1b 48 89 de 48 83\nRSP: 0000:ffffc90003916c90 EFLAGS: 00010202\nRAX: 0000000000000001 RBX: 0000000000000008 RCX: ffff888030458000\nRDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000\nRBP: dffffc0000000000 R08: ffffffff898ca81d R09: 1ffff110054414ac\nR10: dffffc0000000000 R11: ffffed10054414ad R12: 0000000000000007\nR13: ffff88802a20a542 R14: 0000000000000000 R15: 0000000000000000\nFS: 00007f34f496e800(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f9d6ec9ec28 CR3: 000000004d260000 CR4: 00000000003526f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n skb_page_unref include/linux/skbuff_ref.h:43 [inline]\n __skb_frag_unref include/linux/skbuff_ref.h:56 [inline]\n skb_release_data+0x483/0x8a0 net/core/skbuff.c:1119\n skb_release_all net/core/skbuff.c:1190 [inline]\n __kfree_skb+0x55/0x70 net/core/skbuff.c:1204\n tcp_clean_rtx_queue net/ipv4/tcp_input.c:3436 [inline]\n tcp_ack+0x2442/0x6bc0 net/ipv4/tcp_input.c:4032\n tcp_rcv_state_process+0x8eb/0x44e0 net/ipv4/tcp_input.c:6805\n tcp_v4_do_rcv+0x77d/0xc70 net/ipv4/tcp_ipv4.c:1939\n tcp_v4_rcv+0x2dc0/0x37f0 net/ipv4/tcp_ipv4.c:2351\n ip_protocol_deliver_rcu+0x22e/0x440 net/ipv4/ip_input.c:205\n ip_local_deliver_finish+0x341/0x5f0 net/ipv4/ip_input.c:233\n NF_HOOK+0x3a4/0x450 include/linux/netfilter.h:314\n NF_HOOK+0x3a4/0x450 include/linux/netfilter.h:314\n __netif_receive_skb_one_core net/core/dev.c:5672 [inline]\n __netif_receive_skb+0x2bf/0x650 net/core/dev.c:5785\n process_backlog+0x662/0x15b0 net/core/dev.c:6117\n __napi_poll+0xcb/0x490 net/core/dev.c:6883\n napi_poll net/core/dev.c:6952 [inline]\n net_rx_action+0x89b/0x1240 net/core/dev.c:7074\n handle_softirqs+0x2d4/0x9b0 kernel/softirq.c:561\n __do_softirq kernel/softirq.c:595 [inline]\n invoke_softirq kernel/softirq.c:435 [inline]\n __irq_exit_rcu+0xf7/0x220 kernel/softirq.c:662\n irq_exit_rcu+0x9/0x30 kernel/softirq.c:678\n instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline]\n sysvec_apic_timer_interrupt+0x57/0xc0 arch/x86/kernel/apic/apic.c:1049\n asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702\nRIP: 0033:0x7f34f4519ad5\nCode: 85 d2 74 0d 0f 10 02 48 8d 54 24 20 0f 11 44 24 20 64 8b 04 25 18 00 00 00 85 c0 75 27 41 b8 08 00 00 00 b8 0f 01 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 76 75 48 8b 15 24 73 0d 00 f7 d8 64 89 02 48 83\nRSP: 002b:00007ffec5b32ce0 EFLAGS: 00000246\nRAX: 0000000000000001 RBX: 00000000000668a0 RCX: 00007f34f4519ad5\nRDX: 00007ffec5b32d00 RSI: 0000000000000004 RDI: 0000564f4bc6cae0\nRBP: 0000564f4bc6b5a0 R08: 0000000000000008 R09: 0000000000000000\nR10: 00007ffec5b32de8 R11: 0000000000000246 R12: 0000564f48ea8aa4\nR13: 0000000000000001 R14: 0000564f48ea93e8 R15: 00007ffec5b32d68\n \u003c/TASK\u003e\n\nEric noted a probable shinfo-\u003enr_frags corruption, which indeed\noccurs.\n\nThe root cause is a buggy MPTCP option len computation in some\ncircumstances: the ADD_ADDR option should be mutually exclusive\nwith DSS since the blamed commit.\n\nStill, mptcp_established_options_add_addr() tries to set the\nrelevant info in mptcp_out_options, if \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57882",
"url": "https://www.suse.com/security/cve/CVE-2024-57882"
},
{
"category": "external",
"summary": "SUSE Bug 1235914 for CVE-2024-57882",
"url": "https://bugzilla.suse.com/1235914"
},
{
"category": "external",
"summary": "SUSE Bug 1235916 for CVE-2024-57882",
"url": "https://bugzilla.suse.com/1235916"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "important"
}
],
"title": "CVE-2024-57882"
},
{
"cve": "CVE-2024-57889",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57889"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npinctrl: mcp23s08: Fix sleeping in atomic context due to regmap locking\n\nIf a device uses MCP23xxx IO expander to receive IRQs, the following\nbug can happen:\n\n BUG: sleeping function called from invalid context\n at kernel/locking/mutex.c:283\n in_atomic(): 1, irqs_disabled(): 1, non_block: 0, ...\n preempt_count: 1, expected: 0\n ...\n Call Trace:\n ...\n __might_resched+0x104/0x10e\n __might_sleep+0x3e/0x62\n mutex_lock+0x20/0x4c\n regmap_lock_mutex+0x10/0x18\n regmap_update_bits_base+0x2c/0x66\n mcp23s08_irq_set_type+0x1ae/0x1d6\n __irq_set_trigger+0x56/0x172\n __setup_irq+0x1e6/0x646\n request_threaded_irq+0xb6/0x160\n ...\n\nWe observed the problem while experimenting with a touchscreen driver which\nused MCP23017 IO expander (I2C).\n\nThe regmap in the pinctrl-mcp23s08 driver uses a mutex for protection from\nconcurrent accesses, which is the default for regmaps without .fast_io,\n.disable_locking, etc.\n\nmcp23s08_irq_set_type() calls regmap_update_bits_base(), and the latter\nlocks the mutex.\n\nHowever, __setup_irq() locks desc-\u003elock spinlock before calling these\nfunctions. As a result, the system tries to lock the mutex whole holding\nthe spinlock.\n\nIt seems, the internal regmap locks are not needed in this driver at all.\nmcp-\u003elock seems to protect the regmap from concurrent accesses already,\nexcept, probably, in mcp_pinconf_get/set.\n\nmcp23s08_irq_set_type() and mcp23s08_irq_mask/unmask() are called under\nchip_bus_lock(), which calls mcp23s08_irq_bus_lock(). The latter takes\nmcp-\u003elock and enables regmap caching, so that the potentially slow I2C\naccesses are deferred until chip_bus_unlock().\n\nThe accesses to the regmap from mcp23s08_probe_one() do not need additional\nlocking.\n\nIn all remaining places where the regmap is accessed, except\nmcp_pinconf_get/set(), the driver already takes mcp-\u003elock.\n\nThis patch adds locking in mcp_pinconf_get/set() and disables internal\nlocking in the regmap config. Among other things, it fixes the sleeping\nin atomic context described above.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57889",
"url": "https://www.suse.com/security/cve/CVE-2024-57889"
},
{
"category": "external",
"summary": "SUSE Bug 1236573 for CVE-2024-57889",
"url": "https://bugzilla.suse.com/1236573"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2024-57889"
},
{
"cve": "CVE-2024-57900",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57900"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nila: serialize calls to nf_register_net_hooks()\n\nsyzbot found a race in ila_add_mapping() [1]\n\ncommit 031ae72825ce (\"ila: call nf_unregister_net_hooks() sooner\")\nattempted to fix a similar issue.\n\nLooking at the syzbot repro, we have concurrent ILA_CMD_ADD commands.\n\nAdd a mutex to make sure at most one thread is calling nf_register_net_hooks().\n\n[1]\n BUG: KASAN: slab-use-after-free in rht_key_hashfn include/linux/rhashtable.h:159 [inline]\n BUG: KASAN: slab-use-after-free in __rhashtable_lookup.constprop.0+0x426/0x550 include/linux/rhashtable.h:604\nRead of size 4 at addr ffff888028f40008 by task dhcpcd/5501\n\nCPU: 1 UID: 0 PID: 5501 Comm: dhcpcd Not tainted 6.13.0-rc4-syzkaller-00054-gd6ef8b40d075 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nCall Trace:\n \u003cIRQ\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0xc3/0x620 mm/kasan/report.c:489\n kasan_report+0xd9/0x110 mm/kasan/report.c:602\n rht_key_hashfn include/linux/rhashtable.h:159 [inline]\n __rhashtable_lookup.constprop.0+0x426/0x550 include/linux/rhashtable.h:604\n rhashtable_lookup include/linux/rhashtable.h:646 [inline]\n rhashtable_lookup_fast include/linux/rhashtable.h:672 [inline]\n ila_lookup_wildcards net/ipv6/ila/ila_xlat.c:127 [inline]\n ila_xlat_addr net/ipv6/ila/ila_xlat.c:652 [inline]\n ila_nf_input+0x1ee/0x620 net/ipv6/ila/ila_xlat.c:185\n nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]\n nf_hook_slow+0xbb/0x200 net/netfilter/core.c:626\n nf_hook.constprop.0+0x42e/0x750 include/linux/netfilter.h:269\n NF_HOOK include/linux/netfilter.h:312 [inline]\n ipv6_rcv+0xa4/0x680 net/ipv6/ip6_input.c:309\n __netif_receive_skb_one_core+0x12e/0x1e0 net/core/dev.c:5672\n __netif_receive_skb+0x1d/0x160 net/core/dev.c:5785\n process_backlog+0x443/0x15f0 net/core/dev.c:6117\n __napi_poll.constprop.0+0xb7/0x550 net/core/dev.c:6883\n napi_poll net/core/dev.c:6952 [inline]\n net_rx_action+0xa94/0x1010 net/core/dev.c:7074\n handle_softirqs+0x213/0x8f0 kernel/softirq.c:561\n __do_softirq kernel/softirq.c:595 [inline]\n invoke_softirq kernel/softirq.c:435 [inline]\n __irq_exit_rcu+0x109/0x170 kernel/softirq.c:662\n irq_exit_rcu+0x9/0x30 kernel/softirq.c:678\n instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline]\n sysvec_apic_timer_interrupt+0xa4/0xc0 arch/x86/kernel/apic/apic.c:1049",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57900",
"url": "https://www.suse.com/security/cve/CVE-2024-57900"
},
{
"category": "external",
"summary": "SUSE Bug 1235973 for CVE-2024-57900",
"url": "https://bugzilla.suse.com/1235973"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2024-57900"
},
{
"cve": "CVE-2024-57947",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57947"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_set_pipapo: fix initial map fill\n\nThe initial buffer has to be inited to all-ones, but it must restrict\nit to the size of the first field, not the total field size.\n\nAfter each round in the map search step, the result and the fill map\nare swapped, so if we have a set where f-\u003ebsize of the first element\nis smaller than m-\u003ebsize_max, those one-bits are leaked into future\nrounds result map.\n\nThis makes pipapo find an incorrect matching results for sets where\nfirst field size is not the largest.\n\nFollowup patch adds a test case to nft_concat_range.sh selftest script.\n\nThanks to Stefano Brivio for pointing out that we need to zero out\nthe remainder explicitly, only correcting memset() argument isn\u0027t enough.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57947",
"url": "https://www.suse.com/security/cve/CVE-2024-57947"
},
{
"category": "external",
"summary": "SUSE Bug 1236333 for CVE-2024-57947",
"url": "https://bugzilla.suse.com/1236333"
},
{
"category": "external",
"summary": "SUSE Bug 1245799 for CVE-2024-57947",
"url": "https://bugzilla.suse.com/1245799"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "important"
}
],
"title": "CVE-2024-57947"
},
{
"cve": "CVE-2024-57948",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57948"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmac802154: check local interfaces before deleting sdata list\n\nsyzkaller reported a corrupted list in ieee802154_if_remove. [1]\n\nRemove an IEEE 802.15.4 network interface after unregister an IEEE 802.15.4\nhardware device from the system.\n\nCPU0\t\t\t\t\tCPU1\n====\t\t\t\t\t====\ngenl_family_rcv_msg_doit\t\tieee802154_unregister_hw\nieee802154_del_iface\t\t\tieee802154_remove_interfaces\nrdev_del_virtual_intf_deprecated\tlist_del(\u0026sdata-\u003elist)\nieee802154_if_remove\nlist_del_rcu\n\nThe net device has been unregistered, since the rcu grace period,\nunregistration must be run before ieee802154_if_remove.\n\nTo avoid this issue, add a check for local-\u003einterfaces before deleting\nsdata list.\n\n[1]\nkernel BUG at lib/list_debug.c:58!\nOops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI\nCPU: 0 UID: 0 PID: 6277 Comm: syz-executor157 Not tainted 6.12.0-rc6-syzkaller-00005-g557329bcecc2 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nRIP: 0010:__list_del_entry_valid_or_report+0xf4/0x140 lib/list_debug.c:56\nCode: e8 a1 7e 00 07 90 0f 0b 48 c7 c7 e0 37 60 8c 4c 89 fe e8 8f 7e 00 07 90 0f 0b 48 c7 c7 40 38 60 8c 4c 89 fe e8 7d 7e 00 07 90 \u003c0f\u003e 0b 48 c7 c7 a0 38 60 8c 4c 89 fe e8 6b 7e 00 07 90 0f 0b 48 c7\nRSP: 0018:ffffc9000490f3d0 EFLAGS: 00010246\nRAX: 000000000000004e RBX: dead000000000122 RCX: d211eee56bb28d00\nRDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000\nRBP: ffff88805b278dd8 R08: ffffffff8174a12c R09: 1ffffffff2852f0d\nR10: dffffc0000000000 R11: fffffbfff2852f0e R12: dffffc0000000000\nR13: dffffc0000000000 R14: dead000000000100 R15: ffff88805b278cc0\nFS: 0000555572f94380(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 000056262e4a3000 CR3: 0000000078496000 CR4: 00000000003526f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n __list_del_entry_valid include/linux/list.h:124 [inline]\n __list_del_entry include/linux/list.h:215 [inline]\n list_del_rcu include/linux/rculist.h:157 [inline]\n ieee802154_if_remove+0x86/0x1e0 net/mac802154/iface.c:687\n rdev_del_virtual_intf_deprecated net/ieee802154/rdev-ops.h:24 [inline]\n ieee802154_del_iface+0x2c0/0x5c0 net/ieee802154/nl-phy.c:323\n genl_family_rcv_msg_doit net/netlink/genetlink.c:1115 [inline]\n genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]\n genl_rcv_msg+0xb14/0xec0 net/netlink/genetlink.c:1210\n netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2551\n genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219\n netlink_unicast_kernel net/netlink/af_netlink.c:1331 [inline]\n netlink_unicast+0x7f6/0x990 net/netlink/af_netlink.c:1357\n netlink_sendmsg+0x8e4/0xcb0 net/netlink/af_netlink.c:1901\n sock_sendmsg_nosec net/socket.c:729 [inline]\n __sock_sendmsg+0x221/0x270 net/socket.c:744\n ____sys_sendmsg+0x52a/0x7e0 net/socket.c:2607\n ___sys_sendmsg net/socket.c:2661 [inline]\n __sys_sendmsg+0x292/0x380 net/socket.c:2690\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57948",
"url": "https://www.suse.com/security/cve/CVE-2024-57948"
},
{
"category": "external",
"summary": "SUSE Bug 1236677 for CVE-2024-57948",
"url": "https://bugzilla.suse.com/1236677"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2024-57948"
},
{
"cve": "CVE-2024-57973",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57973"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nrdma/cxgb4: Prevent potential integer overflow on 32bit\n\nThe \"gl-\u003etot_len\" variable is controlled by the user. It comes from\nprocess_responses(). On 32bit systems, the \"gl-\u003etot_len + sizeof(struct\ncpl_pass_accept_req) + sizeof(struct rss_header)\" addition could have an\ninteger wrapping bug. Use size_add() to prevent this.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57973",
"url": "https://www.suse.com/security/cve/CVE-2024-57973"
},
{
"category": "external",
"summary": "SUSE Bug 1238531 for CVE-2024-57973",
"url": "https://bugzilla.suse.com/1238531"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2024-57973"
},
{
"cve": "CVE-2024-57974",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57974"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nudp: Deal with race between UDP socket address change and rehash\n\nIf a UDP socket changes its local address while it\u0027s receiving\ndatagrams, as a result of connect(), there is a period during which\na lookup operation might fail to find it, after the address is changed\nbut before the secondary hash (port and address) and the four-tuple\nhash (local and remote ports and addresses) are updated.\n\nSecondary hash chains were introduced by commit 30fff9231fad (\"udp:\nbind() optimisation\") and, as a result, a rehash operation became\nneeded to make a bound socket reachable again after a connect().\n\nThis operation was introduced by commit 719f835853a9 (\"udp: add\nrehash on connect()\") which isn\u0027t however a complete fix: the\nsocket will be found once the rehashing completes, but not while\nit\u0027s pending.\n\nThis is noticeable with a socat(1) server in UDP4-LISTEN mode, and a\nclient sending datagrams to it. After the server receives the first\ndatagram (cf. _xioopen_ipdgram_listen()), it issues a connect() to\nthe address of the sender, in order to set up a directed flow.\n\nNow, if the client, running on a different CPU thread, happens to\nsend a (subsequent) datagram while the server\u0027s socket changes its\naddress, but is not rehashed yet, this will result in a failed\nlookup and a port unreachable error delivered to the client, as\napparent from the following reproducer:\n\n LEN=$(($(cat /proc/sys/net/core/wmem_default) / 4))\n dd if=/dev/urandom bs=1 count=${LEN} of=tmp.in\n\n while :; do\n \ttaskset -c 1 socat UDP4-LISTEN:1337,null-eof OPEN:tmp.out,create,trunc \u0026\n \tsleep 0.1 || sleep 1\n \ttaskset -c 2 socat OPEN:tmp.in UDP4:localhost:1337,shut-null\n \twait\n done\n\nwhere the client will eventually get ECONNREFUSED on a write()\n(typically the second or third one of a given iteration):\n\n 2024/11/13 21:28:23 socat[46901] E write(6, 0x556db2e3c000, 8192): Connection refused\n\nThis issue was first observed as a seldom failure in Podman\u0027s tests\nchecking UDP functionality while using pasta(1) to connect the\ncontainer\u0027s network namespace, which leads us to a reproducer with\nthe lookup error resulting in an ICMP packet on a tap device:\n\n LOCAL_ADDR=\"$(ip -j -4 addr show|jq -rM \u0027.[] | .addr_info[0] | select(.scope == \"global\").local\u0027)\"\n\n while :; do\n \t./pasta --config-net -p pasta.pcap -u 1337 socat UDP4-LISTEN:1337,null-eof OPEN:tmp.out,create,trunc \u0026\n \tsleep 0.2 || sleep 1\n \tsocat OPEN:tmp.in UDP4:${LOCAL_ADDR}:1337,shut-null\n \twait\n \tcmp tmp.in tmp.out\n done\n\nOnce this fails:\n\n tmp.in tmp.out differ: char 8193, line 29\n\nwe can finally have a look at what\u0027s going on:\n\n $ tshark -r pasta.pcap\n 1 0.000000 :: ? ff02::16 ICMPv6 110 Multicast Listener Report Message v2\n 2 0.168690 88.198.0.161 ? 88.198.0.164 UDP 8234 60260 ? 1337 Len=8192\n 3 0.168767 88.198.0.161 ? 88.198.0.164 UDP 8234 60260 ? 1337 Len=8192\n 4 0.168806 88.198.0.161 ? 88.198.0.164 UDP 8234 60260 ? 1337 Len=8192\n 5 0.168827 c6:47:05:8d:dc:04 ? Broadcast ARP 42 Who has 88.198.0.161? Tell 88.198.0.164\n 6 0.168851 9a:55:9a:55:9a:55 ? c6:47:05:8d:dc:04 ARP 42 88.198.0.161 is at 9a:55:9a:55:9a:55\n 7 0.168875 88.198.0.161 ? 88.198.0.164 UDP 8234 60260 ? 1337 Len=8192\n 8 0.168896 88.198.0.164 ? 88.198.0.161 ICMP 590 Destination unreachable (Port unreachable)\n 9 0.168926 88.198.0.161 ? 88.198.0.164 UDP 8234 60260 ? 1337 Len=8192\n 10 0.168959 88.198.0.161 ? 88.198.0.164 UDP 8234 60260 ? 1337 Len=8192\n 11 0.168989 88.198.0.161 ? 88.198.0.164 UDP 4138 60260 ? 1337 Len=4096\n 12 0.169010 88.198.0.161 ? 88.198.0.164 UDP 42 60260 ? 1337 Len=0\n\nOn the third datagram received, the network namespace of the container\ninitiates an ARP lookup to deliver the ICMP message.\n\nIn another variant of this reproducer, starting the client with:\n\n strace -f pasta --config-net -u 1337 socat UDP4-LISTEN:1337,null-eof OPEN:tmp.out,create,tru\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57974",
"url": "https://www.suse.com/security/cve/CVE-2024-57974"
},
{
"category": "external",
"summary": "SUSE Bug 1238532 for CVE-2024-57974",
"url": "https://bugzilla.suse.com/1238532"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2024-57974"
},
{
"cve": "CVE-2024-57978",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57978"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: imx-jpeg: Fix potential error pointer dereference in detach_pm()\n\nThe proble is on the first line:\n\n\tif (jpeg-\u003epd_dev[i] \u0026\u0026 !pm_runtime_suspended(jpeg-\u003epd_dev[i]))\n\nIf jpeg-\u003epd_dev[i] is an error pointer, then passing it to\npm_runtime_suspended() will lead to an Oops. The other conditions\ncheck for both error pointers and NULL, but it would be more clear to\nuse the IS_ERR_OR_NULL() check for that.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57978",
"url": "https://www.suse.com/security/cve/CVE-2024-57978"
},
{
"category": "external",
"summary": "SUSE Bug 1238523 for CVE-2024-57978",
"url": "https://bugzilla.suse.com/1238523"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2024-57978"
},
{
"cve": "CVE-2024-57979",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57979"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npps: Fix a use-after-free\n\nOn a board running ntpd and gpsd, I\u0027m seeing a consistent use-after-free\nin sys_exit() from gpsd when rebooting:\n\n pps pps1: removed\n ------------[ cut here ]------------\n kobject: \u0027(null)\u0027 (00000000db4bec24): is not initialized, yet kobject_put() is being called.\n WARNING: CPU: 2 PID: 440 at lib/kobject.c:734 kobject_put+0x120/0x150\n CPU: 2 UID: 299 PID: 440 Comm: gpsd Not tainted 6.11.0-rc6-00308-gb31c44928842 #1\n Hardware name: Raspberry Pi 4 Model B Rev 1.1 (DT)\n pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : kobject_put+0x120/0x150\n lr : kobject_put+0x120/0x150\n sp : ffffffc0803d3ae0\n x29: ffffffc0803d3ae0 x28: ffffff8042dc9738 x27: 0000000000000001\n x26: 0000000000000000 x25: ffffff8042dc9040 x24: ffffff8042dc9440\n x23: ffffff80402a4620 x22: ffffff8042ef4bd0 x21: ffffff80405cb600\n x20: 000000000008001b x19: ffffff8040b3b6e0 x18: 0000000000000000\n x17: 0000000000000000 x16: 0000000000000000 x15: 696e6920746f6e20\n x14: 7369203a29343263 x13: 205d303434542020 x12: 0000000000000000\n x11: 0000000000000000 x10: 0000000000000000 x9 : 0000000000000000\n x8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000000000\n x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000000\n x2 : 0000000000000000 x1 : 0000000000000000 x0 : 0000000000000000\n Call trace:\n kobject_put+0x120/0x150\n cdev_put+0x20/0x3c\n __fput+0x2c4/0x2d8\n ____fput+0x1c/0x38\n task_work_run+0x70/0xfc\n do_exit+0x2a0/0x924\n do_group_exit+0x34/0x90\n get_signal+0x7fc/0x8c0\n do_signal+0x128/0x13b4\n do_notify_resume+0xdc/0x160\n el0_svc+0xd4/0xf8\n el0t_64_sync_handler+0x140/0x14c\n el0t_64_sync+0x190/0x194\n ---[ end trace 0000000000000000 ]---\n\n...followed by more symptoms of corruption, with similar stacks:\n\n refcount_t: underflow; use-after-free.\n kernel BUG at lib/list_debug.c:62!\n Kernel panic - not syncing: Oops - BUG: Fatal exception\n\nThis happens because pps_device_destruct() frees the pps_device with the\nembedded cdev immediately after calling cdev_del(), but, as the comment\nabove cdev_del() notes, fops for previously opened cdevs are still\ncallable even after cdev_del() returns. I think this bug has always\nbeen there: I can\u0027t explain why it suddenly started happening every time\nI reboot this particular board.\n\nIn commit d953e0e837e6 (\"pps: Fix a use-after free bug when\nunregistering a source.\"), George Spelvin suggested removing the\nembedded cdev. That seems like the simplest way to fix this, so I\u0027ve\nimplemented his suggestion, using __register_chrdev() with pps_idr\nbecoming the source of truth for which minor corresponds to which\ndevice.\n\nBut now that pps_idr defines userspace visibility instead of cdev_add(),\nwe need to be sure the pps-\u003edev refcount can\u0027t reach zero while\nuserspace can still find it again. So, the idr_remove() call moves to\npps_unregister_cdev(), and pps_idr now holds a reference to pps-\u003edev.\n\n pps_core: source serial1 got cdev (251:1)\n \u003c...\u003e\n pps pps1: removed\n pps_core: unregistering pps1\n pps_core: deallocating pps1",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57979",
"url": "https://www.suse.com/security/cve/CVE-2024-57979"
},
{
"category": "external",
"summary": "SUSE Bug 1238521 for CVE-2024-57979",
"url": "https://bugzilla.suse.com/1238521"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2024-57979"
},
{
"cve": "CVE-2024-57980",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57980"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: uvcvideo: Fix double free in error path\n\nIf the uvc_status_init() function fails to allocate the int_urb, it will\nfree the dev-\u003estatus pointer but doesn\u0027t reset the pointer to NULL. This\nresults in the kfree() call in uvc_status_cleanup() trying to\ndouble-free the memory. Fix it by resetting the dev-\u003estatus pointer to\nNULL after freeing it.\n\nReviewed by: Ricardo Ribalda \u003cribalda@chromium.org\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57980",
"url": "https://www.suse.com/security/cve/CVE-2024-57980"
},
{
"category": "external",
"summary": "SUSE Bug 1237911 for CVE-2024-57980",
"url": "https://bugzilla.suse.com/1237911"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2024-57980"
},
{
"cve": "CVE-2024-57981",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57981"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: xhci: Fix NULL pointer dereference on certain command aborts\n\nIf a command is queued to the final usable TRB of a ring segment, the\nenqueue pointer is advanced to the subsequent link TRB and no further.\nIf the command is later aborted, when the abort completion is handled\nthe dequeue pointer is advanced to the first TRB of the next segment.\n\nIf no further commands are queued, xhci_handle_stopped_cmd_ring() sees\nthe ring pointers unequal and assumes that there is a pending command,\nso it calls xhci_mod_cmd_timer() which crashes if cur_cmd was NULL.\n\nDon\u0027t attempt timer setup if cur_cmd is NULL. The subsequent doorbell\nring likely is unnecessary too, but it\u0027s harmless. Leave it alone.\n\nThis is probably Bug 219532, but no confirmation has been received.\n\nThe issue has been independently reproduced and confirmed fixed using\na USB MCU programmed to NAK the Status stage of SET_ADDRESS forever.\nEverything continued working normally after several prevented crashes.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57981",
"url": "https://www.suse.com/security/cve/CVE-2024-57981"
},
{
"category": "external",
"summary": "SUSE Bug 1237912 for CVE-2024-57981",
"url": "https://bugzilla.suse.com/1237912"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2024-57981"
},
{
"cve": "CVE-2024-57986",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57986"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: core: Fix assumption that Resolution Multipliers must be in Logical Collections\n\nA report in 2019 by the syzbot fuzzer was found to be connected to two\nerrors in the HID core associated with Resolution Multipliers. One of\nthe errors was fixed by commit ea427a222d8b (\"HID: core: Fix deadloop\nin hid_apply_multiplier.\"), but the other has not been fixed.\n\nThis error arises because hid_apply_multipler() assumes that every\nResolution Multiplier control is contained in a Logical Collection,\ni.e., there\u0027s no way the routine can ever set multiplier_collection to\nNULL. This is in spite of the fact that the function starts with a\nbig comment saying:\n\n\t * \"The Resolution Multiplier control must be contained in the same\n\t * Logical Collection as the control(s) to which it is to be applied.\n\t ...\n\t * If no Logical Collection is\n\t * defined, the Resolution Multiplier is associated with all\n\t * controls in the report.\"\n\t * HID Usage Table, v1.12, Section 4.3.1, p30\n\t *\n\t * Thus, search from the current collection upwards until we find a\n\t * logical collection...\n\nThe comment and the code overlook the possibility that none of the\ncollections found may be a Logical Collection.\n\nThe fix is to set the multiplier_collection pointer to NULL if the\ncollection found isn\u0027t a Logical Collection.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57986",
"url": "https://www.suse.com/security/cve/CVE-2024-57986"
},
{
"category": "external",
"summary": "SUSE Bug 1237907 for CVE-2024-57986",
"url": "https://bugzilla.suse.com/1237907"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2024-57986"
},
{
"cve": "CVE-2024-57990",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57990"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: mt7925: fix off by one in mt7925_load_clc()\n\nThis comparison should be \u003e= instead of \u003e to prevent an out of bounds\nread and write.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57990",
"url": "https://www.suse.com/security/cve/CVE-2024-57990"
},
{
"category": "external",
"summary": "SUSE Bug 1237900 for CVE-2024-57990",
"url": "https://bugzilla.suse.com/1237900"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2024-57990"
},
{
"cve": "CVE-2024-57993",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57993"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: hid-thrustmaster: Fix warning in thrustmaster_probe by adding endpoint check\n\nsyzbot has found a type mismatch between a USB pipe and the transfer\nendpoint, which is triggered by the hid-thrustmaster driver[1].\nThere is a number of similar, already fixed issues [2].\nIn this case as in others, implementing check for endpoint type fixes the issue.\n\n[1] https://syzkaller.appspot.com/bug?extid=040e8b3db6a96908d470\n[2] https://syzkaller.appspot.com/bug?extid=348331f63b034f89b622",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57993",
"url": "https://www.suse.com/security/cve/CVE-2024-57993"
},
{
"category": "external",
"summary": "SUSE Bug 1237894 for CVE-2024-57993",
"url": "https://bugzilla.suse.com/1237894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2024-57993"
},
{
"cve": "CVE-2024-57994",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57994"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nptr_ring: do not block hard interrupts in ptr_ring_resize_multiple()\n\nJakub added a lockdep_assert_no_hardirq() check in __page_pool_put_page()\nto increase test coverage.\n\nsyzbot found a splat caused by hard irq blocking in\nptr_ring_resize_multiple() [1]\n\nAs current users of ptr_ring_resize_multiple() do not require\nhard irqs being masked, replace it to only block BH.\n\nRename helpers to better reflect they are safe against BH only.\n\n- ptr_ring_resize_multiple() to ptr_ring_resize_multiple_bh()\n- skb_array_resize_multiple() to skb_array_resize_multiple_bh()\n\n[1]\n\nWARNING: CPU: 1 PID: 9150 at net/core/page_pool.c:709 __page_pool_put_page net/core/page_pool.c:709 [inline]\nWARNING: CPU: 1 PID: 9150 at net/core/page_pool.c:709 page_pool_put_unrefed_netmem+0x157/0xa40 net/core/page_pool.c:780\nModules linked in:\nCPU: 1 UID: 0 PID: 9150 Comm: syz.1.1052 Not tainted 6.11.0-rc3-syzkaller-00202-gf8669d7b5f5d #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024\nRIP: 0010:__page_pool_put_page net/core/page_pool.c:709 [inline]\nRIP: 0010:page_pool_put_unrefed_netmem+0x157/0xa40 net/core/page_pool.c:780\nCode: 74 0e e8 7c aa fb f7 eb 43 e8 75 aa fb f7 eb 3c 65 8b 1d 38 a8 6a 76 31 ff 89 de e8 a3 ae fb f7 85 db 74 0b e8 5a aa fb f7 90 \u003c0f\u003e 0b 90 eb 1d 65 8b 1d 15 a8 6a 76 31 ff 89 de e8 84 ae fb f7 85\nRSP: 0018:ffffc9000bda6b58 EFLAGS: 00010083\nRAX: ffffffff8997e523 RBX: 0000000000000000 RCX: 0000000000040000\nRDX: ffffc9000fbd0000 RSI: 0000000000001842 RDI: 0000000000001843\nRBP: 0000000000000000 R08: ffffffff8997df2c R09: 1ffffd40003a000d\nR10: dffffc0000000000 R11: fffff940003a000e R12: ffffea0001d00040\nR13: ffff88802e8a4000 R14: dffffc0000000000 R15: 00000000ffffffff\nFS: 00007fb7aaf716c0(0000) GS:ffff8880b9300000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007fa15a0d4b72 CR3: 00000000561b0000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n tun_ptr_free drivers/net/tun.c:617 [inline]\n __ptr_ring_swap_queue include/linux/ptr_ring.h:571 [inline]\n ptr_ring_resize_multiple_noprof include/linux/ptr_ring.h:643 [inline]\n tun_queue_resize drivers/net/tun.c:3694 [inline]\n tun_device_event+0xaaf/0x1080 drivers/net/tun.c:3714\n notifier_call_chain+0x19f/0x3e0 kernel/notifier.c:93\n call_netdevice_notifiers_extack net/core/dev.c:2032 [inline]\n call_netdevice_notifiers net/core/dev.c:2046 [inline]\n dev_change_tx_queue_len+0x158/0x2a0 net/core/dev.c:9024\n do_setlink+0xff6/0x41f0 net/core/rtnetlink.c:2923\n rtnl_setlink+0x40d/0x5a0 net/core/rtnetlink.c:3201\n rtnetlink_rcv_msg+0x73f/0xcf0 net/core/rtnetlink.c:6647\n netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2550",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57994",
"url": "https://www.suse.com/security/cve/CVE-2024-57994"
},
{
"category": "external",
"summary": "SUSE Bug 1237901 for CVE-2024-57994",
"url": "https://bugzilla.suse.com/1237901"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2024-57994"
},
{
"cve": "CVE-2024-57996",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57996"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: sch_sfq: don\u0027t allow 1 packet limit\n\nThe current implementation does not work correctly with a limit of\n1. iproute2 actually checks for this and this patch adds the check in\nkernel as well.\n\nThis fixes the following syzkaller reported crash:\n\nUBSAN: array-index-out-of-bounds in net/sched/sch_sfq.c:210:6\nindex 65535 is out of range for type \u0027struct sfq_head[128]\u0027\nCPU: 0 PID: 2569 Comm: syz-executor101 Not tainted 5.10.0-smp-DEV #1\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nCall Trace:\n __dump_stack lib/dump_stack.c:79 [inline]\n dump_stack+0x125/0x19f lib/dump_stack.c:120\n ubsan_epilogue lib/ubsan.c:148 [inline]\n __ubsan_handle_out_of_bounds+0xed/0x120 lib/ubsan.c:347\n sfq_link net/sched/sch_sfq.c:210 [inline]\n sfq_dec+0x528/0x600 net/sched/sch_sfq.c:238\n sfq_dequeue+0x39b/0x9d0 net/sched/sch_sfq.c:500\n sfq_reset+0x13/0x50 net/sched/sch_sfq.c:525\n qdisc_reset+0xfe/0x510 net/sched/sch_generic.c:1026\n tbf_reset+0x3d/0x100 net/sched/sch_tbf.c:319\n qdisc_reset+0xfe/0x510 net/sched/sch_generic.c:1026\n dev_reset_queue+0x8c/0x140 net/sched/sch_generic.c:1296\n netdev_for_each_tx_queue include/linux/netdevice.h:2350 [inline]\n dev_deactivate_many+0x6dc/0xc20 net/sched/sch_generic.c:1362\n __dev_close_many+0x214/0x350 net/core/dev.c:1468\n dev_close_many+0x207/0x510 net/core/dev.c:1506\n unregister_netdevice_many+0x40f/0x16b0 net/core/dev.c:10738\n unregister_netdevice_queue+0x2be/0x310 net/core/dev.c:10695\n unregister_netdevice include/linux/netdevice.h:2893 [inline]\n __tun_detach+0x6b6/0x1600 drivers/net/tun.c:689\n tun_detach drivers/net/tun.c:705 [inline]\n tun_chr_close+0x104/0x1b0 drivers/net/tun.c:3640\n __fput+0x203/0x840 fs/file_table.c:280\n task_work_run+0x129/0x1b0 kernel/task_work.c:185\n exit_task_work include/linux/task_work.h:33 [inline]\n do_exit+0x5ce/0x2200 kernel/exit.c:931\n do_group_exit+0x144/0x310 kernel/exit.c:1046\n __do_sys_exit_group kernel/exit.c:1057 [inline]\n __se_sys_exit_group kernel/exit.c:1055 [inline]\n __x64_sys_exit_group+0x3b/0x40 kernel/exit.c:1055\n do_syscall_64+0x6c/0xd0\n entry_SYSCALL_64_after_hwframe+0x61/0xcb\nRIP: 0033:0x7fe5e7b52479\nCode: Unable to access opcode bytes at RIP 0x7fe5e7b5244f.\nRSP: 002b:00007ffd3c800398 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7\nRAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fe5e7b52479\nRDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000\nRBP: 00007fe5e7bcd2d0 R08: ffffffffffffffb8 R09: 0000000000000014\nR10: 0000000000000000 R11: 0000000000000246 R12: 00007fe5e7bcd2d0\nR13: 0000000000000000 R14: 00007fe5e7bcdd20 R15: 00007fe5e7b24270\n\nThe crash can be also be reproduced with the following (with a tc\nrecompiled to allow for sfq limits of 1):\n\ntc qdisc add dev dummy0 handle 1: root tbf rate 1Kbit burst 100b lat 1s\n../iproute2-6.9.0/tc/tc qdisc add dev dummy0 handle 2: parent 1:10 sfq limit 1\nifconfig dummy0 up\nping -I dummy0 -f -c2 -W0.1 8.8.8.8\nsleep 1\n\nScenario that triggers the crash:\n\n* the first packet is sent and queued in TBF and SFQ; qdisc qlen is 1\n\n* TBF dequeues: it peeks from SFQ which moves the packet to the\n gso_skb list and keeps qdisc qlen set to 1. TBF is out of tokens so\n it schedules itself for later.\n\n* the second packet is sent and TBF tries to queues it to SFQ. qdisc\n qlen is now 2 and because the SFQ limit is 1 the packet is dropped\n by SFQ. At this point qlen is 1, and all of the SFQ slots are empty,\n however q-\u003etail is not NULL.\n\nAt this point, assuming no more packets are queued, when sch_dequeue\nruns again it will decrement the qlen for the current empty slot\ncausing an underflow and the subsequent out of bounds access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57996",
"url": "https://www.suse.com/security/cve/CVE-2024-57996"
},
{
"category": "external",
"summary": "SUSE Bug 1239076 for CVE-2024-57996",
"url": "https://bugzilla.suse.com/1239076"
},
{
"category": "external",
"summary": "SUSE Bug 1239077 for CVE-2024-57996",
"url": "https://bugzilla.suse.com/1239077"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "important"
}
],
"title": "CVE-2024-57996"
},
{
"cve": "CVE-2024-57997",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57997"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: wcn36xx: fix channel survey memory allocation size\n\nKASAN reported a memory allocation issue in wcn-\u003echan_survey\ndue to incorrect size calculation.\nThis commit uses kcalloc to allocate memory for wcn-\u003echan_survey,\nensuring proper initialization and preventing the use of uninitialized\nvalues when there are no frames on the channel.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57997",
"url": "https://www.suse.com/security/cve/CVE-2024-57997"
},
{
"category": "external",
"summary": "SUSE Bug 1238529 for CVE-2024-57997",
"url": "https://bugzilla.suse.com/1238529"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2024-57997"
},
{
"cve": "CVE-2024-57999",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57999"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/pseries/iommu: IOMMU incorrectly marks MMIO range in DDW\n\nPower Hypervisor can possibily allocate MMIO window intersecting with\nDynamic DMA Window (DDW) range, which is over 32-bit addressing.\n\nThese MMIO pages needs to be marked as reserved so that IOMMU doesn\u0027t map\nDMA buffers in this range.\n\nThe current code is not marking these pages correctly which is resulting\nin LPAR to OOPS while booting. The stack is at below\n\nBUG: Unable to handle kernel data access on read at 0xc00800005cd40000\nFaulting instruction address: 0xc00000000005cdac\nOops: Kernel access of bad area, sig: 11 [#1]\nLE PAGE_SIZE=64K MMU=Hash SMP NR_CPUS=2048 NUMA pSeries\nModules linked in: af_packet rfkill ibmveth(X) lpfc(+) nvmet_fc nvmet nvme_keyring crct10dif_vpmsum nvme_fc nvme_fabrics nvme_core be2net(+) nvme_auth rtc_generic nfsd auth_rpcgss nfs_acl lockd grace sunrpc fuse configfs ip_tables x_tables xfs libcrc32c dm_service_time ibmvfc(X) scsi_transport_fc vmx_crypto gf128mul crc32c_vpmsum dm_mirror dm_region_hash dm_log dm_multipath dm_mod sd_mod scsi_dh_emc scsi_dh_rdac scsi_dh_alua t10_pi crc64_rocksoft_generic crc64_rocksoft sg crc64 scsi_mod\nSupported: Yes, External\nCPU: 8 PID: 241 Comm: kworker/8:1 Kdump: loaded Not tainted 6.4.0-150600.23.14-default #1 SLE15-SP6 b44ee71c81261b9e4bab5e0cde1f2ed891d5359b\nHardware name: IBM,9080-M9S POWER9 (raw) 0x4e2103 0xf000005 of:IBM,FW950.B0 (VH950_149) hv:phyp pSeries\nWorkqueue: events work_for_cpu_fn\nNIP: c00000000005cdac LR: c00000000005e830 CTR: 0000000000000000\nREGS: c00001400c9ff770 TRAP: 0300 Not tainted (6.4.0-150600.23.14-default)\nMSR: 800000000280b033 \u003cSF,VEC,VSX,EE,FP,ME,IR,DR,RI,LE\u003e CR: 24228448 XER: 00000001\nCFAR: c00000000005cdd4 DAR: c00800005cd40000 DSISR: 40000000 IRQMASK: 0\nGPR00: c00000000005e830 c00001400c9ffa10 c000000001987d00 c00001400c4fe800\nGPR04: 0000080000000000 0000000000000001 0000000004000000 0000000000800000\nGPR08: 0000000004000000 0000000000000001 c00800005cd40000 ffffffffffffffff\nGPR12: 0000000084228882 c00000000a4c4f00 0000000000000010 0000080000000000\nGPR16: c00001400c4fe800 0000000004000000 0800000000000000 c00000006088b800\nGPR20: c00001401a7be980 c00001400eff3800 c000000002a2da68 000000000000002b\nGPR24: c0000000026793a8 c000000002679368 000000000000002a c0000000026793c8\nGPR28: 000008007effffff 0000080000000000 0000000000800000 c00001400c4fe800\nNIP [c00000000005cdac] iommu_table_reserve_pages+0xac/0x100\nLR [c00000000005e830] iommu_init_table+0x80/0x1e0\nCall Trace:\n[c00001400c9ffa10] [c00000000005e810] iommu_init_table+0x60/0x1e0 (unreliable)\n[c00001400c9ffa90] [c00000000010356c] iommu_bypass_supported_pSeriesLP+0x9cc/0xe40\n[c00001400c9ffc30] [c00000000005c300] dma_iommu_dma_supported+0xf0/0x230\n[c00001400c9ffcb0] [c00000000024b0c4] dma_supported+0x44/0x90\n[c00001400c9ffcd0] [c00000000024b14c] dma_set_mask+0x3c/0x80\n[c00001400c9ffd00] [c0080000555b715c] be_probe+0xc4/0xb90 [be2net]\n[c00001400c9ffdc0] [c000000000986f3c] local_pci_probe+0x6c/0x110\n[c00001400c9ffe40] [c000000000188f28] work_for_cpu_fn+0x38/0x60\n[c00001400c9ffe70] [c00000000018e454] process_one_work+0x314/0x620\n[c00001400c9fff10] [c00000000018f280] worker_thread+0x2b0/0x620\n[c00001400c9fff90] [c00000000019bb18] kthread+0x148/0x150\n[c00001400c9fffe0] [c00000000000ded8] start_kernel_thread+0x14/0x18\n\nThere are 2 issues in the code\n\n1. The index is \"int\" while the address is \"unsigned long\". This results in\n negative value when setting the bitmap.\n\n2. The DMA offset is page shifted but the MMIO range is used as-is (64-bit\n address). MMIO address needs to be page shifted as well.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57999",
"url": "https://www.suse.com/security/cve/CVE-2024-57999"
},
{
"category": "external",
"summary": "SUSE Bug 1238526 for CVE-2024-57999",
"url": "https://bugzilla.suse.com/1238526"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2024-57999"
},
{
"cve": "CVE-2024-58002",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58002"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: uvcvideo: Remove dangling pointers\n\nWhen an async control is written, we copy a pointer to the file handle\nthat started the operation. That pointer will be used when the device is\ndone. Which could be anytime in the future.\n\nIf the user closes that file descriptor, its structure will be freed,\nand there will be one dangling pointer per pending async control, that\nthe driver will try to use.\n\nClean all the dangling pointers during release().\n\nTo avoid adding a performance penalty in the most common case (no async\noperation), a counter has been introduced with some logic to make sure\nthat it is properly handled.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58002",
"url": "https://www.suse.com/security/cve/CVE-2024-58002"
},
{
"category": "external",
"summary": "SUSE Bug 1238503 for CVE-2024-58002",
"url": "https://bugzilla.suse.com/1238503"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2024-58002"
},
{
"cve": "CVE-2024-58005",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58005"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntpm: Change to kvalloc() in eventlog/acpi.c\n\nThe following failure was reported on HPE ProLiant D320:\n\n[ 10.693310][ T1] tpm_tis STM0925:00: 2.0 TPM (device-id 0x3, rev-id 0)\n[ 10.848132][ T1] ------------[ cut here ]------------\n[ 10.853559][ T1] WARNING: CPU: 59 PID: 1 at mm/page_alloc.c:4727 __alloc_pages_noprof+0x2ca/0x330\n[ 10.862827][ T1] Modules linked in:\n[ 10.866671][ T1] CPU: 59 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.12.0-lp155.2.g52785e2-default #1 openSUSE Tumbleweed (unreleased) 588cd98293a7c9eba9013378d807364c088c9375\n[ 10.882741][ T1] Hardware name: HPE ProLiant DL320 Gen12/ProLiant DL320 Gen12, BIOS 1.20 10/28/2024\n[ 10.892170][ T1] RIP: 0010:__alloc_pages_noprof+0x2ca/0x330\n[ 10.898103][ T1] Code: 24 08 e9 4a fe ff ff e8 34 36 fa ff e9 88 fe ff ff 83 fe 0a 0f 86 b3 fd ff ff 80 3d 01 e7 ce 01 00 75 09 c6 05 f8 e6 ce 01 01 \u003c0f\u003e 0b 45 31 ff e9 e5 fe ff ff f7 c2 00 00 08 00 75 42 89 d9 80 e1\n[ 10.917750][ T1] RSP: 0000:ffffb7cf40077980 EFLAGS: 00010246\n[ 10.923777][ T1] RAX: 0000000000000000 RBX: 0000000000040cc0 RCX: 0000000000000000\n[ 10.931727][ T1] RDX: 0000000000000000 RSI: 000000000000000c RDI: 0000000000040cc0\n\nThe above transcript shows that ACPI pointed a 16 MiB buffer for the log\nevents because RSI maps to the \u0027order\u0027 parameter of __alloc_pages_noprof().\nAddress the bug by moving from devm_kmalloc() to devm_add_action() and\nkvmalloc() and devm_add_action().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58005",
"url": "https://www.suse.com/security/cve/CVE-2024-58005"
},
{
"category": "external",
"summary": "SUSE Bug 1237873 for CVE-2024-58005",
"url": "https://bugzilla.suse.com/1237873"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2024-58005"
},
{
"cve": "CVE-2024-58006",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58006"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: dwc: ep: Prevent changing BAR size/flags in pci_epc_set_bar()\n\nIn commit 4284c88fff0e (\"PCI: designware-ep: Allow pci_epc_set_bar() update\ninbound map address\") set_bar() was modified to support dynamically\nchanging the backing physical address of a BAR that was already configured.\n\nThis means that set_bar() can be called twice, without ever calling\nclear_bar() (as calling clear_bar() would clear the BAR\u0027s PCI address\nassigned by the host).\n\nThis can only be done if the new BAR size/flags does not differ from the\nexisting BAR configuration. Add these missing checks.\n\nIf we allow set_bar() to set e.g. a new BAR size that differs from the\nexisting BAR size, the new address translation range will be smaller than\nthe BAR size already determined by the host, which would mean that a read\npast the new BAR size would pass the iATU untranslated, which could allow\nthe host to read memory not belonging to the new struct pci_epf_bar.\n\nWhile at it, add comments which clarifies the support for dynamically\nchanging the physical address of a BAR. (Which was also missing.)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58006",
"url": "https://www.suse.com/security/cve/CVE-2024-58006"
},
{
"category": "external",
"summary": "SUSE Bug 1238772 for CVE-2024-58006",
"url": "https://bugzilla.suse.com/1238772"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2024-58006"
},
{
"cve": "CVE-2024-58007",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58007"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: qcom: socinfo: Avoid out of bounds read of serial number\n\nOn MSM8916 devices, the serial number exposed in sysfs is constant and does\nnot change across individual devices. It\u0027s always:\n\n db410c:/sys/devices/soc0$ cat serial_number\n 2644893864\n\nThe firmware used on MSM8916 exposes SOCINFO_VERSION(0, 8), which does not\nhave support for the serial_num field in the socinfo struct. There is an\nexisting check to avoid exposing the serial number in that case, but it\u0027s\nnot correct: When checking the item_size returned by SMEM, we need to make\nsure the *end* of the serial_num is within bounds, instead of comparing\nwith the *start* offset. The serial_number currently exposed on MSM8916\ndevices is just an out of bounds read of whatever comes after the socinfo\nstruct in SMEM.\n\nFix this by changing offsetof() to offsetofend(), so that the size of the\nfield is also taken into account.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58007",
"url": "https://www.suse.com/security/cve/CVE-2024-58007"
},
{
"category": "external",
"summary": "SUSE Bug 1238511 for CVE-2024-58007",
"url": "https://bugzilla.suse.com/1238511"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2024-58007"
},
{
"cve": "CVE-2024-58009",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58009"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: handle NULL sock pointer in l2cap_sock_alloc\n\nA NULL sock pointer is passed into l2cap_sock_alloc() when it is called\nfrom l2cap_sock_new_connection_cb() and the error handling paths should\nalso be aware of it.\n\nSeemingly a more elegant solution would be to swap bt_sock_alloc() and\nl2cap_chan_create() calls since they are not interdependent to that moment\nbut then l2cap_chan_create() adds the soon to be deallocated and still\ndummy-initialized channel to the global list accessible by many L2CAP\npaths. The channel would be removed from the list in short period of time\nbut be a bit more straight-forward here and just check for NULL instead of\nchanging the order of function calls.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE static\nanalysis tool.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58009",
"url": "https://www.suse.com/security/cve/CVE-2024-58009"
},
{
"category": "external",
"summary": "SUSE Bug 1238760 for CVE-2024-58009",
"url": "https://bugzilla.suse.com/1238760"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2024-58009"
},
{
"cve": "CVE-2024-58011",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58011"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: int3472: Check for adev == NULL\n\nNot all devices have an ACPI companion fwnode, so adev might be NULL. This\ncan e.g. (theoretically) happen when a user manually binds one of\nthe int3472 drivers to another i2c/platform device through sysfs.\n\nAdd a check for adev not being set and return -ENODEV in that case to\navoid a possible NULL pointer deref in skl_int3472_get_acpi_buffer().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58011",
"url": "https://www.suse.com/security/cve/CVE-2024-58011"
},
{
"category": "external",
"summary": "SUSE Bug 1239080 for CVE-2024-58011",
"url": "https://bugzilla.suse.com/1239080"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2024-58011"
},
{
"cve": "CVE-2024-58012",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58012"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: SOF: Intel: hda-dai: Ensure DAI widget is valid during params\n\nEach cpu DAI should associate with a widget. However, the topology might\nnot create the right number of DAI widgets for aggregated amps. And it\nwill cause NULL pointer deference.\nCheck that the DAI widget associated with the CPU DAI is valid to prevent\nNULL pointer deference due to missing DAI widgets in topologies with\naggregated amps.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58012",
"url": "https://www.suse.com/security/cve/CVE-2024-58012"
},
{
"category": "external",
"summary": "SUSE Bug 1239104 for CVE-2024-58012",
"url": "https://bugzilla.suse.com/1239104"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2024-58012"
},
{
"cve": "CVE-2024-58013",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58013"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync\n\nThis fixes the following crash:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in mgmt_remove_adv_monitor_sync+0x3a/0xd0 net/bluetooth/mgmt.c:5543\nRead of size 8 at addr ffff88814128f898 by task kworker/u9:4/5961\n\nCPU: 1 UID: 0 PID: 5961 Comm: kworker/u9:4 Not tainted 6.12.0-syzkaller-10684-gf1cd565ce577 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nWorkqueue: hci0 hci_cmd_sync_work\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:489\n kasan_report+0x143/0x180 mm/kasan/report.c:602\n mgmt_remove_adv_monitor_sync+0x3a/0xd0 net/bluetooth/mgmt.c:5543\n hci_cmd_sync_work+0x22b/0x400 net/bluetooth/hci_sync.c:332\n process_one_work kernel/workqueue.c:3229 [inline]\n process_scheduled_works+0xa63/0x1850 kernel/workqueue.c:3310\n worker_thread+0x870/0xd30 kernel/workqueue.c:3391\n kthread+0x2f0/0x390 kernel/kthread.c:389\n ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n \u003c/TASK\u003e\n\nAllocated by task 16026:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0x98/0xb0 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __kmalloc_cache_noprof+0x243/0x390 mm/slub.c:4314\n kmalloc_noprof include/linux/slab.h:901 [inline]\n kzalloc_noprof include/linux/slab.h:1037 [inline]\n mgmt_pending_new+0x65/0x250 net/bluetooth/mgmt_util.c:269\n mgmt_pending_add+0x36/0x120 net/bluetooth/mgmt_util.c:296\n remove_adv_monitor+0x102/0x1b0 net/bluetooth/mgmt.c:5568\n hci_mgmt_cmd+0xc47/0x11d0 net/bluetooth/hci_sock.c:1712\n hci_sock_sendmsg+0x7b8/0x11c0 net/bluetooth/hci_sock.c:1832\n sock_sendmsg_nosec net/socket.c:711 [inline]\n __sock_sendmsg+0x221/0x270 net/socket.c:726\n sock_write_iter+0x2d7/0x3f0 net/socket.c:1147\n new_sync_write fs/read_write.c:586 [inline]\n vfs_write+0xaeb/0xd30 fs/read_write.c:679\n ksys_write+0x18f/0x2b0 fs/read_write.c:731\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nFreed by task 16022:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:582\n poison_slab_object mm/kasan/common.c:247 [inline]\n __kasan_slab_free+0x59/0x70 mm/kasan/common.c:264\n kasan_slab_free include/linux/kasan.h:233 [inline]\n slab_free_hook mm/slub.c:2338 [inline]\n slab_free mm/slub.c:4598 [inline]\n kfree+0x196/0x420 mm/slub.c:4746\n mgmt_pending_foreach+0xd1/0x130 net/bluetooth/mgmt_util.c:259\n __mgmt_power_off+0x183/0x430 net/bluetooth/mgmt.c:9550\n hci_dev_close_sync+0x6c4/0x11c0 net/bluetooth/hci_sync.c:5208\n hci_dev_do_close net/bluetooth/hci_core.c:483 [inline]\n hci_dev_close+0x112/0x210 net/bluetooth/hci_core.c:508\n sock_do_ioctl+0x158/0x460 net/socket.c:1209\n sock_ioctl+0x626/0x8e0 net/socket.c:1328\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:906 [inline]\n __se_sys_ioctl+0xf5/0x170 fs/ioctl.c:892\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58013",
"url": "https://www.suse.com/security/cve/CVE-2024-58013"
},
{
"category": "external",
"summary": "SUSE Bug 1239095 for CVE-2024-58013",
"url": "https://bugzilla.suse.com/1239095"
},
{
"category": "external",
"summary": "SUSE Bug 1239096 for CVE-2024-58013",
"url": "https://bugzilla.suse.com/1239096"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "important"
}
],
"title": "CVE-2024-58013"
},
{
"cve": "CVE-2024-58014",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58014"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy()\n\nIn \u0027wlc_phy_iqcal_gainparams_nphy()\u0027, add gain range check to WARN()\ninstead of possible out-of-bounds \u0027tbl_iqcal_gainparams_nphy\u0027 access.\nCompile tested only.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58014",
"url": "https://www.suse.com/security/cve/CVE-2024-58014"
},
{
"category": "external",
"summary": "SUSE Bug 1239109 for CVE-2024-58014",
"url": "https://bugzilla.suse.com/1239109"
},
{
"category": "external",
"summary": "SUSE Bug 1239110 for CVE-2024-58014",
"url": "https://bugzilla.suse.com/1239110"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "important"
}
],
"title": "CVE-2024-58014"
},
{
"cve": "CVE-2024-58017",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58017"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nprintk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX\n\nShifting 1 \u003c\u003c 31 on a 32-bit int causes signed integer overflow, which\nleads to undefined behavior. To prevent this, cast 1 to u32 before\nperforming the shift, ensuring well-defined behavior.\n\nThis change explicitly avoids any potential overflow by ensuring that\nthe shift occurs on an unsigned 32-bit integer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58017",
"url": "https://www.suse.com/security/cve/CVE-2024-58017"
},
{
"category": "external",
"summary": "SUSE Bug 1239112 for CVE-2024-58017",
"url": "https://bugzilla.suse.com/1239112"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2024-58017"
},
{
"cve": "CVE-2024-58019",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58019"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvkm/gsp: correctly advance the read pointer of GSP message queue\n\nA GSP event message consists three parts: message header, RPC header,\nmessage body. GSP calculates the number of pages to write from the\ntotal size of a GSP message. This behavior can be observed from the\nmovement of the write pointer.\n\nHowever, nvkm takes only the size of RPC header and message body as\nthe message size when advancing the read pointer. When handling a\ntwo-page GSP message in the non rollback case, It wrongly takes the\nmessage body of the previous message as the message header of the next\nmessage. As the \"message length\" tends to be zero, in the calculation of\nsize needs to be copied (0 - size of (message header)), the size needs to\nbe copied will be \"0xffffffxx\". It also triggers a kernel panic due to a\nNULL pointer error.\n\n[ 547.614102] msg: 00000f90: ff ff ff ff ff ff ff ff 40 d7 18 fb 8b 00 00 00 ........@.......\n[ 547.622533] msg: 00000fa0: 00 00 00 00 ff ff ff ff ff ff ff ff 00 00 00 00 ................\n[ 547.630965] msg: 00000fb0: ff ff ff ff ff ff ff ff 00 00 00 00 ff ff ff ff ................\n[ 547.639397] msg: 00000fc0: ff ff ff ff 00 00 00 00 ff ff ff ff ff ff ff ff ................\n[ 547.647832] nvkm 0000:c1:00.0: gsp: peek msg rpc fn:0 len:0x0/0xffffffffffffffe0\n[ 547.655225] nvkm 0000:c1:00.0: gsp: get msg rpc fn:0 len:0x0/0xffffffffffffffe0\n[ 547.662532] BUG: kernel NULL pointer dereference, address: 0000000000000020\n[ 547.669485] #PF: supervisor read access in kernel mode\n[ 547.674624] #PF: error_code(0x0000) - not-present page\n[ 547.679755] PGD 0 P4D 0\n[ 547.682294] Oops: 0000 [#1] PREEMPT SMP NOPTI\n[ 547.686643] CPU: 22 PID: 322 Comm: kworker/22:1 Tainted: G E 6.9.0-rc6+ #1\n[ 547.694893] Hardware name: ASRockRack 1U1G-MILAN/N/ROMED8-NL, BIOS L3.12E 09/06/2022\n[ 547.702626] Workqueue: events r535_gsp_msgq_work [nvkm]\n[ 547.707921] RIP: 0010:r535_gsp_msg_recv+0x87/0x230 [nvkm]\n[ 547.713375] Code: 00 8b 70 08 48 89 e1 31 d2 4c 89 f7 e8 12 f5 ff ff 48 89 c5 48 85 c0 0f 84 cf 00 00 00 48 81 fd 00 f0 ff ff 0f 87 c4 00 00 00 \u003c8b\u003e 55 10 41 8b 46 30 85 d2 0f 85 f6 00 00 00 83 f8 04 76 10 ba 05\n[ 547.732119] RSP: 0018:ffffabe440f87e10 EFLAGS: 00010203\n[ 547.737335] RAX: 0000000000000010 RBX: 0000000000000008 RCX: 000000000000003f\n[ 547.744461] RDX: 0000000000000000 RSI: ffffabe4480a8030 RDI: 0000000000000010\n[ 547.751585] RBP: 0000000000000010 R08: 0000000000000000 R09: ffffabe440f87bb0\n[ 547.758707] R10: ffffabe440f87dc8 R11: 0000000000000010 R12: 0000000000000000\n[ 547.765834] R13: 0000000000000000 R14: ffff9351df1e5000 R15: 0000000000000000\n[ 547.772958] FS: 0000000000000000(0000) GS:ffff93708eb00000(0000) knlGS:0000000000000000\n[ 547.781035] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 547.786771] CR2: 0000000000000020 CR3: 00000003cc220002 CR4: 0000000000770ef0\n[ 547.793896] PKRU: 55555554\n[ 547.796600] Call Trace:\n[ 547.799046] \u003cTASK\u003e\n[ 547.801152] ? __die+0x20/0x70\n[ 547.804211] ? page_fault_oops+0x75/0x170\n[ 547.808221] ? print_hex_dump+0x100/0x160\n[ 547.812226] ? exc_page_fault+0x64/0x150\n[ 547.816152] ? asm_exc_page_fault+0x22/0x30\n[ 547.820341] ? r535_gsp_msg_recv+0x87/0x230 [nvkm]\n[ 547.825184] r535_gsp_msgq_work+0x42/0x50 [nvkm]\n[ 547.829845] process_one_work+0x196/0x3d0\n[ 547.833861] worker_thread+0x2fc/0x410\n[ 547.837613] ? __pfx_worker_thread+0x10/0x10\n[ 547.841885] kthread+0xdf/0x110\n[ 547.845031] ? __pfx_kthread+0x10/0x10\n[ 547.848775] ret_from_fork+0x30/0x50\n[ 547.852354] ? __pfx_kthread+0x10/0x10\n[ 547.856097] ret_from_fork_asm+0x1a/0x30\n[ 547.860019] \u003c/TASK\u003e\n[ 547.862208] Modules linked in: nvkm(E) gsp_log(E) snd_seq_dummy(E) snd_hrtimer(E) snd_seq(E) snd_timer(E) snd_seq_device(E) snd(E) soundcore(E) rfkill(E) qrtr(E) vfat(E) fat(E) ipmi_ssif(E) amd_atl(E) intel_rapl_msr(E) intel_rapl_common(E) amd64_edac(E) mlx5_ib(E) edac_mce_amd(E) kvm_amd\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58019",
"url": "https://www.suse.com/security/cve/CVE-2024-58019"
},
{
"category": "external",
"summary": "SUSE Bug 1238997 for CVE-2024-58019",
"url": "https://bugzilla.suse.com/1238997"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2024-58019"
},
{
"cve": "CVE-2024-58020",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58020"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: multitouch: Add NULL check in mt_input_configured\n\ndevm_kasprintf() can return a NULL pointer on failure,but this\nreturned value in mt_input_configured() is not checked.\nAdd NULL check in mt_input_configured(), to handle kernel NULL\npointer dereference error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58020",
"url": "https://www.suse.com/security/cve/CVE-2024-58020"
},
{
"category": "external",
"summary": "SUSE Bug 1239346 for CVE-2024-58020",
"url": "https://bugzilla.suse.com/1239346"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2024-58020"
},
{
"cve": "CVE-2024-58034",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58034"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmemory: tegra20-emc: fix an OF node reference bug in tegra_emc_find_node_by_ram_code()\n\nAs of_find_node_by_name() release the reference of the argument device\nnode, tegra_emc_find_node_by_ram_code() releases some device nodes while\nstill in use, resulting in possible UAFs. According to the bindings and\nthe in-tree DTS files, the \"emc-tables\" node is always device\u0027s child\nnode with the property \"nvidia,use-ram-code\", and the \"lpddr2\" node is a\nchild of the \"emc-tables\" node. Thus utilize the\nfor_each_child_of_node() macro and of_get_child_by_name() instead of\nof_find_node_by_name() to simplify the code.\n\nThis bug was found by an experimental verification tool that I am\ndeveloping.\n\n[krzysztof: applied v1, adjust the commit msg to incorporate v2 parts]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58034",
"url": "https://www.suse.com/security/cve/CVE-2024-58034"
},
{
"category": "external",
"summary": "SUSE Bug 1238773 for CVE-2024-58034",
"url": "https://bugzilla.suse.com/1238773"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2024-58034"
},
{
"cve": "CVE-2024-58051",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58051"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipmi: ipmb: Add check devm_kasprintf() returned value\n\ndevm_kasprintf() can return a NULL pointer on failure but this\nreturned value is not checked.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58051",
"url": "https://www.suse.com/security/cve/CVE-2024-58051"
},
{
"category": "external",
"summary": "SUSE Bug 1238963 for CVE-2024-58051",
"url": "https://bugzilla.suse.com/1238963"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2024-58051"
},
{
"cve": "CVE-2024-58052",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58052"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix potential NULL pointer dereference in atomctrl_get_smc_sclk_range_table\n\nThe function atomctrl_get_smc_sclk_range_table() does not check the return\nvalue of smu_atom_get_data_table(). If smu_atom_get_data_table() fails to\nretrieve SMU_Info table, it returns NULL which is later dereferenced.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.\n\nIn practice this should never happen as this code only gets called\non polaris chips and the vbios data table will always be present on\nthose chips.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58052",
"url": "https://www.suse.com/security/cve/CVE-2024-58052"
},
{
"category": "external",
"summary": "SUSE Bug 1238986 for CVE-2024-58052",
"url": "https://bugzilla.suse.com/1238986"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2024-58052"
},
{
"cve": "CVE-2024-58054",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58054"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nstaging: media: max96712: fix kernel oops when removing module\n\nThe following kernel oops is thrown when trying to remove the max96712\nmodule:\n\nUnable to handle kernel paging request at virtual address 00007375746174db\nMem abort info:\n ESR = 0x0000000096000004\n EC = 0x25: DABT (current EL), IL = 32 bits\n SET = 0, FnV = 0\n EA = 0, S1PTW = 0\n FSC = 0x04: level 0 translation fault\nData abort info:\n ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000\n CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\nuser pgtable: 4k pages, 48-bit VAs, pgdp=000000010af89000\n[00007375746174db] pgd=0000000000000000, p4d=0000000000000000\nInternal error: Oops: 0000000096000004 [#1] PREEMPT SMP\nModules linked in: crct10dif_ce polyval_ce mxc_jpeg_encdec flexcan\n snd_soc_fsl_sai snd_soc_fsl_asoc_card snd_soc_fsl_micfil dwc_mipi_csi2\n imx_csi_formatter polyval_generic v4l2_jpeg imx_pcm_dma can_dev\n snd_soc_imx_audmux snd_soc_wm8962 snd_soc_imx_card snd_soc_fsl_utils\n max96712(C-) rpmsg_ctrl rpmsg_char pwm_fan fuse\n [last unloaded: imx8_isi]\nCPU: 0 UID: 0 PID: 754 Comm: rmmod\n\t Tainted: G C 6.12.0-rc6-06364-g327fec852c31 #17\nTainted: [C]=CRAP\nHardware name: NXP i.MX95 19X19 board (DT)\npstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : led_put+0x1c/0x40\nlr : v4l2_subdev_put_privacy_led+0x48/0x58\nsp : ffff80008699bbb0\nx29: ffff80008699bbb0 x28: ffff00008ac233c0 x27: 0000000000000000\nx26: 0000000000000000 x25: 0000000000000000 x24: 0000000000000000\nx23: ffff000080cf1170 x22: ffff00008b53bd00 x21: ffff8000822ad1c8\nx20: ffff000080ff5c00 x19: ffff00008b53be40 x18: 0000000000000000\nx17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000\nx14: 0000000000000004 x13: ffff0000800f8010 x12: 0000000000000000\nx11: ffff000082acf5c0 x10: ffff000082acf478 x9 : ffff0000800f8010\nx8 : 0101010101010101 x7 : 7f7f7f7f7f7f7f7f x6 : fefefeff6364626d\nx5 : 8080808000000000 x4 : 0000000000000020 x3 : 00000000553a3dc1\nx2 : ffff00008ac233c0 x1 : ffff00008ac233c0 x0 : ff00737574617473\nCall trace:\n led_put+0x1c/0x40\n v4l2_subdev_put_privacy_led+0x48/0x58\n v4l2_async_unregister_subdev+0x2c/0x1a4\n max96712_remove+0x1c/0x38 [max96712]\n i2c_device_remove+0x2c/0x9c\n device_remove+0x4c/0x80\n device_release_driver_internal+0x1cc/0x228\n driver_detach+0x4c/0x98\n bus_remove_driver+0x6c/0xbc\n driver_unregister+0x30/0x60\n i2c_del_driver+0x54/0x64\n max96712_i2c_driver_exit+0x18/0x1d0 [max96712]\n __arm64_sys_delete_module+0x1a4/0x290\n invoke_syscall+0x48/0x10c\n el0_svc_common.constprop.0+0xc0/0xe0\n do_el0_svc+0x1c/0x28\n el0_svc+0x34/0xd8\n el0t_64_sync_handler+0x120/0x12c\n el0t_64_sync+0x190/0x194\nCode: f9000bf3 aa0003f3 f9402800 f9402000 (f9403400)\n---[ end trace 0000000000000000 ]---\n\nThis happens because in v4l2_i2c_subdev_init(), the i2c_set_cliendata()\nis called again and the data is overwritten to point to sd, instead of\npriv. So, in remove(), the wrong pointer is passed to\nv4l2_async_unregister_subdev(), leading to a crash.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58054",
"url": "https://www.suse.com/security/cve/CVE-2024-58054"
},
{
"category": "external",
"summary": "SUSE Bug 1238975 for CVE-2024-58054",
"url": "https://bugzilla.suse.com/1238975"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2024-58054"
},
{
"cve": "CVE-2024-58055",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58055"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: f_tcm: Don\u0027t free command immediately\n\nDon\u0027t prematurely free the command. Wait for the status completion of\nthe sense status. It can be freed then. Otherwise we will double-free\nthe command.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58055",
"url": "https://www.suse.com/security/cve/CVE-2024-58055"
},
{
"category": "external",
"summary": "SUSE Bug 1238959 for CVE-2024-58055",
"url": "https://bugzilla.suse.com/1238959"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2024-58055"
},
{
"cve": "CVE-2024-58056",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58056"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nremoteproc: core: Fix ida_free call while not allocated\n\nIn the rproc_alloc() function, on error, put_device(\u0026rproc-\u003edev) is\ncalled, leading to the call of the rproc_type_release() function.\nAn error can occurs before ida_alloc is called.\n\nIn such case in rproc_type_release(), the condition (rproc-\u003eindex \u003e= 0) is\ntrue as rproc-\u003eindex has been initialized to 0.\nida_free() is called reporting a warning:\n[ 4.181906] WARNING: CPU: 1 PID: 24 at lib/idr.c:525 ida_free+0x100/0x164\n[ 4.186378] stm32-display-dsi 5a000000.dsi: Fixed dependency cycle(s) with /soc/dsi@5a000000/panel@0\n[ 4.188854] ida_free called for id=0 which is not allocated.\n[ 4.198256] mipi-dsi 5a000000.dsi.0: Fixed dependency cycle(s) with /soc/dsi@5a000000\n[ 4.203556] Modules linked in: panel_orisetech_otm8009a dw_mipi_dsi_stm(+) gpu_sched dw_mipi_dsi stm32_rproc stm32_crc32 stm32_ipcc(+) optee(+)\n[ 4.224307] CPU: 1 UID: 0 PID: 24 Comm: kworker/u10:0 Not tainted 6.12.0 #442\n[ 4.231481] Hardware name: STM32 (Device Tree Support)\n[ 4.236627] Workqueue: events_unbound deferred_probe_work_func\n[ 4.242504] Call trace:\n[ 4.242522] unwind_backtrace from show_stack+0x10/0x14\n[ 4.250218] show_stack from dump_stack_lvl+0x50/0x64\n[ 4.255274] dump_stack_lvl from __warn+0x80/0x12c\n[ 4.260134] __warn from warn_slowpath_fmt+0x114/0x188\n[ 4.265199] warn_slowpath_fmt from ida_free+0x100/0x164\n[ 4.270565] ida_free from rproc_type_release+0x38/0x60\n[ 4.275832] rproc_type_release from device_release+0x30/0xa0\n[ 4.281601] device_release from kobject_put+0xc4/0x294\n[ 4.286762] kobject_put from rproc_alloc.part.0+0x208/0x28c\n[ 4.292430] rproc_alloc.part.0 from devm_rproc_alloc+0x80/0xc4\n[ 4.298393] devm_rproc_alloc from stm32_rproc_probe+0xd0/0x844 [stm32_rproc]\n[ 4.305575] stm32_rproc_probe [stm32_rproc] from platform_probe+0x5c/0xbc\n\nCalling ida_alloc earlier in rproc_alloc ensures that the rproc-\u003eindex is\nproperly set.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58056",
"url": "https://www.suse.com/security/cve/CVE-2024-58056"
},
{
"category": "external",
"summary": "SUSE Bug 1238981 for CVE-2024-58056",
"url": "https://bugzilla.suse.com/1238981"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2024-58056"
},
{
"cve": "CVE-2024-58057",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58057"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nidpf: convert workqueues to unbound\n\nWhen a workqueue is created with `WQ_UNBOUND`, its work items are\nserved by special worker-pools, whose host workers are not bound to\nany specific CPU. In the default configuration (i.e. when\n`queue_delayed_work` and friends do not specify which CPU to run the\nwork item on), `WQ_UNBOUND` allows the work item to be executed on any\nCPU in the same node of the CPU it was enqueued on. While this\nsolution potentially sacrifices locality, it avoids contention with\nother processes that might dominate the CPU time of the processor the\nwork item was scheduled on.\n\nThis is not just a theoretical problem: in a particular scenario\nmisconfigured process was hogging most of the time from CPU0, leaving\nless than 0.5% of its CPU time to the kworker. The IDPF workqueues\nthat were using the kworker on CPU0 suffered large completion delays\nas a result, causing performance degradation, timeouts and eventual\nsystem crash.\n\n\n* I have also run a manual test to gauge the performance\n improvement. The test consists of an antagonist process\n (`./stress --cpu 2`) consuming as much of CPU 0 as possible. This\n process is run under `taskset 01` to bind it to CPU0, and its\n priority is changed with `chrt -pQ 9900 10000 ${pid}` and\n `renice -n -20 ${pid}` after start.\n\n Then, the IDPF driver is forced to prefer CPU0 by editing all calls\n to `queue_delayed_work`, `mod_delayed_work`, etc... to use CPU 0.\n\n Finally, `ktraces` for the workqueue events are collected.\n\n Without the current patch, the antagonist process can force\n arbitrary delays between `workqueue_queue_work` and\n `workqueue_execute_start`, that in my tests were as high as\n `30ms`. With the current patch applied, the workqueue can be\n migrated to another unloaded CPU in the same node, and, keeping\n everything else equal, the maximum delay I could see was `6us`.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58057",
"url": "https://www.suse.com/security/cve/CVE-2024-58057"
},
{
"category": "external",
"summary": "SUSE Bug 1238969 for CVE-2024-58057",
"url": "https://bugzilla.suse.com/1238969"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2024-58057"
},
{
"cve": "CVE-2024-58058",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58058"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nubifs: skip dumping tnc tree when zroot is null\n\nClearing slab cache will free all znode in memory and make\nc-\u003ezroot.znode = NULL, then dumping tnc tree will access\nc-\u003ezroot.znode which cause null pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58058",
"url": "https://www.suse.com/security/cve/CVE-2024-58058"
},
{
"category": "external",
"summary": "SUSE Bug 1238979 for CVE-2024-58058",
"url": "https://bugzilla.suse.com/1238979"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2024-58058"
},
{
"cve": "CVE-2024-58061",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58061"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: prohibit deactivating all links\n\nIn the internal API this calls this is a WARN_ON, but that\nshould remain since internally we want to know about bugs\nthat may cause this. Prevent deactivating all links in the\ndebugfs write directly.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58061",
"url": "https://www.suse.com/security/cve/CVE-2024-58061"
},
{
"category": "external",
"summary": "SUSE Bug 1238973 for CVE-2024-58061",
"url": "https://bugzilla.suse.com/1238973"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2024-58061"
},
{
"cve": "CVE-2024-58063",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58063"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtlwifi: fix memory leaks and invalid access at probe error path\n\nDeinitialize at reverse order when probe fails.\n\nWhen init_sw_vars fails, rtl_deinit_core should not be called, specially\nnow that it destroys the rtl_wq workqueue.\n\nAnd call rtl_pci_deinit and deinit_sw_vars, otherwise, memory will be\nleaked.\n\nRemove pci_set_drvdata call as it will already be cleaned up by the core\ndriver code and could lead to memory leaks too. cf. commit 8d450935ae7f\n(\"wireless: rtlwifi: remove unnecessary pci_set_drvdata()\") and\ncommit 3d86b93064c7 (\"rtlwifi: Fix PCI probe error path orphaned memory\").",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58063",
"url": "https://www.suse.com/security/cve/CVE-2024-58063"
},
{
"category": "external",
"summary": "SUSE Bug 1238984 for CVE-2024-58063",
"url": "https://bugzilla.suse.com/1238984"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2024-58063"
},
{
"cve": "CVE-2024-58069",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58069"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nrtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read\n\nThe nvmem interface supports variable buffer sizes, while the regmap\ninterface operates with fixed-size storage. If an nvmem client uses a\nbuffer size less than 4 bytes, regmap_read will write out of bounds\nas it expects the buffer to point at an unsigned int.\n\nFix this by using an intermediary unsigned int to hold the value.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58069",
"url": "https://www.suse.com/security/cve/CVE-2024-58069"
},
{
"category": "external",
"summary": "SUSE Bug 1238978 for CVE-2024-58069",
"url": "https://bugzilla.suse.com/1238978"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2024-58069"
},
{
"cve": "CVE-2024-58072",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58072"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtlwifi: remove unused check_buddy_priv\n\nCommit 2461c7d60f9f (\"rtlwifi: Update header file\") introduced a global\nlist of private data structures.\n\nLater on, commit 26634c4b1868 (\"rtlwifi Modify existing bits to match\nvendor version 2013.02.07\") started adding the private data to that list at\nprobe time and added a hook, check_buddy_priv to find the private data from\na similar device.\n\nHowever, that function was never used.\n\nBesides, though there is a lock for that list, it is never used. And when\nthe probe fails, the private data is never removed from the list. This\nwould cause a second probe to access freed memory.\n\nRemove the unused hook, structures and members, which will prevent the\npotential race condition on the list and its corruption during a second\nprobe when probe fails.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58072",
"url": "https://www.suse.com/security/cve/CVE-2024-58072"
},
{
"category": "external",
"summary": "SUSE Bug 1238964 for CVE-2024-58072",
"url": "https://bugzilla.suse.com/1238964"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2024-58072"
},
{
"cve": "CVE-2024-58076",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58076"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: qcom: gcc-sm6350: Add missing parent_map for two clocks\n\nIf a clk_rcg2 has a parent, it should also have parent_map defined,\notherwise we\u0027ll get a NULL pointer dereference when calling clk_set_rate\nlike the following:\n\n [ 3.388105] Call trace:\n [ 3.390664] qcom_find_src_index+0x3c/0x70 (P)\n [ 3.395301] qcom_find_src_index+0x1c/0x70 (L)\n [ 3.399934] _freq_tbl_determine_rate+0x48/0x100\n [ 3.404753] clk_rcg2_determine_rate+0x1c/0x28\n [ 3.409387] clk_core_determine_round_nolock+0x58/0xe4\n [ 3.421414] clk_core_round_rate_nolock+0x48/0xfc\n [ 3.432974] clk_core_round_rate_nolock+0xd0/0xfc\n [ 3.444483] clk_core_set_rate_nolock+0x8c/0x300\n [ 3.455886] clk_set_rate+0x38/0x14c\n\nAdd the parent_map property for two clocks where it\u0027s missing and also\nun-inline the parent_data as well to keep the matching parent_map and\nparent_data together.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58076",
"url": "https://www.suse.com/security/cve/CVE-2024-58076"
},
{
"category": "external",
"summary": "SUSE Bug 1239037 for CVE-2024-58076",
"url": "https://bugzilla.suse.com/1239037"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2024-58076"
},
{
"cve": "CVE-2024-58078",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58078"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmisc: misc_minor_alloc to use ida for all dynamic/misc dynamic minors\n\nmisc_minor_alloc was allocating id using ida for minor only in case of\nMISC_DYNAMIC_MINOR but misc_minor_free was always freeing ids\nusing ida_free causing a mismatch and following warn:\n\u003e \u003e WARNING: CPU: 0 PID: 159 at lib/idr.c:525 ida_free+0x3e0/0x41f\n\u003e \u003e ida_free called for id=127 which is not allocated.\n\u003e \u003e \u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\n...\n\u003e \u003e [\u003c60941eb4\u003e] ida_free+0x3e0/0x41f\n\u003e \u003e [\u003c605ac993\u003e] misc_minor_free+0x3e/0xbc\n\u003e \u003e [\u003c605acb82\u003e] misc_deregister+0x171/0x1b3\n\nmisc_minor_alloc is changed to allocate id from ida for all minors\nfalling in the range of dynamic/ misc dynamic minors",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58078",
"url": "https://www.suse.com/security/cve/CVE-2024-58078"
},
{
"category": "external",
"summary": "SUSE Bug 1239034 for CVE-2024-58078",
"url": "https://bugzilla.suse.com/1239034"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2024-58078"
},
{
"cve": "CVE-2024-58079",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58079"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: uvcvideo: Fix crash during unbind if gpio unit is in use\n\nWe used the wrong device for the device managed functions. We used the\nusb device, when we should be using the interface device.\n\nIf we unbind the driver from the usb interface, the cleanup functions\nare never called. In our case, the IRQ is never disabled.\n\nIf an IRQ is triggered, it will try to access memory sections that are\nalready free, causing an OOPS.\n\nWe cannot use the function devm_request_threaded_irq here. The devm_*\nclean functions may be called after the main structure is released by\nuvc_delete.\n\nLuckily this bug has small impact, as it is only affected by devices\nwith gpio units and the user has to unbind the device, a disconnect will\nnot trigger this error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58079",
"url": "https://www.suse.com/security/cve/CVE-2024-58079"
},
{
"category": "external",
"summary": "SUSE Bug 1239029 for CVE-2024-58079",
"url": "https://bugzilla.suse.com/1239029"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2024-58079"
},
{
"cve": "CVE-2024-58080",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58080"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: qcom: dispcc-sm6350: Add missing parent_map for a clock\n\nIf a clk_rcg2 has a parent, it should also have parent_map defined,\notherwise we\u0027ll get a NULL pointer dereference when calling clk_set_rate\nlike the following:\n\n [ 3.388105] Call trace:\n [ 3.390664] qcom_find_src_index+0x3c/0x70 (P)\n [ 3.395301] qcom_find_src_index+0x1c/0x70 (L)\n [ 3.399934] _freq_tbl_determine_rate+0x48/0x100\n [ 3.404753] clk_rcg2_determine_rate+0x1c/0x28\n [ 3.409387] clk_core_determine_round_nolock+0x58/0xe4\n [ 3.421414] clk_core_round_rate_nolock+0x48/0xfc\n [ 3.432974] clk_core_round_rate_nolock+0xd0/0xfc\n [ 3.444483] clk_core_set_rate_nolock+0x8c/0x300\n [ 3.455886] clk_set_rate+0x38/0x14c\n\nAdd the parent_map property for the clock where it\u0027s missing and also\nun-inline the parent_data as well to keep the matching parent_map and\nparent_data together.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58080",
"url": "https://www.suse.com/security/cve/CVE-2024-58080"
},
{
"category": "external",
"summary": "SUSE Bug 1239027 for CVE-2024-58080",
"url": "https://bugzilla.suse.com/1239027"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2024-58080"
},
{
"cve": "CVE-2024-58083",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58083"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: Explicitly verify target vCPU is online in kvm_get_vcpu()\n\nExplicitly verify the target vCPU is fully online _prior_ to clamping the\nindex in kvm_get_vcpu(). If the index is \"bad\", the nospec clamping will\ngenerate \u00270\u0027, i.e. KVM will return vCPU0 instead of NULL.\n\nIn practice, the bug is unlikely to cause problems, as it will only come\ninto play if userspace or the guest is buggy or misbehaving, e.g. KVM may\nsend interrupts to vCPU0 instead of dropping them on the floor.\n\nHowever, returning vCPU0 when it shouldn\u0027t exist per online_vcpus is\nproblematic now that KVM uses an xarray for the vCPUs array, as KVM needs\nto insert into the xarray before publishing the vCPU to userspace (see\ncommit c5b077549136 (\"KVM: Convert the kvm-\u003evcpus array to a xarray\")),\ni.e. before vCPU creation is guaranteed to succeed.\n\nAs a result, incorrectly providing access to vCPU0 will trigger a\nuse-after-free if vCPU0 is dereferenced and kvm_vm_ioctl_create_vcpu()\nbails out of vCPU creation due to an error and frees vCPU0. Commit\nafb2acb2e3a3 (\"KVM: Fix vcpu_array[0] races\") papered over that issue, but\nin doing so introduced an unsolvable teardown conundrum. Preventing\naccesses to vCPU0 before it\u0027s fully online will allow reverting commit\nafb2acb2e3a3, without re-introducing the vcpu_array[0] UAF race.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58083",
"url": "https://www.suse.com/security/cve/CVE-2024-58083"
},
{
"category": "external",
"summary": "SUSE Bug 1239036 for CVE-2024-58083",
"url": "https://bugzilla.suse.com/1239036"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2024-58083"
},
{
"cve": "CVE-2024-58085",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58085"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntomoyo: don\u0027t emit warning in tomoyo_write_control()\n\nsyzbot is reporting too large allocation warning at tomoyo_write_control(),\nfor one can write a very very long line without new line character. To fix\nthis warning, I use __GFP_NOWARN rather than checking for KMALLOC_MAX_SIZE,\nfor practically a valid line should be always shorter than 32KB where the\n\"too small to fail\" memory-allocation rule applies.\n\nOne might try to write a valid line that is longer than 32KB, but such\nrequest will likely fail with -ENOMEM. Therefore, I feel that separately\nreturning -EINVAL when a line is longer than KMALLOC_MAX_SIZE is redundant.\nThere is no need to distinguish over-32KB and over-KMALLOC_MAX_SIZE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58085",
"url": "https://www.suse.com/security/cve/CVE-2024-58085"
},
{
"category": "external",
"summary": "SUSE Bug 1239085 for CVE-2024-58085",
"url": "https://bugzilla.suse.com/1239085"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2024-58085"
},
{
"cve": "CVE-2024-58086",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58086"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Stop active perfmon if it is being destroyed\n\nIf the active performance monitor (`v3d-\u003eactive_perfmon`) is being\ndestroyed, stop it first. Currently, the active perfmon is not\nstopped during destruction, leaving the `v3d-\u003eactive_perfmon` pointer\nstale. This can lead to undefined behavior and instability.\n\nThis patch ensures that the active perfmon is stopped before being\ndestroyed, aligning with the behavior introduced in commit\n7d1fd3638ee3 (\"drm/v3d: Stop the active perfmon before being destroyed\").",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58086",
"url": "https://www.suse.com/security/cve/CVE-2024-58086"
},
{
"category": "external",
"summary": "SUSE Bug 1239038 for CVE-2024-58086",
"url": "https://bugzilla.suse.com/1239038"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2024-58086"
},
{
"cve": "CVE-2025-21631",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21631"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock, bfq: fix waker_bfqq UAF after bfq_split_bfqq()\n\nOur syzkaller report a following UAF for v6.6:\n\nBUG: KASAN: slab-use-after-free in bfq_init_rq+0x175d/0x17a0 block/bfq-iosched.c:6958\nRead of size 8 at addr ffff8881b57147d8 by task fsstress/232726\n\nCPU: 2 PID: 232726 Comm: fsstress Not tainted 6.6.0-g3629d1885222 #39\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x91/0xf0 lib/dump_stack.c:106\n print_address_description.constprop.0+0x66/0x300 mm/kasan/report.c:364\n print_report+0x3e/0x70 mm/kasan/report.c:475\n kasan_report+0xb8/0xf0 mm/kasan/report.c:588\n hlist_add_head include/linux/list.h:1023 [inline]\n bfq_init_rq+0x175d/0x17a0 block/bfq-iosched.c:6958\n bfq_insert_request.isra.0+0xe8/0xa20 block/bfq-iosched.c:6271\n bfq_insert_requests+0x27f/0x390 block/bfq-iosched.c:6323\n blk_mq_insert_request+0x290/0x8f0 block/blk-mq.c:2660\n blk_mq_submit_bio+0x1021/0x15e0 block/blk-mq.c:3143\n __submit_bio+0xa0/0x6b0 block/blk-core.c:639\n __submit_bio_noacct_mq block/blk-core.c:718 [inline]\n submit_bio_noacct_nocheck+0x5b7/0x810 block/blk-core.c:747\n submit_bio_noacct+0xca0/0x1990 block/blk-core.c:847\n __ext4_read_bh fs/ext4/super.c:205 [inline]\n ext4_read_bh+0x15e/0x2e0 fs/ext4/super.c:230\n __read_extent_tree_block+0x304/0x6f0 fs/ext4/extents.c:567\n ext4_find_extent+0x479/0xd20 fs/ext4/extents.c:947\n ext4_ext_map_blocks+0x1a3/0x2680 fs/ext4/extents.c:4182\n ext4_map_blocks+0x929/0x15a0 fs/ext4/inode.c:660\n ext4_iomap_begin_report+0x298/0x480 fs/ext4/inode.c:3569\n iomap_iter+0x3dd/0x1010 fs/iomap/iter.c:91\n iomap_fiemap+0x1f4/0x360 fs/iomap/fiemap.c:80\n ext4_fiemap+0x181/0x210 fs/ext4/extents.c:5051\n ioctl_fiemap.isra.0+0x1b4/0x290 fs/ioctl.c:220\n do_vfs_ioctl+0x31c/0x11a0 fs/ioctl.c:811\n __do_sys_ioctl fs/ioctl.c:869 [inline]\n __se_sys_ioctl+0xae/0x190 fs/ioctl.c:857\n do_syscall_x64 arch/x86/entry/common.c:51 [inline]\n do_syscall_64+0x70/0x120 arch/x86/entry/common.c:81\n entry_SYSCALL_64_after_hwframe+0x78/0xe2\n\nAllocated by task 232719:\n kasan_save_stack+0x22/0x50 mm/kasan/common.c:45\n kasan_set_track+0x25/0x30 mm/kasan/common.c:52\n __kasan_slab_alloc+0x87/0x90 mm/kasan/common.c:328\n kasan_slab_alloc include/linux/kasan.h:188 [inline]\n slab_post_alloc_hook mm/slab.h:768 [inline]\n slab_alloc_node mm/slub.c:3492 [inline]\n kmem_cache_alloc_node+0x1b8/0x6f0 mm/slub.c:3537\n bfq_get_queue+0x215/0x1f00 block/bfq-iosched.c:5869\n bfq_get_bfqq_handle_split+0x167/0x5f0 block/bfq-iosched.c:6776\n bfq_init_rq+0x13a4/0x17a0 block/bfq-iosched.c:6938\n bfq_insert_request.isra.0+0xe8/0xa20 block/bfq-iosched.c:6271\n bfq_insert_requests+0x27f/0x390 block/bfq-iosched.c:6323\n blk_mq_insert_request+0x290/0x8f0 block/blk-mq.c:2660\n blk_mq_submit_bio+0x1021/0x15e0 block/blk-mq.c:3143\n __submit_bio+0xa0/0x6b0 block/blk-core.c:639\n __submit_bio_noacct_mq block/blk-core.c:718 [inline]\n submit_bio_noacct_nocheck+0x5b7/0x810 block/blk-core.c:747\n submit_bio_noacct+0xca0/0x1990 block/blk-core.c:847\n __ext4_read_bh fs/ext4/super.c:205 [inline]\n ext4_read_bh_nowait+0x15a/0x240 fs/ext4/super.c:217\n ext4_read_bh_lock+0xac/0xd0 fs/ext4/super.c:242\n ext4_bread_batch+0x268/0x500 fs/ext4/inode.c:958\n __ext4_find_entry+0x448/0x10f0 fs/ext4/namei.c:1671\n ext4_lookup_entry fs/ext4/namei.c:1774 [inline]\n ext4_lookup.part.0+0x359/0x6f0 fs/ext4/namei.c:1842\n ext4_lookup+0x72/0x90 fs/ext4/namei.c:1839\n __lookup_slow+0x257/0x480 fs/namei.c:1696\n lookup_slow fs/namei.c:1713 [inline]\n walk_component+0x454/0x5c0 fs/namei.c:2004\n link_path_walk.part.0+0x773/0xda0 fs/namei.c:2331\n link_path_walk fs/namei.c:3826 [inline]\n path_openat+0x1b9/0x520 fs/namei.c:3826\n do_filp_open+0x1b7/0x400 fs/namei.c:3857\n do_sys_openat2+0x5dc/0x6e0 fs/open.c:1428\n do_sys_open fs/open.c:1443 [inline]\n __do_sys_openat fs/open.c:1459 [inline]\n __se_sys_openat fs/open.c:1454 [inline]\n __x64_sys_openat+0x148/0x200 fs/open.c:1454\n do_syscall_x64 arch/x86/entry/common.c:51 [inline]\n do_syscall_6\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21631",
"url": "https://www.suse.com/security/cve/CVE-2025-21631"
},
{
"category": "external",
"summary": "SUSE Bug 1236099 for CVE-2025-21631",
"url": "https://bugzilla.suse.com/1236099"
},
{
"category": "external",
"summary": "SUSE Bug 1236100 for CVE-2025-21631",
"url": "https://bugzilla.suse.com/1236100"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "important"
}
],
"title": "CVE-2025-21631"
},
{
"cve": "CVE-2025-21635",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21635"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nrds: sysctl: rds_tcp_{rcv,snd}buf: avoid using current-\u003ensproxy\n\nAs mentioned in a previous commit of this series, using the \u0027net\u0027\nstructure via \u0027current\u0027 is not recommended for different reasons:\n\n- Inconsistency: getting info from the reader\u0027s/writer\u0027s netns vs only\n from the opener\u0027s netns.\n\n- current-\u003ensproxy can be NULL in some cases, resulting in an \u0027Oops\u0027\n (null-ptr-deref), e.g. when the current task is exiting, as spotted by\n syzbot [1] using acct(2).\n\nThe per-netns structure can be obtained from the table-\u003edata using\ncontainer_of(), then the \u0027net\u0027 one can be retrieved from the listen\nsocket (if available).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21635",
"url": "https://www.suse.com/security/cve/CVE-2025-21635"
},
{
"category": "external",
"summary": "SUSE Bug 1236111 for CVE-2025-21635",
"url": "https://bugzilla.suse.com/1236111"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-21635"
},
{
"cve": "CVE-2025-21636",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21636"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: sysctl: plpmtud_probe_interval: avoid using current-\u003ensproxy\n\nAs mentioned in a previous commit of this series, using the \u0027net\u0027\nstructure via \u0027current\u0027 is not recommended for different reasons:\n\n- Inconsistency: getting info from the reader\u0027s/writer\u0027s netns vs only\n from the opener\u0027s netns.\n\n- current-\u003ensproxy can be NULL in some cases, resulting in an \u0027Oops\u0027\n (null-ptr-deref), e.g. when the current task is exiting, as spotted by\n syzbot [1] using acct(2).\n\nThe \u0027net\u0027 structure can be obtained from the table-\u003edata using\ncontainer_of().\n\nNote that table-\u003edata could also be used directly, as this is the only\nmember needed from the \u0027net\u0027 structure, but that would increase the size\nof this fix, to use \u0027*data\u0027 everywhere \u0027net-\u003esctp.probe_interval\u0027 is\nused.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21636",
"url": "https://www.suse.com/security/cve/CVE-2025-21636"
},
{
"category": "external",
"summary": "SUSE Bug 1236113 for CVE-2025-21636",
"url": "https://bugzilla.suse.com/1236113"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-21636"
},
{
"cve": "CVE-2025-21637",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21637"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: sysctl: udp_port: avoid using current-\u003ensproxy\n\nAs mentioned in a previous commit of this series, using the \u0027net\u0027\nstructure via \u0027current\u0027 is not recommended for different reasons:\n\n- Inconsistency: getting info from the reader\u0027s/writer\u0027s netns vs only\n from the opener\u0027s netns.\n\n- current-\u003ensproxy can be NULL in some cases, resulting in an \u0027Oops\u0027\n (null-ptr-deref), e.g. when the current task is exiting, as spotted by\n syzbot [1] using acct(2).\n\nThe \u0027net\u0027 structure can be obtained from the table-\u003edata using\ncontainer_of().\n\nNote that table-\u003edata could also be used directly, but that would\nincrease the size of this fix, while \u0027sctp.ctl_sock\u0027 still needs to be\nretrieved from \u0027net\u0027 structure.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21637",
"url": "https://www.suse.com/security/cve/CVE-2025-21637"
},
{
"category": "external",
"summary": "SUSE Bug 1236114 for CVE-2025-21637",
"url": "https://bugzilla.suse.com/1236114"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-21637"
},
{
"cve": "CVE-2025-21638",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21638"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: sysctl: auth_enable: avoid using current-\u003ensproxy\n\nAs mentioned in a previous commit of this series, using the \u0027net\u0027\nstructure via \u0027current\u0027 is not recommended for different reasons:\n\n- Inconsistency: getting info from the reader\u0027s/writer\u0027s netns vs only\n from the opener\u0027s netns.\n\n- current-\u003ensproxy can be NULL in some cases, resulting in an \u0027Oops\u0027\n (null-ptr-deref), e.g. when the current task is exiting, as spotted by\n syzbot [1] using acct(2).\n\nThe \u0027net\u0027 structure can be obtained from the table-\u003edata using\ncontainer_of().\n\nNote that table-\u003edata could also be used directly, but that would\nincrease the size of this fix, while \u0027sctp.ctl_sock\u0027 still needs to be\nretrieved from \u0027net\u0027 structure.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21638",
"url": "https://www.suse.com/security/cve/CVE-2025-21638"
},
{
"category": "external",
"summary": "SUSE Bug 1236115 for CVE-2025-21638",
"url": "https://bugzilla.suse.com/1236115"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-21638"
},
{
"cve": "CVE-2025-21639",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21639"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: sysctl: rto_min/max: avoid using current-\u003ensproxy\n\nAs mentioned in a previous commit of this series, using the \u0027net\u0027\nstructure via \u0027current\u0027 is not recommended for different reasons:\n\n- Inconsistency: getting info from the reader\u0027s/writer\u0027s netns vs only\n from the opener\u0027s netns.\n\n- current-\u003ensproxy can be NULL in some cases, resulting in an \u0027Oops\u0027\n (null-ptr-deref), e.g. when the current task is exiting, as spotted by\n syzbot [1] using acct(2).\n\nThe \u0027net\u0027 structure can be obtained from the table-\u003edata using\ncontainer_of().\n\nNote that table-\u003edata could also be used directly, as this is the only\nmember needed from the \u0027net\u0027 structure, but that would increase the size\nof this fix, to use \u0027*data\u0027 everywhere \u0027net-\u003esctp.rto_min/max\u0027 is used.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21639",
"url": "https://www.suse.com/security/cve/CVE-2025-21639"
},
{
"category": "external",
"summary": "SUSE Bug 1236122 for CVE-2025-21639",
"url": "https://bugzilla.suse.com/1236122"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-21639"
},
{
"cve": "CVE-2025-21640",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21640"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: sysctl: cookie_hmac_alg: avoid using current-\u003ensproxy\n\nAs mentioned in a previous commit of this series, using the \u0027net\u0027\nstructure via \u0027current\u0027 is not recommended for different reasons:\n\n- Inconsistency: getting info from the reader\u0027s/writer\u0027s netns vs only\n from the opener\u0027s netns.\n\n- current-\u003ensproxy can be NULL in some cases, resulting in an \u0027Oops\u0027\n (null-ptr-deref), e.g. when the current task is exiting, as spotted by\n syzbot [1] using acct(2).\n\nThe \u0027net\u0027 structure can be obtained from the table-\u003edata using\ncontainer_of().\n\nNote that table-\u003edata could also be used directly, as this is the only\nmember needed from the \u0027net\u0027 structure, but that would increase the size\nof this fix, to use \u0027*data\u0027 everywhere \u0027net-\u003esctp.sctp_hmac_alg\u0027 is\nused.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21640",
"url": "https://www.suse.com/security/cve/CVE-2025-21640"
},
{
"category": "external",
"summary": "SUSE Bug 1236123 for CVE-2025-21640",
"url": "https://bugzilla.suse.com/1236123"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-21640"
},
{
"cve": "CVE-2025-21647",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21647"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched: sch_cake: add bounds checks to host bulk flow fairness counts\n\nEven though we fixed a logic error in the commit cited below, syzbot\nstill managed to trigger an underflow of the per-host bulk flow\ncounters, leading to an out of bounds memory access.\n\nTo avoid any such logic errors causing out of bounds memory accesses,\nthis commit factors out all accesses to the per-host bulk flow counters\nto a series of helpers that perform bounds-checking before any\nincrements and decrements. This also has the benefit of improving\nreadability by moving the conditional checks for the flow mode into\nthese helpers, instead of having them spread out throughout the\ncode (which was the cause of the original logic error).\n\nAs part of this change, the flow quantum calculation is consolidated\ninto a helper function, which means that the dithering applied to the\nost load scaling is now applied both in the DRR rotation and when a\nsparse flow\u0027s quantum is first initiated. The only user-visible effect\nof this is that the maximum packet size that can be sent while a flow\nstays sparse will now vary with +/- one byte in some cases. This should\nnot make a noticeable difference in practice, and thus it\u0027s not worth\ncomplicating the code to preserve the old behaviour.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21647",
"url": "https://www.suse.com/security/cve/CVE-2025-21647"
},
{
"category": "external",
"summary": "SUSE Bug 1236133 for CVE-2025-21647",
"url": "https://bugzilla.suse.com/1236133"
},
{
"category": "external",
"summary": "SUSE Bug 1236134 for CVE-2025-21647",
"url": "https://bugzilla.suse.com/1236134"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "important"
}
],
"title": "CVE-2025-21647"
},
{
"cve": "CVE-2025-21659",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21659"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetdev: prevent accessing NAPI instances from another namespace\n\nThe NAPI IDs were not fully exposed to user space prior to the netlink\nAPI, so they were never namespaced. The netlink API must ensure that\nat the very least NAPI instance belongs to the same netns as the owner\nof the genl sock.\n\nnapi_by_id() can become static now, but it needs to move because of\ndev_get_by_napi_id().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21659",
"url": "https://www.suse.com/security/cve/CVE-2025-21659"
},
{
"category": "external",
"summary": "SUSE Bug 1236206 for CVE-2025-21659",
"url": "https://bugzilla.suse.com/1236206"
},
{
"category": "external",
"summary": "SUSE Bug 1236207 for CVE-2025-21659",
"url": "https://bugzilla.suse.com/1236207"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "important"
}
],
"title": "CVE-2025-21659"
},
{
"cve": "CVE-2025-21665",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21665"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfilemap: avoid truncating 64-bit offset to 32 bits\n\nOn 32-bit kernels, folio_seek_hole_data() was inadvertently truncating a\n64-bit value to 32 bits, leading to a possible infinite loop when writing\nto an xfs filesystem.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21665",
"url": "https://www.suse.com/security/cve/CVE-2025-21665"
},
{
"category": "external",
"summary": "SUSE Bug 1236684 for CVE-2025-21665",
"url": "https://bugzilla.suse.com/1236684"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-21665"
},
{
"cve": "CVE-2025-21666",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21666"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock: prevent null-ptr-deref in vsock_*[has_data|has_space]\n\nRecent reports have shown how we sometimes call vsock_*_has_data()\nwhen a vsock socket has been de-assigned from a transport (see attached\nlinks), but we shouldn\u0027t.\n\nPrevious commits should have solved the real problems, but we may have\nmore in the future, so to avoid null-ptr-deref, we can return 0\n(no space, no data available) but with a warning.\n\nThis way the code should continue to run in a nearly consistent state\nand have a warning that allows us to debug future problems.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21666",
"url": "https://www.suse.com/security/cve/CVE-2025-21666"
},
{
"category": "external",
"summary": "SUSE Bug 1236680 for CVE-2025-21666",
"url": "https://bugzilla.suse.com/1236680"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-21666"
},
{
"cve": "CVE-2025-21667",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21667"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niomap: avoid avoid truncating 64-bit offset to 32 bits\n\non 32-bit kernels, iomap_write_delalloc_scan() was inadvertently using a\n32-bit position due to folio_next_index() returning an unsigned long.\nThis could lead to an infinite loop when writing to an xfs filesystem.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21667",
"url": "https://www.suse.com/security/cve/CVE-2025-21667"
},
{
"category": "external",
"summary": "SUSE Bug 1236681 for CVE-2025-21667",
"url": "https://bugzilla.suse.com/1236681"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-21667"
},
{
"cve": "CVE-2025-21668",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21668"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npmdomain: imx8mp-blk-ctrl: add missing loop break condition\n\nCurrently imx8mp_blk_ctrl_remove() will continue the for loop\nuntil an out-of-bounds exception occurs.\n\npstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : dev_pm_domain_detach+0x8/0x48\nlr : imx8mp_blk_ctrl_shutdown+0x58/0x90\nsp : ffffffc084f8bbf0\nx29: ffffffc084f8bbf0 x28: ffffff80daf32ac0 x27: 0000000000000000\nx26: ffffffc081658d78 x25: 0000000000000001 x24: ffffffc08201b028\nx23: ffffff80d0db9490 x22: ffffffc082340a78 x21: 00000000000005b0\nx20: ffffff80d19bc180 x19: 000000000000000a x18: ffffffffffffffff\nx17: ffffffc080a39e08 x16: ffffffc080a39c98 x15: 4f435f464f006c72\nx14: 0000000000000004 x13: ffffff80d0172110 x12: 0000000000000000\nx11: ffffff80d0537740 x10: ffffff80d05376c0 x9 : ffffffc0808ed2d8\nx8 : ffffffc084f8bab0 x7 : 0000000000000000 x6 : 0000000000000000\nx5 : ffffff80d19b9420 x4 : fffffffe03466e60 x3 : 0000000080800077\nx2 : 0000000000000000 x1 : 0000000000000001 x0 : 0000000000000000\nCall trace:\n dev_pm_domain_detach+0x8/0x48\n platform_shutdown+0x2c/0x48\n device_shutdown+0x158/0x268\n kernel_restart_prepare+0x40/0x58\n kernel_kexec+0x58/0xe8\n __do_sys_reboot+0x198/0x258\n __arm64_sys_reboot+0x2c/0x40\n invoke_syscall+0x5c/0x138\n el0_svc_common.constprop.0+0x48/0xf0\n do_el0_svc+0x24/0x38\n el0_svc+0x38/0xc8\n el0t_64_sync_handler+0x120/0x130\n el0t_64_sync+0x190/0x198\nCode: 8128c2d0 ffffffc0 aa1e03e9 d503201f",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21668",
"url": "https://www.suse.com/security/cve/CVE-2025-21668"
},
{
"category": "external",
"summary": "SUSE Bug 1236682 for CVE-2025-21668",
"url": "https://bugzilla.suse.com/1236682"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-21668"
},
{
"cve": "CVE-2025-21669",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21669"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock/virtio: discard packets if the transport changes\n\nIf the socket has been de-assigned or assigned to another transport,\nwe must discard any packets received because they are not expected\nand would cause issues when we access vsk-\u003etransport.\n\nA possible scenario is described by Hyunwoo Kim in the attached link,\nwhere after a first connect() interrupted by a signal, and a second\nconnect() failed, we can find `vsk-\u003etransport` at NULL, leading to a\nNULL pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21669",
"url": "https://www.suse.com/security/cve/CVE-2025-21669"
},
{
"category": "external",
"summary": "SUSE Bug 1236683 for CVE-2025-21669",
"url": "https://bugzilla.suse.com/1236683"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-21669"
},
{
"cve": "CVE-2025-21670",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21670"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock/bpf: return early if transport is not assigned\n\nSome of the core functions can only be called if the transport\nhas been assigned.\n\nAs Michal reported, a socket might have the transport at NULL,\nfor example after a failed connect(), causing the following trace:\n\n BUG: kernel NULL pointer dereference, address: 00000000000000a0\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 12faf8067 P4D 12faf8067 PUD 113670067 PMD 0\n Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI\n CPU: 15 UID: 0 PID: 1198 Comm: a.out Not tainted 6.13.0-rc2+\n RIP: 0010:vsock_connectible_has_data+0x1f/0x40\n Call Trace:\n vsock_bpf_recvmsg+0xca/0x5e0\n sock_recvmsg+0xb9/0xc0\n __sys_recvfrom+0xb3/0x130\n __x64_sys_recvfrom+0x20/0x30\n do_syscall_64+0x93/0x180\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nSo we need to check the `vsk-\u003etransport` in vsock_bpf_recvmsg(),\nespecially for connected sockets (stream/seqpacket) as we already\ndo in __vsock_connectible_recvmsg().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21670",
"url": "https://www.suse.com/security/cve/CVE-2025-21670"
},
{
"category": "external",
"summary": "SUSE Bug 1236685 for CVE-2025-21670",
"url": "https://bugzilla.suse.com/1236685"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-21670"
},
{
"cve": "CVE-2025-21671",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21671"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nzram: fix potential UAF of zram table\n\nIf zram_meta_alloc failed early, it frees allocated zram-\u003etable without\nsetting it NULL. Which will potentially cause zram_meta_free to access\nthe table if user reset an failed and uninitialized device.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21671",
"url": "https://www.suse.com/security/cve/CVE-2025-21671"
},
{
"category": "external",
"summary": "SUSE Bug 1236692 for CVE-2025-21671",
"url": "https://bugzilla.suse.com/1236692"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-21671"
},
{
"cve": "CVE-2025-21673",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21673"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix double free of TCP_Server_Info::hostname\n\nWhen shutting down the server in cifs_put_tcp_session(), cifsd thread\nmight be reconnecting to multiple DFS targets before it realizes it\nshould exit the loop, so @server-\u003ehostname can\u0027t be freed as long as\ncifsd thread isn\u0027t done. Otherwise the following can happen:\n\n RIP: 0010:__slab_free+0x223/0x3c0\n Code: 5e 41 5f c3 cc cc cc cc 4c 89 de 4c 89 cf 44 89 44 24 08 4c 89\n 1c 24 e8 fb cf 8e 00 44 8b 44 24 08 4c 8b 1c 24 e9 5f fe ff ff \u003c0f\u003e\n 0b 41 f7 45 08 00 0d 21 00 0f 85 2d ff ff ff e9 1f ff ff ff 80\n RSP: 0018:ffffb26180dbfd08 EFLAGS: 00010246\n RAX: ffff8ea34728e510 RBX: ffff8ea34728e500 RCX: 0000000000800068\n RDX: 0000000000800068 RSI: 0000000000000000 RDI: ffff8ea340042400\n RBP: ffffe112041ca380 R08: 0000000000000001 R09: 0000000000000000\n R10: 6170732e31303000 R11: 70726f632e786563 R12: ffff8ea34728e500\n R13: ffff8ea340042400 R14: ffff8ea34728e500 R15: 0000000000800068\n FS: 0000000000000000(0000) GS:ffff8ea66fd80000(0000)\n 000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007ffc25376080 CR3: 000000012a2ba001 CR4:\n PKRU: 55555554\n Call Trace:\n \u003cTASK\u003e\n ? show_trace_log_lvl+0x1c4/0x2df\n ? show_trace_log_lvl+0x1c4/0x2df\n ? __reconnect_target_unlocked+0x3e/0x160 [cifs]\n ? __die_body.cold+0x8/0xd\n ? die+0x2b/0x50\n ? do_trap+0xce/0x120\n ? __slab_free+0x223/0x3c0\n ? do_error_trap+0x65/0x80\n ? __slab_free+0x223/0x3c0\n ? exc_invalid_op+0x4e/0x70\n ? __slab_free+0x223/0x3c0\n ? asm_exc_invalid_op+0x16/0x20\n ? __slab_free+0x223/0x3c0\n ? extract_hostname+0x5c/0xa0 [cifs]\n ? extract_hostname+0x5c/0xa0 [cifs]\n ? __kmalloc+0x4b/0x140\n __reconnect_target_unlocked+0x3e/0x160 [cifs]\n reconnect_dfs_server+0x145/0x430 [cifs]\n cifs_handle_standard+0x1ad/0x1d0 [cifs]\n cifs_demultiplex_thread+0x592/0x730 [cifs]\n ? __pfx_cifs_demultiplex_thread+0x10/0x10 [cifs]\n kthread+0xdd/0x100\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x29/0x50\n \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21673",
"url": "https://www.suse.com/security/cve/CVE-2025-21673"
},
{
"category": "external",
"summary": "SUSE Bug 1236689 for CVE-2025-21673",
"url": "https://bugzilla.suse.com/1236689"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-21673"
},
{
"cve": "CVE-2025-21675",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21675"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Clear port select structure when fail to create\n\nClear the port select structure on error so no stale values left after\ndefiners are destroyed. That\u0027s because the mlx5_lag_destroy_definers()\nalways try to destroy all lag definers in the tt_map, so in the flow\nbelow lag definers get double-destroyed and cause kernel crash:\n\n mlx5_lag_port_sel_create()\n mlx5_lag_create_definers()\n mlx5_lag_create_definer() \u003c- Failed on tt 1\n mlx5_lag_destroy_definers() \u003c- definers[tt=0] gets destroyed\n mlx5_lag_port_sel_create()\n mlx5_lag_create_definers()\n mlx5_lag_create_definer() \u003c- Failed on tt 0\n mlx5_lag_destroy_definers() \u003c- definers[tt=0] gets double-destroyed\n\n Unable to handle kernel NULL pointer dereference at virtual address 0000000000000008\n Mem abort info:\n ESR = 0x0000000096000005\n EC = 0x25: DABT (current EL), IL = 32 bits\n SET = 0, FnV = 0\n EA = 0, S1PTW = 0\n FSC = 0x05: level 1 translation fault\n Data abort info:\n ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000\n CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n user pgtable: 64k pages, 48-bit VAs, pgdp=0000000112ce2e00\n [0000000000000008] pgd=0000000000000000, p4d=0000000000000000, pud=0000000000000000\n Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP\n Modules linked in: iptable_raw bonding ip_gre ip6_gre gre ip6_tunnel tunnel6 geneve ip6_udp_tunnel udp_tunnel ipip tunnel4 ip_tunnel rdma_ucm(OE) rdma_cm(OE) iw_cm(OE) ib_ipoib(OE) ib_cm(OE) ib_umad(OE) mlx5_ib(OE) ib_uverbs(OE) mlx5_fwctl(OE) fwctl(OE) mlx5_core(OE) mlxdevm(OE) ib_core(OE) mlxfw(OE) memtrack(OE) mlx_compat(OE) openvswitch nsh nf_conncount psample xt_conntrack xt_MASQUERADE nf_conntrack_netlink nfnetlink xfrm_user xfrm_algo xt_addrtype iptable_filter iptable_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 br_netfilter bridge stp llc netconsole overlay efi_pstore sch_fq_codel zram ip_tables crct10dif_ce qemu_fw_cfg fuse ipv6 crc_ccitt [last unloaded: mlx_compat(OE)]\n CPU: 3 UID: 0 PID: 217 Comm: kworker/u53:2 Tainted: G OE 6.11.0+ #2\n Tainted: [O]=OOT_MODULE, [E]=UNSIGNED_MODULE\n Hardware name: QEMU KVM Virtual Machine, BIOS 0.0.0 02/06/2015\n Workqueue: mlx5_lag mlx5_do_bond_work [mlx5_core]\n pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : mlx5_del_flow_rules+0x24/0x2c0 [mlx5_core]\n lr : mlx5_lag_destroy_definer+0x54/0x100 [mlx5_core]\n sp : ffff800085fafb00\n x29: ffff800085fafb00 x28: ffff0000da0c8000 x27: 0000000000000000\n x26: ffff0000da0c8000 x25: ffff0000da0c8000 x24: ffff0000da0c8000\n x23: ffff0000c31f81a0 x22: 0400000000000000 x21: ffff0000da0c8000\n x20: 0000000000000000 x19: 0000000000000001 x18: 0000000000000000\n x17: 0000000000000000 x16: 0000000000000000 x15: 0000ffff8b0c9350\n x14: 0000000000000000 x13: ffff800081390d18 x12: ffff800081dc3cc0\n x11: 0000000000000001 x10: 0000000000000b10 x9 : ffff80007ab7304c\n x8 : ffff0000d00711f0 x7 : 0000000000000004 x6 : 0000000000000190\n x5 : ffff00027edb3010 x4 : 0000000000000000 x3 : 0000000000000000\n x2 : ffff0000d39b8000 x1 : ffff0000d39b8000 x0 : 0400000000000000\n Call trace:\n mlx5_del_flow_rules+0x24/0x2c0 [mlx5_core]\n mlx5_lag_destroy_definer+0x54/0x100 [mlx5_core]\n mlx5_lag_destroy_definers+0xa0/0x108 [mlx5_core]\n mlx5_lag_port_sel_create+0x2d4/0x6f8 [mlx5_core]\n mlx5_activate_lag+0x60c/0x6f8 [mlx5_core]\n mlx5_do_bond_work+0x284/0x5c8 [mlx5_core]\n process_one_work+0x170/0x3e0\n worker_thread+0x2d8/0x3e0\n kthread+0x11c/0x128\n ret_from_fork+0x10/0x20\n Code: a9025bf5 aa0003f6 a90363f7 f90023f9 (f9400400)\n ---[ end trace 0000000000000000 ]---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21675",
"url": "https://www.suse.com/security/cve/CVE-2025-21675"
},
{
"category": "external",
"summary": "SUSE Bug 1236694 for CVE-2025-21675",
"url": "https://bugzilla.suse.com/1236694"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-21675"
},
{
"cve": "CVE-2025-21678",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21678"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngtp: Destroy device along with udp socket\u0027s netns dismantle.\n\ngtp_newlink() links the device to a list in dev_net(dev) instead of\nsrc_net, where a udp tunnel socket is created.\n\nEven when src_net is removed, the device stays alive on dev_net(dev).\nThen, removing src_net triggers the splat below. [0]\n\nIn this example, gtp0 is created in ns2, and the udp socket is created\nin ns1.\n\n ip netns add ns1\n ip netns add ns2\n ip -n ns1 link add netns ns2 name gtp0 type gtp role sgsn\n ip netns del ns1\n\nLet\u0027s link the device to the socket\u0027s netns instead.\n\nNow, gtp_net_exit_batch_rtnl() needs another netdev iteration to remove\nall gtp devices in the netns.\n\n[0]:\nref_tracker: net notrefcnt@000000003d6e7d05 has 1/2 users at\n sk_alloc (./include/net/net_namespace.h:345 net/core/sock.c:2236)\n inet_create (net/ipv4/af_inet.c:326 net/ipv4/af_inet.c:252)\n __sock_create (net/socket.c:1558)\n udp_sock_create4 (net/ipv4/udp_tunnel_core.c:18)\n gtp_create_sock (./include/net/udp_tunnel.h:59 drivers/net/gtp.c:1423)\n gtp_create_sockets (drivers/net/gtp.c:1447)\n gtp_newlink (drivers/net/gtp.c:1507)\n rtnl_newlink (net/core/rtnetlink.c:3786 net/core/rtnetlink.c:3897 net/core/rtnetlink.c:4012)\n rtnetlink_rcv_msg (net/core/rtnetlink.c:6922)\n netlink_rcv_skb (net/netlink/af_netlink.c:2542)\n netlink_unicast (net/netlink/af_netlink.c:1321 net/netlink/af_netlink.c:1347)\n netlink_sendmsg (net/netlink/af_netlink.c:1891)\n ____sys_sendmsg (net/socket.c:711 net/socket.c:726 net/socket.c:2583)\n ___sys_sendmsg (net/socket.c:2639)\n __sys_sendmsg (net/socket.c:2669)\n do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83)\n\nWARNING: CPU: 1 PID: 60 at lib/ref_tracker.c:179 ref_tracker_dir_exit (lib/ref_tracker.c:179)\nModules linked in:\nCPU: 1 UID: 0 PID: 60 Comm: kworker/u16:2 Not tainted 6.13.0-rc5-00147-g4c1224501e9d #5\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014\nWorkqueue: netns cleanup_net\nRIP: 0010:ref_tracker_dir_exit (lib/ref_tracker.c:179)\nCode: 00 00 00 fc ff df 4d 8b 26 49 bd 00 01 00 00 00 00 ad de 4c 39 f5 0f 85 df 00 00 00 48 8b 74 24 08 48 89 df e8 a5 cc 12 02 90 \u003c0f\u003e 0b 90 48 8d 6b 44 be 04 00 00 00 48 89 ef e8 80 de 67 ff 48 89\nRSP: 0018:ff11000009a07b60 EFLAGS: 00010286\nRAX: 0000000000002bd3 RBX: ff1100000f4e1aa0 RCX: 1ffffffff0e40ac6\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff8423ee3c\nRBP: ff1100000f4e1af0 R08: 0000000000000001 R09: fffffbfff0e395ae\nR10: 0000000000000001 R11: 0000000000036001 R12: ff1100000f4e1af0\nR13: dead000000000100 R14: ff1100000f4e1af0 R15: dffffc0000000000\nFS: 0000000000000000(0000) GS:ff1100006ce80000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f9b2464bd98 CR3: 0000000005286005 CR4: 0000000000771ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe07f0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n \u003cTASK\u003e\n ? __warn (kernel/panic.c:748)\n ? ref_tracker_dir_exit (lib/ref_tracker.c:179)\n ? report_bug (lib/bug.c:201 lib/bug.c:219)\n ? handle_bug (arch/x86/kernel/traps.c:285)\n ? exc_invalid_op (arch/x86/kernel/traps.c:309 (discriminator 1))\n ? asm_exc_invalid_op (./arch/x86/include/asm/idtentry.h:621)\n ? _raw_spin_unlock_irqrestore (./arch/x86/include/asm/irqflags.h:42 ./arch/x86/include/asm/irqflags.h:97 ./arch/x86/include/asm/irqflags.h:155 ./include/linux/spinlock_api_smp.h:151 kernel/locking/spinlock.c:194)\n ? ref_tracker_dir_exit (lib/ref_tracker.c:179)\n ? __pfx_ref_tracker_dir_exit (lib/ref_tracker.c:158)\n ? kfree (mm/slub.c:4613 mm/slub.c:4761)\n net_free (net/core/net_namespace.c:476 net/core/net_namespace.c:467)\n cleanup_net (net/core/net_namespace.c:664 (discriminator 3))\n process_one_work (kernel/workqueue.c:3229)\n worker_thread (kernel/workqueue.c:3304 kernel/workqueue.c:3391\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21678",
"url": "https://www.suse.com/security/cve/CVE-2025-21678"
},
{
"category": "external",
"summary": "SUSE Bug 1236698 for CVE-2025-21678",
"url": "https://bugzilla.suse.com/1236698"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-21678"
},
{
"cve": "CVE-2025-21680",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21680"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npktgen: Avoid out-of-bounds access in get_imix_entries\n\nPassing a sufficient amount of imix entries leads to invalid access to the\npkt_dev-\u003eimix_entries array because of the incorrect boundary check.\n\nUBSAN: array-index-out-of-bounds in net/core/pktgen.c:874:24\nindex 20 is out of range for type \u0027imix_pkt [20]\u0027\nCPU: 2 PID: 1210 Comm: bash Not tainted 6.10.0-rc1 #121\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996)\nCall Trace:\n\u003cTASK\u003e\ndump_stack_lvl lib/dump_stack.c:117\n__ubsan_handle_out_of_bounds lib/ubsan.c:429\nget_imix_entries net/core/pktgen.c:874\npktgen_if_write net/core/pktgen.c:1063\npde_write fs/proc/inode.c:334\nproc_reg_write fs/proc/inode.c:346\nvfs_write fs/read_write.c:593\nksys_write fs/read_write.c:644\ndo_syscall_64 arch/x86/entry/common.c:83\nentry_SYSCALL_64_after_hwframe arch/x86/entry/entry_64.S:130\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.\n\n[ fp: allow to fill the array completely; minor changelog cleanup ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21680",
"url": "https://www.suse.com/security/cve/CVE-2025-21680"
},
{
"category": "external",
"summary": "SUSE Bug 1236700 for CVE-2025-21680",
"url": "https://bugzilla.suse.com/1236700"
},
{
"category": "external",
"summary": "SUSE Bug 1236701 for CVE-2025-21680",
"url": "https://bugzilla.suse.com/1236701"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "important"
}
],
"title": "CVE-2025-21680"
},
{
"cve": "CVE-2025-21681",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21681"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nopenvswitch: fix lockup on tx to unregistering netdev with carrier\n\nCommit in a fixes tag attempted to fix the issue in the following\nsequence of calls:\n\n do_output\n -\u003e ovs_vport_send\n -\u003e dev_queue_xmit\n -\u003e __dev_queue_xmit\n -\u003e netdev_core_pick_tx\n -\u003e skb_tx_hash\n\nWhen device is unregistering, the \u0027dev-\u003ereal_num_tx_queues\u0027 goes to\nzero and the \u0027while (unlikely(hash \u003e= qcount))\u0027 loop inside the\n\u0027skb_tx_hash\u0027 becomes infinite, locking up the core forever.\n\nBut unfortunately, checking just the carrier status is not enough to\nfix the issue, because some devices may still be in unregistering\nstate while reporting carrier status OK.\n\nOne example of such device is a net/dummy. It sets carrier ON\non start, but it doesn\u0027t implement .ndo_stop to set the carrier off.\nAnd it makes sense, because dummy doesn\u0027t really have a carrier.\nTherefore, while this device is unregistering, it\u0027s still easy to hit\nthe infinite loop in the skb_tx_hash() from the OVS datapath. There\nmight be other drivers that do the same, but dummy by itself is\nimportant for the OVS ecosystem, because it is frequently used as a\npacket sink for tcpdump while debugging OVS deployments. And when the\nissue is hit, the only way to recover is to reboot.\n\nFix that by also checking if the device is running. The running\nstate is handled by the net core during unregistering, so it covers\nunregistering case better, and we don\u0027t really need to send packets\nto devices that are not running anyway.\n\nWhile only checking the running state might be enough, the carrier\ncheck is preserved. The running and the carrier states seem disjoined\nthroughout the code and different drivers. And other core functions\nlike __dev_direct_xmit() check both before attempting to transmit\na packet. So, it seems safer to check both flags in OVS as well.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21681",
"url": "https://www.suse.com/security/cve/CVE-2025-21681"
},
{
"category": "external",
"summary": "SUSE Bug 1236702 for CVE-2025-21681",
"url": "https://bugzilla.suse.com/1236702"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-21681"
},
{
"cve": "CVE-2025-21684",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21684"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpio: xilinx: Convert gpio_lock to raw spinlock\n\nirq_chip functions may be called in raw spinlock context. Therefore, we\nmust also use a raw spinlock for our own internal locking.\n\nThis fixes the following lockdep splat:\n\n[ 5.349336] =============================\n[ 5.353349] [ BUG: Invalid wait context ]\n[ 5.357361] 6.13.0-rc5+ #69 Tainted: G W\n[ 5.363031] -----------------------------\n[ 5.367045] kworker/u17:1/44 is trying to lock:\n[ 5.371587] ffffff88018b02c0 (\u0026chip-\u003egpio_lock){....}-{3:3}, at: xgpio_irq_unmask (drivers/gpio/gpio-xilinx.c:433 (discriminator 8))\n[ 5.380079] other info that might help us debug this:\n[ 5.385138] context-{5:5}\n[ 5.387762] 5 locks held by kworker/u17:1/44:\n[ 5.392123] #0: ffffff8800014958 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work (kernel/workqueue.c:3204)\n[ 5.402260] #1: ffffffc082fcbdd8 (deferred_probe_work){+.+.}-{0:0}, at: process_one_work (kernel/workqueue.c:3205)\n[ 5.411528] #2: ffffff880172c900 (\u0026dev-\u003emutex){....}-{4:4}, at: __device_attach (drivers/base/dd.c:1006)\n[ 5.419929] #3: ffffff88039c8268 (request_class#2){+.+.}-{4:4}, at: __setup_irq (kernel/irq/internals.h:156 kernel/irq/manage.c:1596)\n[ 5.428331] #4: ffffff88039c80c8 (lock_class#2){....}-{2:2}, at: __setup_irq (kernel/irq/manage.c:1614)\n[ 5.436472] stack backtrace:\n[ 5.439359] CPU: 2 UID: 0 PID: 44 Comm: kworker/u17:1 Tainted: G W 6.13.0-rc5+ #69\n[ 5.448690] Tainted: [W]=WARN\n[ 5.451656] Hardware name: xlnx,zynqmp (DT)\n[ 5.455845] Workqueue: events_unbound deferred_probe_work_func\n[ 5.461699] Call trace:\n[ 5.464147] show_stack+0x18/0x24 C\n[ 5.467821] dump_stack_lvl (lib/dump_stack.c:123)\n[ 5.471501] dump_stack (lib/dump_stack.c:130)\n[ 5.474824] __lock_acquire (kernel/locking/lockdep.c:4828 kernel/locking/lockdep.c:4898 kernel/locking/lockdep.c:5176)\n[ 5.478758] lock_acquire (arch/arm64/include/asm/percpu.h:40 kernel/locking/lockdep.c:467 kernel/locking/lockdep.c:5851 kernel/locking/lockdep.c:5814)\n[ 5.482429] _raw_spin_lock_irqsave (include/linux/spinlock_api_smp.h:111 kernel/locking/spinlock.c:162)\n[ 5.486797] xgpio_irq_unmask (drivers/gpio/gpio-xilinx.c:433 (discriminator 8))\n[ 5.490737] irq_enable (kernel/irq/internals.h:236 kernel/irq/chip.c:170 kernel/irq/chip.c:439 kernel/irq/chip.c:432 kernel/irq/chip.c:345)\n[ 5.494060] __irq_startup (kernel/irq/internals.h:241 kernel/irq/chip.c:180 kernel/irq/chip.c:250)\n[ 5.497645] irq_startup (kernel/irq/chip.c:270)\n[ 5.501143] __setup_irq (kernel/irq/manage.c:1807)\n[ 5.504728] request_threaded_irq (kernel/irq/manage.c:2208)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21684",
"url": "https://www.suse.com/security/cve/CVE-2025-21684"
},
{
"category": "external",
"summary": "SUSE Bug 1236952 for CVE-2025-21684",
"url": "https://bugzilla.suse.com/1236952"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-21684"
},
{
"cve": "CVE-2025-21687",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21687"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvfio/platform: check the bounds of read/write syscalls\n\ncount and offset are passed from user space and not checked, only\noffset is capped to 40 bits, which can be used to read/write out of\nbounds of the device.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21687",
"url": "https://www.suse.com/security/cve/CVE-2025-21687"
},
{
"category": "external",
"summary": "SUSE Bug 1237045 for CVE-2025-21687",
"url": "https://bugzilla.suse.com/1237045"
},
{
"category": "external",
"summary": "SUSE Bug 1237046 for CVE-2025-21687",
"url": "https://bugzilla.suse.com/1237046"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "important"
}
],
"title": "CVE-2025-21687"
},
{
"cve": "CVE-2025-21688",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21688"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Assign job pointer to NULL before signaling the fence\n\nIn commit e4b5ccd392b9 (\"drm/v3d: Ensure job pointer is set to NULL\nafter job completion\"), we introduced a change to assign the job pointer\nto NULL after completing a job, indicating job completion.\n\nHowever, this approach created a race condition between the DRM\nscheduler workqueue and the IRQ execution thread. As soon as the fence is\nsignaled in the IRQ execution thread, a new job starts to be executed.\nThis results in a race condition where the IRQ execution thread sets the\njob pointer to NULL simultaneously as the `run_job()` function assigns\na new job to the pointer.\n\nThis race condition can lead to a NULL pointer dereference if the IRQ\nexecution thread sets the job pointer to NULL after `run_job()` assigns\nit to the new job. When the new job completes and the GPU emits an\ninterrupt, `v3d_irq()` is triggered, potentially causing a crash.\n\n[ 466.310099] Unable to handle kernel NULL pointer dereference at virtual address 00000000000000c0\n[ 466.318928] Mem abort info:\n[ 466.321723] ESR = 0x0000000096000005\n[ 466.325479] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 466.330807] SET = 0, FnV = 0\n[ 466.333864] EA = 0, S1PTW = 0\n[ 466.337010] FSC = 0x05: level 1 translation fault\n[ 466.341900] Data abort info:\n[ 466.344783] ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000\n[ 466.350285] CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n[ 466.355350] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[ 466.360677] user pgtable: 4k pages, 39-bit VAs, pgdp=0000000089772000\n[ 466.367140] [00000000000000c0] pgd=0000000000000000, p4d=0000000000000000, pud=0000000000000000\n[ 466.375875] Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP\n[ 466.382163] Modules linked in: rfcomm snd_seq_dummy snd_hrtimer snd_seq snd_seq_device algif_hash algif_skcipher af_alg bnep binfmt_misc vc4 snd_soc_hdmi_codec drm_display_helper cec brcmfmac_wcc spidev rpivid_hevc(C) drm_client_lib brcmfmac hci_uart drm_dma_helper pisp_be btbcm brcmutil snd_soc_core aes_ce_blk v4l2_mem2mem bluetooth aes_ce_cipher snd_compress videobuf2_dma_contig ghash_ce cfg80211 gf128mul snd_pcm_dmaengine videobuf2_memops ecdh_generic sha2_ce ecc videobuf2_v4l2 snd_pcm v3d sha256_arm64 rfkill videodev snd_timer sha1_ce libaes gpu_sched snd videobuf2_common sha1_generic drm_shmem_helper mc rp1_pio drm_kms_helper raspberrypi_hwmon spi_bcm2835 gpio_keys i2c_brcmstb rp1 raspberrypi_gpiomem rp1_mailbox rp1_adc nvmem_rmem uio_pdrv_genirq uio i2c_dev drm ledtrig_pattern drm_panel_orientation_quirks backlight fuse dm_mod ip_tables x_tables ipv6\n[ 466.458429] CPU: 0 UID: 1000 PID: 2008 Comm: chromium Tainted: G C 6.13.0-v8+ #18\n[ 466.467336] Tainted: [C]=CRAP\n[ 466.470306] Hardware name: Raspberry Pi 5 Model B Rev 1.0 (DT)\n[ 466.476157] pstate: 404000c9 (nZcv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 466.483143] pc : v3d_irq+0x118/0x2e0 [v3d]\n[ 466.487258] lr : __handle_irq_event_percpu+0x60/0x228\n[ 466.492327] sp : ffffffc080003ea0\n[ 466.495646] x29: ffffffc080003ea0 x28: ffffff80c0c94200 x27: 0000000000000000\n[ 466.502807] x26: ffffffd08dd81d7b x25: ffffff80c0c94200 x24: ffffff8003bdc200\n[ 466.509969] x23: 0000000000000001 x22: 00000000000000a7 x21: 0000000000000000\n[ 466.517130] x20: ffffff8041bb0000 x19: 0000000000000001 x18: 0000000000000000\n[ 466.524291] x17: ffffffafadfb0000 x16: ffffffc080000000 x15: 0000000000000000\n[ 466.531452] x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000\n[ 466.538613] x11: 0000000000000000 x10: 0000000000000000 x9 : ffffffd08c527eb0\n[ 466.545777] x8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000000000\n[ 466.552941] x5 : ffffffd08c4100d0 x4 : ffffffafadfb0000 x3 : ffffffc080003f70\n[ 466.560102] x2 : ffffffc0829e8058 x1 : 0000000000000001 x0 : 0000000000000000\n[ 466.567263] Call trace:\n[ 466.569711] v3d_irq+0x118/0x2e0 [v3d] (P)\n[ 466.\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21688",
"url": "https://www.suse.com/security/cve/CVE-2025-21688"
},
{
"category": "external",
"summary": "SUSE Bug 1237007 for CVE-2025-21688",
"url": "https://bugzilla.suse.com/1237007"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-21688"
},
{
"cve": "CVE-2025-21689",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21689"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb()\n\nThis patch addresses a null-ptr-deref in qt2_process_read_urb() due to\nan incorrect bounds check in the following:\n\n if (newport \u003e serial-\u003enum_ports) {\n dev_err(\u0026port-\u003edev,\n \"%s - port change to invalid port: %i\\n\",\n __func__, newport);\n break;\n }\n\nThe condition doesn\u0027t account for the valid range of the serial-\u003eport\nbuffer, which is from 0 to serial-\u003enum_ports - 1. When newport is equal\nto serial-\u003enum_ports, the assignment of \"port\" in the\nfollowing code is out-of-bounds and NULL:\n\n serial_priv-\u003ecurrent_port = newport;\n port = serial-\u003eport[serial_priv-\u003ecurrent_port];\n\nThe fix checks if newport is greater than or equal to serial-\u003enum_ports\nindicating it is out-of-bounds.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21689",
"url": "https://www.suse.com/security/cve/CVE-2025-21689"
},
{
"category": "external",
"summary": "SUSE Bug 1237017 for CVE-2025-21689",
"url": "https://bugzilla.suse.com/1237017"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-21689"
},
{
"cve": "CVE-2025-21690",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21690"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: storvsc: Ratelimit warning logs to prevent VM denial of service\n\nIf there\u0027s a persistent error in the hypervisor, the SCSI warning for\nfailed I/O can flood the kernel log and max out CPU utilization,\npreventing troubleshooting from the VM side. Ratelimit the warning so\nit doesn\u0027t DoS the VM.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21690",
"url": "https://www.suse.com/security/cve/CVE-2025-21690"
},
{
"category": "external",
"summary": "SUSE Bug 1237025 for CVE-2025-21690",
"url": "https://bugzilla.suse.com/1237025"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-21690"
},
{
"cve": "CVE-2025-21692",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21692"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sched: fix ets qdisc OOB Indexing\n\nHaowei Yan \u003cg1042620637@gmail.com\u003e found that ets_class_from_arg() can\nindex an Out-Of-Bound class in ets_class_from_arg() when passed clid of\n0. The overflow may cause local privilege escalation.\n\n [ 18.852298] ------------[ cut here ]------------\n [ 18.853271] UBSAN: array-index-out-of-bounds in net/sched/sch_ets.c:93:20\n [ 18.853743] index 18446744073709551615 is out of range for type \u0027ets_class [16]\u0027\n [ 18.854254] CPU: 0 UID: 0 PID: 1275 Comm: poc Not tainted 6.12.6-dirty #17\n [ 18.854821] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\n [ 18.856532] Call Trace:\n [ 18.857441] \u003cTASK\u003e\n [ 18.858227] dump_stack_lvl+0xc2/0xf0\n [ 18.859607] dump_stack+0x10/0x20\n [ 18.860908] __ubsan_handle_out_of_bounds+0xa7/0xf0\n [ 18.864022] ets_class_change+0x3d6/0x3f0\n [ 18.864322] tc_ctl_tclass+0x251/0x910\n [ 18.864587] ? lock_acquire+0x5e/0x140\n [ 18.865113] ? __mutex_lock+0x9c/0xe70\n [ 18.866009] ? __mutex_lock+0xa34/0xe70\n [ 18.866401] rtnetlink_rcv_msg+0x170/0x6f0\n [ 18.866806] ? __lock_acquire+0x578/0xc10\n [ 18.867184] ? __pfx_rtnetlink_rcv_msg+0x10/0x10\n [ 18.867503] netlink_rcv_skb+0x59/0x110\n [ 18.867776] rtnetlink_rcv+0x15/0x30\n [ 18.868159] netlink_unicast+0x1c3/0x2b0\n [ 18.868440] netlink_sendmsg+0x239/0x4b0\n [ 18.868721] ____sys_sendmsg+0x3e2/0x410\n [ 18.869012] ___sys_sendmsg+0x88/0xe0\n [ 18.869276] ? rseq_ip_fixup+0x198/0x260\n [ 18.869563] ? rseq_update_cpu_node_id+0x10a/0x190\n [ 18.869900] ? trace_hardirqs_off+0x5a/0xd0\n [ 18.870196] ? syscall_exit_to_user_mode+0xcc/0x220\n [ 18.870547] ? do_syscall_64+0x93/0x150\n [ 18.870821] ? __memcg_slab_free_hook+0x69/0x290\n [ 18.871157] __sys_sendmsg+0x69/0xd0\n [ 18.871416] __x64_sys_sendmsg+0x1d/0x30\n [ 18.871699] x64_sys_call+0x9e2/0x2670\n [ 18.871979] do_syscall_64+0x87/0x150\n [ 18.873280] ? do_syscall_64+0x93/0x150\n [ 18.874742] ? lock_release+0x7b/0x160\n [ 18.876157] ? do_user_addr_fault+0x5ce/0x8f0\n [ 18.877833] ? irqentry_exit_to_user_mode+0xc2/0x210\n [ 18.879608] ? irqentry_exit+0x77/0xb0\n [ 18.879808] ? clear_bhb_loop+0x15/0x70\n [ 18.880023] ? clear_bhb_loop+0x15/0x70\n [ 18.880223] ? clear_bhb_loop+0x15/0x70\n [ 18.880426] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n [ 18.880683] RIP: 0033:0x44a957\n [ 18.880851] Code: ff ff e8 fc 00 00 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 2e 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 89 54 24 1c 48 8974 24 10\n [ 18.881766] RSP: 002b:00007ffcdd00fad8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\n [ 18.882149] RAX: ffffffffffffffda RBX: 00007ffcdd010db8 RCX: 000000000044a957\n [ 18.882507] RDX: 0000000000000000 RSI: 00007ffcdd00fb70 RDI: 0000000000000003\n [ 18.885037] RBP: 00007ffcdd010bc0 R08: 000000000703c770 R09: 000000000703c7c0\n [ 18.887203] R10: 0000000000000080 R11: 0000000000000246 R12: 0000000000000001\n [ 18.888026] R13: 00007ffcdd010da8 R14: 00000000004ca7d0 R15: 0000000000000001\n [ 18.888395] \u003c/TASK\u003e\n [ 18.888610] ---[ end trace ]---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21692",
"url": "https://www.suse.com/security/cve/CVE-2025-21692"
},
{
"category": "external",
"summary": "SUSE Bug 1237028 for CVE-2025-21692",
"url": "https://bugzilla.suse.com/1237028"
},
{
"category": "external",
"summary": "SUSE Bug 1237048 for CVE-2025-21692",
"url": "https://bugzilla.suse.com/1237048"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "important"
}
],
"title": "CVE-2025-21692"
},
{
"cve": "CVE-2025-21693",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21693"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: zswap: properly synchronize freeing resources during CPU hotunplug\n\nIn zswap_compress() and zswap_decompress(), the per-CPU acomp_ctx of the\ncurrent CPU at the beginning of the operation is retrieved and used\nthroughout. However, since neither preemption nor migration are disabled,\nit is possible that the operation continues on a different CPU.\n\nIf the original CPU is hotunplugged while the acomp_ctx is still in use,\nwe run into a UAF bug as some of the resources attached to the acomp_ctx\nare freed during hotunplug in zswap_cpu_comp_dead() (i.e. \nacomp_ctx.buffer, acomp_ctx.req, or acomp_ctx.acomp).\n\nThe problem was introduced in commit 1ec3b5fe6eec (\"mm/zswap: move to use\ncrypto_acomp API for hardware acceleration\") when the switch to the\ncrypto_acomp API was made. Prior to that, the per-CPU crypto_comp was\nretrieved using get_cpu_ptr() which disables preemption and makes sure the\nCPU cannot go away from under us. Preemption cannot be disabled with the\ncrypto_acomp API as a sleepable context is needed.\n\nUse the acomp_ctx.mutex to synchronize CPU hotplug callbacks allocating\nand freeing resources with compression/decompression paths. Make sure\nthat acomp_ctx.req is NULL when the resources are freed. In the\ncompression/decompression paths, check if acomp_ctx.req is NULL after\nacquiring the mutex (meaning the CPU was offlined) and retry on the new\nCPU.\n\nThe initialization of acomp_ctx.mutex is moved from the CPU hotplug\ncallback to the pool initialization where it belongs (where the mutex is\nallocated). In addition to adding clarity, this makes sure that CPU\nhotplug cannot reinitialize a mutex that is already locked by\ncompression/decompression.\n\nPreviously a fix was attempted by holding cpus_read_lock() [1]. This\nwould have caused a potential deadlock as it is possible for code already\nholding the lock to fall into reclaim and enter zswap (causing a\ndeadlock). A fix was also attempted using SRCU for synchronization, but\nJohannes pointed out that synchronize_srcu() cannot be used in CPU hotplug\nnotifiers [2].\n\nAlternative fixes that were considered/attempted and could have worked:\n- Refcounting the per-CPU acomp_ctx. This involves complexity in\n handling the race between the refcount dropping to zero in\n zswap_[de]compress() and the refcount being re-initialized when the\n CPU is onlined.\n- Disabling migration before getting the per-CPU acomp_ctx [3], but\n that\u0027s discouraged and is a much bigger hammer than needed, and could\n result in subtle performance issues.\n\n[1]https://lkml.kernel.org/20241219212437.2714151-1-yosryahmed@google.com/\n[2]https://lkml.kernel.org/20250107074724.1756696-2-yosryahmed@google.com/\n[3]https://lkml.kernel.org/20250107222236.2715883-2-yosryahmed@google.com/\n\n[yosryahmed@google.com: remove comment]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21693",
"url": "https://www.suse.com/security/cve/CVE-2025-21693"
},
{
"category": "external",
"summary": "SUSE Bug 1237029 for CVE-2025-21693",
"url": "https://bugzilla.suse.com/1237029"
},
{
"category": "external",
"summary": "SUSE Bug 1237047 for CVE-2025-21693",
"url": "https://bugzilla.suse.com/1237047"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "important"
}
],
"title": "CVE-2025-21693"
},
{
"cve": "CVE-2025-21697",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21697"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Ensure job pointer is set to NULL after job completion\n\nAfter a job completes, the corresponding pointer in the device must\nbe set to NULL. Failing to do so triggers a warning when unloading\nthe driver, as it appears the job is still active. To prevent this,\nassign the job pointer to NULL after completing the job, indicating\nthe job has finished.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21697",
"url": "https://www.suse.com/security/cve/CVE-2025-21697"
},
{
"category": "external",
"summary": "SUSE Bug 1237132 for CVE-2025-21697",
"url": "https://bugzilla.suse.com/1237132"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "low"
}
],
"title": "CVE-2025-21697"
},
{
"cve": "CVE-2025-21699",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21699"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngfs2: Truncate address space when flipping GFS2_DIF_JDATA flag\n\nTruncate an inode\u0027s address space when flipping the GFS2_DIF_JDATA flag:\ndepending on that flag, the pages in the address space will either use\nbuffer heads or iomap_folio_state structs, and we cannot mix the two.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21699",
"url": "https://www.suse.com/security/cve/CVE-2025-21699"
},
{
"category": "external",
"summary": "SUSE Bug 1237139 for CVE-2025-21699",
"url": "https://bugzilla.suse.com/1237139"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-21699"
},
{
"cve": "CVE-2025-21700",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21700"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sched: Disallow replacing of child qdisc from one parent to another\n\nLion Ackermann was able to create a UAF which can be abused for privilege\nescalation with the following script\n\nStep 1. create root qdisc\ntc qdisc add dev lo root handle 1:0 drr\n\nstep2. a class for packet aggregation do demonstrate uaf\ntc class add dev lo classid 1:1 drr\n\nstep3. a class for nesting\ntc class add dev lo classid 1:2 drr\n\nstep4. a class to graft qdisc to\ntc class add dev lo classid 1:3 drr\n\nstep5.\ntc qdisc add dev lo parent 1:1 handle 2:0 plug limit 1024\n\nstep6.\ntc qdisc add dev lo parent 1:2 handle 3:0 drr\n\nstep7.\ntc class add dev lo classid 3:1 drr\n\nstep 8.\ntc qdisc add dev lo parent 3:1 handle 4:0 pfifo\n\nstep 9. Display the class/qdisc layout\n\ntc class ls dev lo\n class drr 1:1 root leaf 2: quantum 64Kb\n class drr 1:2 root leaf 3: quantum 64Kb\n class drr 3:1 root leaf 4: quantum 64Kb\n\ntc qdisc ls\n qdisc drr 1: dev lo root refcnt 2\n qdisc plug 2: dev lo parent 1:1\n qdisc pfifo 4: dev lo parent 3:1 limit 1000p\n qdisc drr 3: dev lo parent 1:2\n\nstep10. trigger the bug \u003c=== prevented by this patch\ntc qdisc replace dev lo parent 1:3 handle 4:0\n\nstep 11. Redisplay again the qdiscs/classes\n\ntc class ls dev lo\n class drr 1:1 root leaf 2: quantum 64Kb\n class drr 1:2 root leaf 3: quantum 64Kb\n class drr 1:3 root leaf 4: quantum 64Kb\n class drr 3:1 root leaf 4: quantum 64Kb\n\ntc qdisc ls\n qdisc drr 1: dev lo root refcnt 2\n qdisc plug 2: dev lo parent 1:1\n qdisc pfifo 4: dev lo parent 3:1 refcnt 2 limit 1000p\n qdisc drr 3: dev lo parent 1:2\n\nObserve that a) parent for 4:0 does not change despite the replace request.\nThere can only be one parent. b) refcount has gone up by two for 4:0 and\nc) both class 1:3 and 3:1 are pointing to it.\n\nStep 12. send one packet to plug\necho \"\" | socat -u STDIN UDP4-DATAGRAM:127.0.0.1:8888,priority=$((0x10001))\nstep13. send one packet to the grafted fifo\necho \"\" | socat -u STDIN UDP4-DATAGRAM:127.0.0.1:8888,priority=$((0x10003))\n\nstep14. lets trigger the uaf\ntc class delete dev lo classid 1:3\ntc class delete dev lo classid 1:1\n\nThe semantics of \"replace\" is for a del/add _on the same node_ and not\na delete from one node(3:1) and add to another node (1:3) as in step10.\nWhile we could \"fix\" with a more complex approach there could be\nconsequences to expectations so the patch takes the preventive approach of\n\"disallow such config\".\n\nJoint work with Lion Ackermann \u003cnnamrec@gmail.com\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21700",
"url": "https://www.suse.com/security/cve/CVE-2025-21700"
},
{
"category": "external",
"summary": "SUSE Bug 1237159 for CVE-2025-21700",
"url": "https://bugzilla.suse.com/1237159"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-21700"
},
{
"cve": "CVE-2025-21701",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21701"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: avoid race between device unregistration and ethnl ops\n\nThe following trace can be seen if a device is being unregistered while\nits number of channels are being modified.\n\n DEBUG_LOCKS_WARN_ON(lock-\u003emagic != lock)\n WARNING: CPU: 3 PID: 3754 at kernel/locking/mutex.c:564 __mutex_lock+0xc8a/0x1120\n CPU: 3 UID: 0 PID: 3754 Comm: ethtool Not tainted 6.13.0-rc6+ #771\n RIP: 0010:__mutex_lock+0xc8a/0x1120\n Call Trace:\n \u003cTASK\u003e\n ethtool_check_max_channel+0x1ea/0x880\n ethnl_set_channels+0x3c3/0xb10\n ethnl_default_set_doit+0x306/0x650\n genl_family_rcv_msg_doit+0x1e3/0x2c0\n genl_rcv_msg+0x432/0x6f0\n netlink_rcv_skb+0x13d/0x3b0\n genl_rcv+0x28/0x40\n netlink_unicast+0x42e/0x720\n netlink_sendmsg+0x765/0xc20\n __sys_sendto+0x3ac/0x420\n __x64_sys_sendto+0xe0/0x1c0\n do_syscall_64+0x95/0x180\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nThis is because unregister_netdevice_many_notify might run before the\nrtnl lock section of ethnl operations, eg. set_channels in the above\nexample. In this example the rss lock would be destroyed by the device\nunregistration path before being used again, but in general running\nethnl operations while dismantle has started is not a good idea.\n\nFix this by denying any operation on devices being unregistered. A check\nwas already there in ethnl_ops_begin, but not wide enough.\n\nNote that the same issue cannot be seen on the ioctl version\n(__dev_ethtool) because the device reference is retrieved from within\nthe rtnl lock section there. Once dismantle started, the net device is\nunlisted and no reference will be found.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21701",
"url": "https://www.suse.com/security/cve/CVE-2025-21701"
},
{
"category": "external",
"summary": "SUSE Bug 1237164 for CVE-2025-21701",
"url": "https://bugzilla.suse.com/1237164"
},
{
"category": "external",
"summary": "SUSE Bug 1245805 for CVE-2025-21701",
"url": "https://bugzilla.suse.com/1245805"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "important"
}
],
"title": "CVE-2025-21701"
},
{
"cve": "CVE-2025-21703",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21703"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetem: Update sch-\u003eq.qlen before qdisc_tree_reduce_backlog()\n\nqdisc_tree_reduce_backlog() notifies parent qdisc only if child\nqdisc becomes empty, therefore we need to reduce the backlog of the\nchild qdisc before calling it. Otherwise it would miss the opportunity\nto call cops-\u003eqlen_notify(), in the case of DRR, it resulted in UAF\nsince DRR uses -\u003eqlen_notify() to maintain its active list.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21703",
"url": "https://www.suse.com/security/cve/CVE-2025-21703"
},
{
"category": "external",
"summary": "SUSE Bug 1237313 for CVE-2025-21703",
"url": "https://bugzilla.suse.com/1237313"
},
{
"category": "external",
"summary": "SUSE Bug 1245796 for CVE-2025-21703",
"url": "https://bugzilla.suse.com/1245796"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "important"
}
],
"title": "CVE-2025-21703"
},
{
"cve": "CVE-2025-21704",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21704"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: cdc-acm: Check control transfer buffer size before access\n\nIf the first fragment is shorter than struct usb_cdc_notification, we can\u0027t\ncalculate an expected_size. Log an error and discard the notification\ninstead of reading lengths from memory outside the received data, which can\nlead to memory corruption when the expected_size decreases between\nfragments, causing `expected_size - acm-\u003enb_index` to wrap.\n\nThis issue has been present since the beginning of git history; however,\nit only leads to memory corruption since commit ea2583529cd1\n(\"cdc-acm: reassemble fragmented notifications\").\n\nA mitigating factor is that acm_ctrl_irq() can only execute after userspace\nhas opened /dev/ttyACM*; but if ModemManager is running, ModemManager will\ndo that automatically depending on the USB device\u0027s vendor/product IDs and\nits other interfaces.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21704",
"url": "https://www.suse.com/security/cve/CVE-2025-21704"
},
{
"category": "external",
"summary": "SUSE Bug 1237571 for CVE-2025-21704",
"url": "https://bugzilla.suse.com/1237571"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-21704"
},
{
"cve": "CVE-2025-21705",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21705"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: handle fastopen disconnect correctly\n\nSyzbot was able to trigger a data stream corruption:\n\n WARNING: CPU: 0 PID: 9846 at net/mptcp/protocol.c:1024 __mptcp_clean_una+0xddb/0xff0 net/mptcp/protocol.c:1024\n Modules linked in:\n CPU: 0 UID: 0 PID: 9846 Comm: syz-executor351 Not tainted 6.13.0-rc2-syzkaller-00059-g00a5acdbf398 #0\n Hardware name: Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024\n RIP: 0010:__mptcp_clean_una+0xddb/0xff0 net/mptcp/protocol.c:1024\n Code: fa ff ff 48 8b 4c 24 18 80 e1 07 fe c1 38 c1 0f 8c 8e fa ff ff 48 8b 7c 24 18 e8 e0 db 54 f6 e9 7f fa ff ff e8 e6 80 ee f5 90 \u003c0f\u003e 0b 90 4c 8b 6c 24 40 4d 89 f4 e9 04 f5 ff ff 44 89 f1 80 e1 07\n RSP: 0018:ffffc9000c0cf400 EFLAGS: 00010293\n RAX: ffffffff8bb0dd5a RBX: ffff888033f5d230 RCX: ffff888059ce8000\n RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\n RBP: ffffc9000c0cf518 R08: ffffffff8bb0d1dd R09: 1ffff110170c8928\n R10: dffffc0000000000 R11: ffffed10170c8929 R12: 0000000000000000\n R13: ffff888033f5d220 R14: dffffc0000000000 R15: ffff8880592b8000\n FS: 00007f6e866496c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f6e86f491a0 CR3: 00000000310e6000 CR4: 00000000003526f0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n \u003cTASK\u003e\n __mptcp_clean_una_wakeup+0x7f/0x2d0 net/mptcp/protocol.c:1074\n mptcp_release_cb+0x7cb/0xb30 net/mptcp/protocol.c:3493\n release_sock+0x1aa/0x1f0 net/core/sock.c:3640\n inet_wait_for_connect net/ipv4/af_inet.c:609 [inline]\n __inet_stream_connect+0x8bd/0xf30 net/ipv4/af_inet.c:703\n mptcp_sendmsg_fastopen+0x2a2/0x530 net/mptcp/protocol.c:1755\n mptcp_sendmsg+0x1884/0x1b10 net/mptcp/protocol.c:1830\n sock_sendmsg_nosec net/socket.c:711 [inline]\n __sock_sendmsg+0x1a6/0x270 net/socket.c:726\n ____sys_sendmsg+0x52a/0x7e0 net/socket.c:2583\n ___sys_sendmsg net/socket.c:2637 [inline]\n __sys_sendmsg+0x269/0x350 net/socket.c:2669\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n RIP: 0033:0x7f6e86ebfe69\n Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 1f 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48\n RSP: 002b:00007f6e86649168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\n RAX: ffffffffffffffda RBX: 00007f6e86f491b8 RCX: 00007f6e86ebfe69\n RDX: 0000000030004001 RSI: 0000000020000080 RDI: 0000000000000003\n RBP: 00007f6e86f491b0 R08: 00007f6e866496c0 R09: 0000000000000000\n R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6e86f491bc\n R13: 000000000000006e R14: 00007ffe445d9420 R15: 00007ffe445d9508\n \u003c/TASK\u003e\n\nThe root cause is the bad handling of disconnect() generated internally\nby the MPTCP protocol in case of connect FASTOPEN errors.\n\nAddress the issue increasing the socket disconnect counter even on such\na case, to allow other threads waiting on the same socket lock to\nproperly error out.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21705",
"url": "https://www.suse.com/security/cve/CVE-2025-21705"
},
{
"category": "external",
"summary": "SUSE Bug 1238525 for CVE-2025-21705",
"url": "https://bugzilla.suse.com/1238525"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-21705"
},
{
"cve": "CVE-2025-21706",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21706"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: only set fullmesh for subflow endp\n\nWith the in-kernel path-manager, it is possible to change the \u0027fullmesh\u0027\nflag. The code in mptcp_pm_nl_fullmesh() expects to change it only on\n\u0027subflow\u0027 endpoints, to recreate more or less subflows using the linked\naddress.\n\nUnfortunately, the set_flags() hook was a bit more permissive, and\nallowed \u0027implicit\u0027 endpoints to get the \u0027fullmesh\u0027 flag while it is not\nallowed before.\n\nThat\u0027s what syzbot found, triggering the following warning:\n\n WARNING: CPU: 0 PID: 6499 at net/mptcp/pm_netlink.c:1496 __mark_subflow_endp_available net/mptcp/pm_netlink.c:1496 [inline]\n WARNING: CPU: 0 PID: 6499 at net/mptcp/pm_netlink.c:1496 mptcp_pm_nl_fullmesh net/mptcp/pm_netlink.c:1980 [inline]\n WARNING: CPU: 0 PID: 6499 at net/mptcp/pm_netlink.c:1496 mptcp_nl_set_flags net/mptcp/pm_netlink.c:2003 [inline]\n WARNING: CPU: 0 PID: 6499 at net/mptcp/pm_netlink.c:1496 mptcp_pm_nl_set_flags+0x974/0xdc0 net/mptcp/pm_netlink.c:2064\n Modules linked in:\n CPU: 0 UID: 0 PID: 6499 Comm: syz.1.413 Not tainted 6.13.0-rc5-syzkaller-00172-gd1bf27c4e176 #0\n Hardware name: Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\n RIP: 0010:__mark_subflow_endp_available net/mptcp/pm_netlink.c:1496 [inline]\n RIP: 0010:mptcp_pm_nl_fullmesh net/mptcp/pm_netlink.c:1980 [inline]\n RIP: 0010:mptcp_nl_set_flags net/mptcp/pm_netlink.c:2003 [inline]\n RIP: 0010:mptcp_pm_nl_set_flags+0x974/0xdc0 net/mptcp/pm_netlink.c:2064\n Code: 01 00 00 49 89 c5 e8 fb 45 e8 f5 e9 b8 fc ff ff e8 f1 45 e8 f5 4c 89 f7 be 03 00 00 00 e8 44 1d 0b f9 eb a0 e8 dd 45 e8 f5 90 \u003c0f\u003e 0b 90 e9 17 ff ff ff 89 d9 80 e1 07 38 c1 0f 8c c9 fc ff ff 48\n RSP: 0018:ffffc9000d307240 EFLAGS: 00010293\n RAX: ffffffff8bb72e03 RBX: 0000000000000000 RCX: ffff88807da88000\n RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\n RBP: ffffc9000d307430 R08: ffffffff8bb72cf0 R09: 1ffff1100b842a5e\n R10: dffffc0000000000 R11: ffffed100b842a5f R12: ffff88801e2e5ac0\n R13: ffff88805c214800 R14: ffff88805c2152e8 R15: 1ffff1100b842a5d\n FS: 00005555619f6500(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000000020002840 CR3: 00000000247e6000 CR4: 00000000003526f0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n \u003cTASK\u003e\n genl_family_rcv_msg_doit net/netlink/genetlink.c:1115 [inline]\n genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]\n genl_rcv_msg+0xb14/0xec0 net/netlink/genetlink.c:1210\n netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2542\n genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219\n netlink_unicast_kernel net/netlink/af_netlink.c:1321 [inline]\n netlink_unicast+0x7f6/0x990 net/netlink/af_netlink.c:1347\n netlink_sendmsg+0x8e4/0xcb0 net/netlink/af_netlink.c:1891\n sock_sendmsg_nosec net/socket.c:711 [inline]\n __sock_sendmsg+0x221/0x270 net/socket.c:726\n ____sys_sendmsg+0x52a/0x7e0 net/socket.c:2583\n ___sys_sendmsg net/socket.c:2637 [inline]\n __sys_sendmsg+0x269/0x350 net/socket.c:2669\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n RIP: 0033:0x7f5fe8785d29\n Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48\n RSP: 002b:00007fff571f5558 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\n RAX: ffffffffffffffda RBX: 00007f5fe8975fa0 RCX: 00007f5fe8785d29\n RDX: 0000000000000000 RSI: 0000000020000480 RDI: 0000000000000007\n RBP: 00007f5fe8801b08 R08: 0000000000000000 R09: 0000000000000000\n R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\n R13: 00007f5fe8975fa0 R14: 00007f5fe8975fa0 R15: 000000\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21706",
"url": "https://www.suse.com/security/cve/CVE-2025-21706"
},
{
"category": "external",
"summary": "SUSE Bug 1238528 for CVE-2025-21706",
"url": "https://bugzilla.suse.com/1238528"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-21706"
},
{
"cve": "CVE-2025-21708",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21708"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: rtl8150: enable basic endpoint checking\n\nSyzkaller reports [1] encountering a common issue of utilizing a wrong\nusb endpoint type during URB submitting stage. This, in turn, triggers\na warning shown below.\n\nFor now, enable simple endpoint checking (specifically, bulk and\ninterrupt eps, testing control one is not essential) to mitigate\nthe issue with a view to do other related cosmetic changes later,\nif they are necessary.\n\n[1] Syzkaller report:\nusb 1-1: BOGUS urb xfer, pipe 3 != type 1\nWARNING: CPU: 1 PID: 2586 at drivers/usb/core/urb.c:503 usb_submit_urb+0xe4b/0x1730 driv\u003e\nModules linked in:\nCPU: 1 UID: 0 PID: 2586 Comm: dhcpcd Not tainted 6.11.0-rc4-syzkaller-00069-gfc88bb11617\u003e\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024\nRIP: 0010:usb_submit_urb+0xe4b/0x1730 drivers/usb/core/urb.c:503\nCode: 84 3c 02 00 00 e8 05 e4 fc fc 4c 89 ef e8 fd 25 d7 fe 45 89 e0 89 e9 4c 89 f2 48 8\u003e\nRSP: 0018:ffffc9000441f740 EFLAGS: 00010282\nRAX: 0000000000000000 RBX: ffff888112487a00 RCX: ffffffff811a99a9\nRDX: ffff88810df6ba80 RSI: ffffffff811a99b6 RDI: 0000000000000001\nRBP: 0000000000000003 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000001\nR13: ffff8881023bf0a8 R14: ffff888112452a20 R15: ffff888112487a7c\nFS: 00007fc04eea5740(0000) GS:ffff8881f6300000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f0a1de9f870 CR3: 000000010dbd0000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n rtl8150_open+0x300/0xe30 drivers/net/usb/rtl8150.c:733\n __dev_open+0x2d4/0x4e0 net/core/dev.c:1474\n __dev_change_flags+0x561/0x720 net/core/dev.c:8838\n dev_change_flags+0x8f/0x160 net/core/dev.c:8910\n devinet_ioctl+0x127a/0x1f10 net/ipv4/devinet.c:1177\n inet_ioctl+0x3aa/0x3f0 net/ipv4/af_inet.c:1003\n sock_do_ioctl+0x116/0x280 net/socket.c:1222\n sock_ioctl+0x22e/0x6c0 net/socket.c:1341\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:907 [inline]\n __se_sys_ioctl fs/ioctl.c:893 [inline]\n __x64_sys_ioctl+0x193/0x220 fs/ioctl.c:893\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7fc04ef73d49\n...\n\nThis change has not been tested on real hardware.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21708",
"url": "https://www.suse.com/security/cve/CVE-2025-21708"
},
{
"category": "external",
"summary": "SUSE Bug 1239087 for CVE-2025-21708",
"url": "https://bugzilla.suse.com/1239087"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-21708"
},
{
"cve": "CVE-2025-21711",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21711"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/rose: prevent integer overflows in rose_setsockopt()\n\nIn case of possible unpredictably large arguments passed to\nrose_setsockopt() and multiplied by extra values on top of that,\ninteger overflows may occur.\n\nDo the safest minimum and fix these issues by checking the\ncontents of \u0027opt\u0027 and returning -EINVAL if they are too large. Also,\nswitch to unsigned int and remove useless check for negative \u0027opt\u0027\nin ROSE_IDLE case.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21711",
"url": "https://www.suse.com/security/cve/CVE-2025-21711"
},
{
"category": "external",
"summary": "SUSE Bug 1239114 for CVE-2025-21711",
"url": "https://bugzilla.suse.com/1239114"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-21711"
},
{
"cve": "CVE-2025-21714",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21714"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mlx5: Fix implicit ODP use after free\n\nPrevent double queueing of implicit ODP mr destroy work by using\n__xa_cmpxchg() to make sure this is the only time we are destroying this\nspecific mr.\n\nWithout this change, we could try to invalidate this mr twice, which in\nturn could result in queuing a MR work destroy twice, and eventually the\nsecond work could execute after the MR was freed due to the first work,\ncausing a user after free and trace below.\n\n refcount_t: underflow; use-after-free.\n WARNING: CPU: 2 PID: 12178 at lib/refcount.c:28 refcount_warn_saturate+0x12b/0x130\n Modules linked in: bonding ib_ipoib vfio_pci ip_gre geneve nf_tables ip6_gre gre ip6_tunnel tunnel6 ipip tunnel4 ib_umad rdma_ucm mlx5_vfio_pci vfio_pci_core vfio_iommu_type1 mlx5_ib vfio ib_uverbs mlx5_core iptable_raw openvswitch nsh rpcrdma ib_iser libiscsi scsi_transport_iscsi rdma_cm iw_cm ib_cm ib_core xt_conntrack xt_MASQUERADE nf_conntrack_netlink nfnetlink xt_addrtype iptable_nat nf_nat br_netfilter rpcsec_gss_krb5 auth_rpcgss oid_registry overlay zram zsmalloc fuse [last unloaded: ib_uverbs]\n CPU: 2 PID: 12178 Comm: kworker/u20:5 Not tainted 6.5.0-rc1_net_next_mlx5_58c644e #1\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\n Workqueue: events_unbound free_implicit_child_mr_work [mlx5_ib]\n RIP: 0010:refcount_warn_saturate+0x12b/0x130\n Code: 48 c7 c7 38 95 2a 82 c6 05 bc c6 fe 00 01 e8 0c 66 aa ff 0f 0b 5b c3 48 c7 c7 e0 94 2a 82 c6 05 a7 c6 fe 00 01 e8 f5 65 aa ff \u003c0f\u003e 0b 5b c3 90 8b 07 3d 00 00 00 c0 74 12 83 f8 01 74 13 8d 50 ff\n RSP: 0018:ffff8881008e3e40 EFLAGS: 00010286\n RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000027\n RDX: ffff88852c91b5c8 RSI: 0000000000000001 RDI: ffff88852c91b5c0\n RBP: ffff8881dacd4e00 R08: 00000000ffffffff R09: 0000000000000019\n R10: 000000000000072e R11: 0000000063666572 R12: ffff88812bfd9e00\n R13: ffff8881c792d200 R14: ffff88810011c005 R15: ffff8881002099c0\n FS: 0000000000000000(0000) GS:ffff88852c900000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f5694b5e000 CR3: 00000001153f6003 CR4: 0000000000370ea0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n \u003cTASK\u003e\n ? refcount_warn_saturate+0x12b/0x130\n free_implicit_child_mr_work+0x180/0x1b0 [mlx5_ib]\n process_one_work+0x1cc/0x3c0\n worker_thread+0x218/0x3c0\n kthread+0xc6/0xf0\n ret_from_fork+0x1f/0x30\n \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21714",
"url": "https://www.suse.com/security/cve/CVE-2025-21714"
},
{
"category": "external",
"summary": "SUSE Bug 1237890 for CVE-2025-21714",
"url": "https://bugzilla.suse.com/1237890"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-21714"
},
{
"cve": "CVE-2025-21715",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21715"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: davicom: fix UAF in dm9000_drv_remove\n\ndm is netdev private data and it cannot be\nused after free_netdev() call. Using dm after free_netdev()\ncan cause UAF bug. Fix it by moving free_netdev() at the end of the\nfunction.\n\nThis is similar to the issue fixed in commit\nad297cd2db89 (\"net: qcom/emac: fix UAF in emac_remove\").\n\nThis bug is detected by our static analysis tool.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21715",
"url": "https://www.suse.com/security/cve/CVE-2025-21715"
},
{
"category": "external",
"summary": "SUSE Bug 1237889 for CVE-2025-21715",
"url": "https://bugzilla.suse.com/1237889"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-21715"
},
{
"cve": "CVE-2025-21716",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21716"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvxlan: Fix uninit-value in vxlan_vnifilter_dump()\n\nKMSAN reported an uninit-value access in vxlan_vnifilter_dump() [1].\n\nIf the length of the netlink message payload is less than\nsizeof(struct tunnel_msg), vxlan_vnifilter_dump() accesses bytes\nbeyond the message. This can lead to uninit-value access. Fix this by\nreturning an error in such situations.\n\n[1]\nBUG: KMSAN: uninit-value in vxlan_vnifilter_dump+0x328/0x920 drivers/net/vxlan/vxlan_vnifilter.c:422\n vxlan_vnifilter_dump+0x328/0x920 drivers/net/vxlan/vxlan_vnifilter.c:422\n rtnl_dumpit+0xd5/0x2f0 net/core/rtnetlink.c:6786\n netlink_dump+0x93e/0x15f0 net/netlink/af_netlink.c:2317\n __netlink_dump_start+0x716/0xd60 net/netlink/af_netlink.c:2432\n netlink_dump_start include/linux/netlink.h:340 [inline]\n rtnetlink_dump_start net/core/rtnetlink.c:6815 [inline]\n rtnetlink_rcv_msg+0x1256/0x14a0 net/core/rtnetlink.c:6882\n netlink_rcv_skb+0x467/0x660 net/netlink/af_netlink.c:2542\n rtnetlink_rcv+0x35/0x40 net/core/rtnetlink.c:6944\n netlink_unicast_kernel net/netlink/af_netlink.c:1321 [inline]\n netlink_unicast+0xed6/0x1290 net/netlink/af_netlink.c:1347\n netlink_sendmsg+0x1092/0x1230 net/netlink/af_netlink.c:1891\n sock_sendmsg_nosec net/socket.c:711 [inline]\n __sock_sendmsg+0x330/0x3d0 net/socket.c:726\n ____sys_sendmsg+0x7f4/0xb50 net/socket.c:2583\n ___sys_sendmsg+0x271/0x3b0 net/socket.c:2637\n __sys_sendmsg net/socket.c:2669 [inline]\n __do_sys_sendmsg net/socket.c:2674 [inline]\n __se_sys_sendmsg net/socket.c:2672 [inline]\n __x64_sys_sendmsg+0x211/0x3e0 net/socket.c:2672\n x64_sys_call+0x3878/0x3d90 arch/x86/include/generated/asm/syscalls_64.h:47\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xd9/0x1d0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nUninit was created at:\n slab_post_alloc_hook mm/slub.c:4110 [inline]\n slab_alloc_node mm/slub.c:4153 [inline]\n kmem_cache_alloc_node_noprof+0x800/0xe80 mm/slub.c:4205\n kmalloc_reserve+0x13b/0x4b0 net/core/skbuff.c:587\n __alloc_skb+0x347/0x7d0 net/core/skbuff.c:678\n alloc_skb include/linux/skbuff.h:1323 [inline]\n netlink_alloc_large_skb+0xa5/0x280 net/netlink/af_netlink.c:1196\n netlink_sendmsg+0xac9/0x1230 net/netlink/af_netlink.c:1866\n sock_sendmsg_nosec net/socket.c:711 [inline]\n __sock_sendmsg+0x330/0x3d0 net/socket.c:726\n ____sys_sendmsg+0x7f4/0xb50 net/socket.c:2583\n ___sys_sendmsg+0x271/0x3b0 net/socket.c:2637\n __sys_sendmsg net/socket.c:2669 [inline]\n __do_sys_sendmsg net/socket.c:2674 [inline]\n __se_sys_sendmsg net/socket.c:2672 [inline]\n __x64_sys_sendmsg+0x211/0x3e0 net/socket.c:2672\n x64_sys_call+0x3878/0x3d90 arch/x86/include/generated/asm/syscalls_64.h:47\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xd9/0x1d0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nCPU: 0 UID: 0 PID: 30991 Comm: syz.4.10630 Not tainted 6.12.0-10694-gc44daa7e3c73 #29\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-3.fc41 04/01/2014",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21716",
"url": "https://www.suse.com/security/cve/CVE-2025-21716"
},
{
"category": "external",
"summary": "SUSE Bug 1237891 for CVE-2025-21716",
"url": "https://bugzilla.suse.com/1237891"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-21716"
},
{
"cve": "CVE-2025-21718",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21718"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: rose: fix timer races against user threads\n\nRose timers only acquire the socket spinlock, without\nchecking if the socket is owned by one user thread.\n\nAdd a check and rearm the timers if needed.\n\nBUG: KASAN: slab-use-after-free in rose_timer_expiry+0x31d/0x360 net/rose/rose_timer.c:174\nRead of size 2 at addr ffff88802f09b82a by task swapper/0/0\n\nCPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.13.0-rc5-syzkaller-00172-gd1bf27c4e176 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nCall Trace:\n \u003cIRQ\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:489\n kasan_report+0x143/0x180 mm/kasan/report.c:602\n rose_timer_expiry+0x31d/0x360 net/rose/rose_timer.c:174\n call_timer_fn+0x187/0x650 kernel/time/timer.c:1793\n expire_timers kernel/time/timer.c:1844 [inline]\n __run_timers kernel/time/timer.c:2418 [inline]\n __run_timer_base+0x66a/0x8e0 kernel/time/timer.c:2430\n run_timer_base kernel/time/timer.c:2439 [inline]\n run_timer_softirq+0xb7/0x170 kernel/time/timer.c:2449\n handle_softirqs+0x2d4/0x9b0 kernel/softirq.c:561\n __do_softirq kernel/softirq.c:595 [inline]\n invoke_softirq kernel/softirq.c:435 [inline]\n __irq_exit_rcu+0xf7/0x220 kernel/softirq.c:662\n irq_exit_rcu+0x9/0x30 kernel/softirq.c:678\n instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline]\n sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1049\n \u003c/IRQ\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21718",
"url": "https://www.suse.com/security/cve/CVE-2025-21718"
},
{
"category": "external",
"summary": "SUSE Bug 1239073 for CVE-2025-21718",
"url": "https://bugzilla.suse.com/1239073"
},
{
"category": "external",
"summary": "SUSE Bug 1239074 for CVE-2025-21718",
"url": "https://bugzilla.suse.com/1239074"
},
{
"category": "external",
"summary": "SUSE Bug 1239076 for CVE-2025-21718",
"url": "https://bugzilla.suse.com/1239076"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "important"
}
],
"title": "CVE-2025-21718"
},
{
"cve": "CVE-2025-21719",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21719"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipmr: do not call mr_mfc_uses_dev() for unres entries\n\nsyzbot found that calling mr_mfc_uses_dev() for unres entries\nwould crash [1], because c-\u003emfc_un.res.minvif / c-\u003emfc_un.res.maxvif\nalias to \"struct sk_buff_head unresolved\", which contain two pointers.\n\nThis code never worked, lets remove it.\n\n[1]\nUnable to handle kernel paging request at virtual address ffff5fff2d536613\nKASAN: maybe wild-memory-access in range [0xfffefff96a9b3098-0xfffefff96a9b309f]\nModules linked in:\nCPU: 1 UID: 0 PID: 7321 Comm: syz.0.16 Not tainted 6.13.0-rc7-syzkaller-g1950a0af2d55 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\npstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : mr_mfc_uses_dev net/ipv4/ipmr_base.c:290 [inline]\n pc : mr_table_dump+0x5a4/0x8b0 net/ipv4/ipmr_base.c:334\n lr : mr_mfc_uses_dev net/ipv4/ipmr_base.c:289 [inline]\n lr : mr_table_dump+0x694/0x8b0 net/ipv4/ipmr_base.c:334\nCall trace:\n mr_mfc_uses_dev net/ipv4/ipmr_base.c:290 [inline] (P)\n mr_table_dump+0x5a4/0x8b0 net/ipv4/ipmr_base.c:334 (P)\n mr_rtm_dumproute+0x254/0x454 net/ipv4/ipmr_base.c:382\n ipmr_rtm_dumproute+0x248/0x4b4 net/ipv4/ipmr.c:2648\n rtnl_dump_all+0x2e4/0x4e8 net/core/rtnetlink.c:4327\n rtnl_dumpit+0x98/0x1d0 net/core/rtnetlink.c:6791\n netlink_dump+0x4f0/0xbc0 net/netlink/af_netlink.c:2317\n netlink_recvmsg+0x56c/0xe64 net/netlink/af_netlink.c:1973\n sock_recvmsg_nosec net/socket.c:1033 [inline]\n sock_recvmsg net/socket.c:1055 [inline]\n sock_read_iter+0x2d8/0x40c net/socket.c:1125\n new_sync_read fs/read_write.c:484 [inline]\n vfs_read+0x740/0x970 fs/read_write.c:565\n ksys_read+0x15c/0x26c fs/read_write.c:708",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21719",
"url": "https://www.suse.com/security/cve/CVE-2025-21719"
},
{
"category": "external",
"summary": "SUSE Bug 1238860 for CVE-2025-21719",
"url": "https://bugzilla.suse.com/1238860"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-21719"
},
{
"cve": "CVE-2025-21723",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21723"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: mpi3mr: Fix possible crash when setting up bsg fails\n\nIf bsg_setup_queue() fails, the bsg_queue is assigned a non-NULL value.\nConsequently, in mpi3mr_bsg_exit(), the condition \"if(!mrioc-\u003ebsg_queue)\"\nwill not be satisfied, preventing execution from entering\nbsg_remove_queue(), which could lead to the following crash:\n\nBUG: kernel NULL pointer dereference, address: 000000000000041c\nCall Trace:\n \u003cTASK\u003e\n mpi3mr_bsg_exit+0x1f/0x50 [mpi3mr]\n mpi3mr_remove+0x6f/0x340 [mpi3mr]\n pci_device_remove+0x3f/0xb0\n device_release_driver_internal+0x19d/0x220\n unbind_store+0xa4/0xb0\n kernfs_fop_write_iter+0x11f/0x200\n vfs_write+0x1fc/0x3e0\n ksys_write+0x67/0xe0\n do_syscall_64+0x38/0x80\n entry_SYSCALL_64_after_hwframe+0x78/0xe2",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21723",
"url": "https://www.suse.com/security/cve/CVE-2025-21723"
},
{
"category": "external",
"summary": "SUSE Bug 1238864 for CVE-2025-21723",
"url": "https://bugzilla.suse.com/1238864"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-21723"
},
{
"cve": "CVE-2025-21724",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21724"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niommufd/iova_bitmap: Fix shift-out-of-bounds in iova_bitmap_offset_to_index()\n\nResolve a UBSAN shift-out-of-bounds issue in iova_bitmap_offset_to_index()\nwhere shifting the constant \"1\" (of type int) by bitmap-\u003emapped.pgshift\n(an unsigned long value) could result in undefined behavior.\n\nThe constant \"1\" defaults to a 32-bit \"int\", and when \"pgshift\" exceeds\n31 (e.g., pgshift = 63) the shift operation overflows, as the result\ncannot be represented in a 32-bit type.\n\nTo resolve this, the constant is updated to \"1UL\", promoting it to an\nunsigned long type to match the operand\u0027s type.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21724",
"url": "https://www.suse.com/security/cve/CVE-2025-21724"
},
{
"category": "external",
"summary": "SUSE Bug 1238863 for CVE-2025-21724",
"url": "https://bugzilla.suse.com/1238863"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-21724"
},
{
"cve": "CVE-2025-21725",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21725"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix oops due to unset link speed\n\nIt isn\u0027t guaranteed that NETWORK_INTERFACE_INFO::LinkSpeed will always\nbe set by the server, so the client must handle any values and then\nprevent oopses like below from happening:\n\nOops: divide error: 0000 [#1] PREEMPT SMP KASAN NOPTI\nCPU: 0 UID: 0 PID: 1323 Comm: cat Not tainted 6.13.0-rc7 #2\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-3.fc41\n04/01/2014\nRIP: 0010:cifs_debug_data_proc_show+0xa45/0x1460 [cifs] Code: 00 00 48\n89 df e8 3b cd 1b c1 41 f6 44 24 2c 04 0f 84 50 01 00 00 48 89 ef e8\ne7 d0 1b c1 49 8b 44 24 18 31 d2 49 8d 7c 24 28 \u003c48\u003e f7 74 24 18 48 89\nc3 e8 6e cf 1b c1 41 8b 6c 24 28 49 8d 7c 24\nRSP: 0018:ffffc90001817be0 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: ffff88811230022c RCX: ffffffffc041bd99\nRDX: 0000000000000000 RSI: 0000000000000567 RDI: ffff888112300228\nRBP: ffff888112300218 R08: fffff52000302f5f R09: ffffed1022fa58ac\nR10: ffff888117d2c566 R11: 00000000fffffffe R12: ffff888112300200\nR13: 000000012a15343f R14: 0000000000000001 R15: ffff888113f2db58\nFS: 00007fe27119e740(0000) GS:ffff888148600000(0000)\nknlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007fe2633c5000 CR3: 0000000124da0000 CR4: 0000000000750ef0\nPKRU: 55555554\nCall Trace:\n \u003cTASK\u003e\n ? __die_body.cold+0x19/0x27\n ? die+0x2e/0x50\n ? do_trap+0x159/0x1b0\n ? cifs_debug_data_proc_show+0xa45/0x1460 [cifs]\n ? do_error_trap+0x90/0x130\n ? cifs_debug_data_proc_show+0xa45/0x1460 [cifs]\n ? exc_divide_error+0x39/0x50\n ? cifs_debug_data_proc_show+0xa45/0x1460 [cifs]\n ? asm_exc_divide_error+0x1a/0x20\n ? cifs_debug_data_proc_show+0xa39/0x1460 [cifs]\n ? cifs_debug_data_proc_show+0xa45/0x1460 [cifs]\n ? seq_read_iter+0x42e/0x790\n seq_read_iter+0x19a/0x790\n proc_reg_read_iter+0xbe/0x110\n ? __pfx_proc_reg_read_iter+0x10/0x10\n vfs_read+0x469/0x570\n ? do_user_addr_fault+0x398/0x760\n ? __pfx_vfs_read+0x10/0x10\n ? find_held_lock+0x8a/0xa0\n ? __pfx_lock_release+0x10/0x10\n ksys_read+0xd3/0x170\n ? __pfx_ksys_read+0x10/0x10\n ? __rcu_read_unlock+0x50/0x270\n ? mark_held_locks+0x1a/0x90\n do_syscall_64+0xbb/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7fe271288911\nCode: 00 48 8b 15 01 25 10 00 f7 d8 64 89 02 b8 ff ff ff ff eb bd e8\n20 ad 01 00 f3 0f 1e fa 80 3d b5 a7 10 00 00 74 13 31 c0 0f 05 \u003c48\u003e 3d\n00 f0 ff ff 77 4f c3 66 0f 1f 44 00 00 55 48 89 e5 48 83 ec\nRSP: 002b:00007ffe87c079d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000\nRAX: ffffffffffffffda RBX: 0000000000040000 RCX: 00007fe271288911\nRDX: 0000000000040000 RSI: 00007fe2633c6000 RDI: 0000000000000003\nRBP: 00007ffe87c07a00 R08: 0000000000000000 R09: 00007fe2713e6380\nR10: 0000000000000022 R11: 0000000000000246 R12: 0000000000040000\nR13: 00007fe2633c6000 R14: 0000000000000003 R15: 0000000000000000\n \u003c/TASK\u003e\n\nFix this by setting cifs_server_iface::speed to a sane value (1Gbps)\nby default when link speed is unset.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21725",
"url": "https://www.suse.com/security/cve/CVE-2025-21725"
},
{
"category": "external",
"summary": "SUSE Bug 1238877 for CVE-2025-21725",
"url": "https://bugzilla.suse.com/1238877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-21725"
},
{
"cve": "CVE-2025-21726",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21726"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npadata: avoid UAF for reorder_work\n\nAlthough the previous patch can avoid ps and ps UAF for _do_serial, it\ncan not avoid potential UAF issue for reorder_work. This issue can\nhappen just as below:\n\ncrypto_request\t\t\tcrypto_request\t\tcrypto_del_alg\npadata_do_serial\n ...\n padata_reorder\n // processes all remaining\n // requests then breaks\n while (1) {\n if (!padata)\n break;\n ...\n }\n\n\t\t\t\tpadata_do_serial\n\t\t\t\t // new request added\n\t\t\t\t list_add\n // sees the new request\n queue_work(reorder_work)\n\t\t\t\t padata_reorder\n\t\t\t\t queue_work_on(squeue-\u003ework)\n...\n\n\t\t\t\t\u003ckworker context\u003e\n\t\t\t\tpadata_serial_worker\n\t\t\t\t// completes new request,\n\t\t\t\t// no more outstanding\n\t\t\t\t// requests\n\n\t\t\t\t\t\t\tcrypto_del_alg\n\t\t\t\t\t\t\t // free pd\n\n\u003ckworker context\u003e\ninvoke_padata_reorder\n // UAF of pd\n\nTo avoid UAF for \u0027reorder_work\u0027, get \u0027pd\u0027 ref before put \u0027reorder_work\u0027\ninto the \u0027serial_wq\u0027 and put \u0027pd\u0027 ref until the \u0027serial_wq\u0027 finish.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21726",
"url": "https://www.suse.com/security/cve/CVE-2025-21726"
},
{
"category": "external",
"summary": "SUSE Bug 1238865 for CVE-2025-21726",
"url": "https://bugzilla.suse.com/1238865"
},
{
"category": "external",
"summary": "SUSE Bug 1240837 for CVE-2025-21726",
"url": "https://bugzilla.suse.com/1240837"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "important"
}
],
"title": "CVE-2025-21726"
},
{
"cve": "CVE-2025-21727",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21727"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npadata: fix UAF in padata_reorder\n\nA bug was found when run ltp test:\n\nBUG: KASAN: slab-use-after-free in padata_find_next+0x29/0x1a0\nRead of size 4 at addr ffff88bbfe003524 by task kworker/u113:2/3039206\n\nCPU: 0 PID: 3039206 Comm: kworker/u113:2 Kdump: loaded Not tainted 6.6.0+\nWorkqueue: pdecrypt_parallel padata_parallel_worker\nCall Trace:\n\u003cTASK\u003e\ndump_stack_lvl+0x32/0x50\nprint_address_description.constprop.0+0x6b/0x3d0\nprint_report+0xdd/0x2c0\nkasan_report+0xa5/0xd0\npadata_find_next+0x29/0x1a0\npadata_reorder+0x131/0x220\npadata_parallel_worker+0x3d/0xc0\nprocess_one_work+0x2ec/0x5a0\n\nIf \u0027mdelay(10)\u0027 is added before calling \u0027padata_find_next\u0027 in the\n\u0027padata_reorder\u0027 function, this issue could be reproduced easily with\nltp test (pcrypt_aead01).\n\nThis can be explained as bellow:\n\npcrypt_aead_encrypt\n...\npadata_do_parallel\nrefcount_inc(\u0026pd-\u003erefcnt); // add refcnt\n...\npadata_do_serial\npadata_reorder // pd\nwhile (1) {\npadata_find_next(pd, true); // using pd\nqueue_work_on\n...\npadata_serial_worker\t\t\t\tcrypto_del_alg\npadata_put_pd_cnt // sub refcnt\n\t\t\t\t\t\tpadata_free_shell\n\t\t\t\t\t\tpadata_put_pd(ps-\u003epd);\n\t\t\t\t\t\t// pd is freed\n// loop again, but pd is freed\n// call padata_find_next, UAF\n}\n\nIn the padata_reorder function, when it loops in \u0027while\u0027, if the alg is\ndeleted, the refcnt may be decreased to 0 before entering\n\u0027padata_find_next\u0027, which leads to UAF.\n\nAs mentioned in [1], do_serial is supposed to be called with BHs disabled\nand always happen under RCU protection, to address this issue, add\nsynchronize_rcu() in \u0027padata_free_shell\u0027 wait for all _do_serial calls\nto finish.\n\n[1] https://lore.kernel.org/all/20221028160401.cccypv4euxikusiq@parnassus.localdomain/\n[2] https://lore.kernel.org/linux-kernel/jfjz5d7zwbytztackem7ibzalm5lnxldi2eofeiczqmqs2m7o6@fq426cwnjtkm/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21727",
"url": "https://www.suse.com/security/cve/CVE-2025-21727"
},
{
"category": "external",
"summary": "SUSE Bug 1237876 for CVE-2025-21727",
"url": "https://bugzilla.suse.com/1237876"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-21727"
},
{
"cve": "CVE-2025-21728",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21728"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Send signals asynchronously if !preemptible\n\nBPF programs can execute in all kinds of contexts and when a program\nrunning in a non-preemptible context uses the bpf_send_signal() kfunc,\nit will cause issues because this kfunc can sleep.\nChange `irqs_disabled()` to `!preemptible()`.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21728",
"url": "https://www.suse.com/security/cve/CVE-2025-21728"
},
{
"category": "external",
"summary": "SUSE Bug 1237879 for CVE-2025-21728",
"url": "https://bugzilla.suse.com/1237879"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-21728"
},
{
"cve": "CVE-2025-21731",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21731"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnbd: don\u0027t allow reconnect after disconnect\n\nFollowing process can cause nbd_config UAF:\n\n1) grab nbd_config temporarily;\n\n2) nbd_genl_disconnect() flush all recv_work() and release the\ninitial reference:\n\n nbd_genl_disconnect\n nbd_disconnect_and_put\n nbd_disconnect\n flush_workqueue(nbd-\u003erecv_workq)\n if (test_and_clear_bit(NBD_RT_HAS_CONFIG_REF, ...))\n nbd_config_put\n -\u003e due to step 1), reference is still not zero\n\n3) nbd_genl_reconfigure() queue recv_work() again;\n\n nbd_genl_reconfigure\n config = nbd_get_config_unlocked(nbd)\n if (!config)\n -\u003e succeed\n if (!test_bit(NBD_RT_BOUND, ...))\n -\u003e succeed\n nbd_reconnect_socket\n queue_work(nbd-\u003erecv_workq, \u0026args-\u003ework)\n\n4) step 1) release the reference;\n\n5) Finially, recv_work() will trigger UAF:\n\n recv_work\n nbd_config_put(nbd)\n -\u003e nbd_config is freed\n atomic_dec(\u0026config-\u003erecv_threads)\n -\u003e UAF\n\nFix the problem by clearing NBD_RT_BOUND in nbd_genl_disconnect(), so\nthat nbd_genl_reconfigure() will fail.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21731",
"url": "https://www.suse.com/security/cve/CVE-2025-21731"
},
{
"category": "external",
"summary": "SUSE Bug 1237881 for CVE-2025-21731",
"url": "https://bugzilla.suse.com/1237881"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-21731"
},
{
"cve": "CVE-2025-21732",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21732"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mlx5: Fix a race for an ODP MR which leads to CQE with error\n\nThis patch addresses a race condition for an ODP MR that can result in a\nCQE with an error on the UMR QP.\n\nDuring the __mlx5_ib_dereg_mr() flow, the following sequence of calls\noccurs:\n\nmlx5_revoke_mr()\n mlx5r_umr_revoke_mr()\n mlx5r_umr_post_send_wait()\n\nAt this point, the lkey is freed from the hardware\u0027s perspective.\n\nHowever, concurrently, mlx5_ib_invalidate_range() might be triggered by\nanother task attempting to invalidate a range for the same freed lkey.\n\nThis task will:\n - Acquire the umem_odp-\u003eumem_mutex lock.\n - Call mlx5r_umr_update_xlt() on the UMR QP.\n - Since the lkey has already been freed, this can lead to a CQE error,\n causing the UMR QP to enter an error state [1].\n\nTo resolve this race condition, the umem_odp-\u003eumem_mutex lock is now also\nacquired as part of the mlx5_revoke_mr() scope. Upon successful revoke,\nwe set umem_odp-\u003eprivate which points to that MR to NULL, preventing any\nfurther invalidation attempts on its lkey.\n\n[1] From dmesg:\n\n infiniband rocep8s0f0: dump_cqe:277:(pid 0): WC error: 6, Message: memory bind operation error\n cqe_dump: 00000000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n cqe_dump: 00000010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n cqe_dump: 00000020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n cqe_dump: 00000030: 00 00 00 00 08 00 78 06 25 00 11 b9 00 0e dd d2\n\n WARNING: CPU: 15 PID: 1506 at drivers/infiniband/hw/mlx5/umr.c:394 mlx5r_umr_post_send_wait+0x15a/0x2b0 [mlx5_ib]\n Modules linked in: ip6table_mangle ip6table_natip6table_filter ip6_tables iptable_mangle xt_conntrack xt_MASQUERADE nf_conntrack_netlink nfnetlink xt_addrtype iptable_nat nf_nat br_netfilter rpcsec_gss_krb5 auth_rpcgss oid_registry overlay rpcrdma rdma_ucm ib_iser libiscsi scsi_transport_iscsi rdma_cm iw_cm ib_umad ib_ipoib ib_cm mlx5_ib ib_uverbs ib_core fuse mlx5_core\n CPU: 15 UID: 0 PID: 1506 Comm: ibv_rc_pingpong Not tainted 6.12.0-rc7+ #1626\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\n RIP: 0010:mlx5r_umr_post_send_wait+0x15a/0x2b0 [mlx5_ib]\n [..]\n Call Trace:\n \u003cTASK\u003e\n mlx5r_umr_update_xlt+0x23c/0x3e0 [mlx5_ib]\n mlx5_ib_invalidate_range+0x2e1/0x330 [mlx5_ib]\n __mmu_notifier_invalidate_range_start+0x1e1/0x240\n zap_page_range_single+0xf1/0x1a0\n madvise_vma_behavior+0x677/0x6e0\n do_madvise+0x1a2/0x4b0\n __x64_sys_madvise+0x25/0x30\n do_syscall_64+0x6b/0x140\n entry_SYSCALL_64_after_hwframe+0x76/0x7e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21732",
"url": "https://www.suse.com/security/cve/CVE-2025-21732"
},
{
"category": "external",
"summary": "SUSE Bug 1237877 for CVE-2025-21732",
"url": "https://bugzilla.suse.com/1237877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-21732"
},
{
"cve": "CVE-2025-21733",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21733"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing/osnoise: Fix resetting of tracepoints\n\nIf a timerlat tracer is started with the osnoise option OSNOISE_WORKLOAD\ndisabled, but then that option is enabled and timerlat is removed, the\ntracepoints that were enabled on timerlat registration do not get\ndisabled. If the option is disabled again and timelat is started, then it\ntriggers a warning in the tracepoint code due to registering the\ntracepoint again without ever disabling it.\n\nDo not use the same user space defined options to know to disable the\ntracepoints when timerlat is removed. Instead, set a global flag when it\nis enabled and use that flag to know to disable the events.\n\n ~# echo NO_OSNOISE_WORKLOAD \u003e /sys/kernel/tracing/osnoise/options\n ~# echo timerlat \u003e /sys/kernel/tracing/current_tracer\n ~# echo OSNOISE_WORKLOAD \u003e /sys/kernel/tracing/osnoise/options\n ~# echo nop \u003e /sys/kernel/tracing/current_tracer\n ~# echo NO_OSNOISE_WORKLOAD \u003e /sys/kernel/tracing/osnoise/options\n ~# echo timerlat \u003e /sys/kernel/tracing/current_tracer\n\nTriggers:\n\n ------------[ cut here ]------------\n WARNING: CPU: 6 PID: 1337 at kernel/tracepoint.c:294 tracepoint_add_func+0x3b6/0x3f0\n Modules linked in:\n CPU: 6 UID: 0 PID: 1337 Comm: rtla Not tainted 6.13.0-rc4-test-00018-ga867c441128e-dirty #73\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n RIP: 0010:tracepoint_add_func+0x3b6/0x3f0\n Code: 48 8b 53 28 48 8b 73 20 4c 89 04 24 e8 23 59 11 00 4c 8b 04 24 e9 36 fe ff ff 0f 0b b8 ea ff ff ff 45 84 e4 0f 84 68 fe ff ff \u003c0f\u003e 0b e9 61 fe ff ff 48 8b 7b 18 48 85 ff 0f 84 4f ff ff ff 49 8b\n RSP: 0018:ffffb9b003a87ca0 EFLAGS: 00010202\n RAX: 00000000ffffffef RBX: ffffffff92f30860 RCX: 0000000000000000\n RDX: 0000000000000000 RSI: ffff9bf59e91ccd0 RDI: ffffffff913b6410\n RBP: 000000000000000a R08: 00000000000005c7 R09: 0000000000000002\n R10: ffffb9b003a87ce0 R11: 0000000000000002 R12: 0000000000000001\n R13: ffffb9b003a87ce0 R14: ffffffffffffffef R15: 0000000000000008\n FS: 00007fce81209240(0000) GS:ffff9bf6fdd00000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 000055e99b728000 CR3: 00000001277c0002 CR4: 0000000000172ef0\n Call Trace:\n \u003cTASK\u003e\n ? __warn.cold+0xb7/0x14d\n ? tracepoint_add_func+0x3b6/0x3f0\n ? report_bug+0xea/0x170\n ? handle_bug+0x58/0x90\n ? exc_invalid_op+0x17/0x70\n ? asm_exc_invalid_op+0x1a/0x20\n ? __pfx_trace_sched_migrate_callback+0x10/0x10\n ? tracepoint_add_func+0x3b6/0x3f0\n ? __pfx_trace_sched_migrate_callback+0x10/0x10\n ? __pfx_trace_sched_migrate_callback+0x10/0x10\n tracepoint_probe_register+0x78/0xb0\n ? __pfx_trace_sched_migrate_callback+0x10/0x10\n osnoise_workload_start+0x2b5/0x370\n timerlat_tracer_init+0x76/0x1b0\n tracing_set_tracer+0x244/0x400\n tracing_set_trace_write+0xa0/0xe0\n vfs_write+0xfc/0x570\n ? do_sys_openat2+0x9c/0xe0\n ksys_write+0x72/0xf0\n do_syscall_64+0x79/0x1c0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21733",
"url": "https://www.suse.com/security/cve/CVE-2025-21733"
},
{
"category": "external",
"summary": "SUSE Bug 1238494 for CVE-2025-21733",
"url": "https://bugzilla.suse.com/1238494"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-21733"
},
{
"cve": "CVE-2025-21734",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21734"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmisc: fastrpc: Fix copy buffer page size\n\nFor non-registered buffer, fastrpc driver copies the buffer and\npass it to the remote subsystem. There is a problem with current\nimplementation of page size calculation which is not considering\nthe offset in the calculation. This might lead to passing of\nimproper and out-of-bounds page size which could result in\nmemory issue. Calculate page start and page end using the offset\nadjusted address instead of absolute address.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21734",
"url": "https://www.suse.com/security/cve/CVE-2025-21734"
},
{
"category": "external",
"summary": "SUSE Bug 1238734 for CVE-2025-21734",
"url": "https://bugzilla.suse.com/1238734"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-21734"
},
{
"cve": "CVE-2025-21735",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21735"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFC: nci: Add bounds checking in nci_hci_create_pipe()\n\nThe \"pipe\" variable is a u8 which comes from the network. If it\u0027s more\nthan 127, then it results in memory corruption in the caller,\nnci_hci_connect_gate().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21735",
"url": "https://www.suse.com/security/cve/CVE-2025-21735"
},
{
"category": "external",
"summary": "SUSE Bug 1238497 for CVE-2025-21735",
"url": "https://bugzilla.suse.com/1238497"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-21735"
},
{
"cve": "CVE-2025-21736",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21736"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix possible int overflows in nilfs_fiemap()\n\nSince nilfs_bmap_lookup_contig() in nilfs_fiemap() calculates its result\nby being prepared to go through potentially maxblocks == INT_MAX blocks,\nthe value in n may experience an overflow caused by left shift of blkbits.\n\nWhile it is extremely unlikely to occur, play it safe and cast right hand\nexpression to wider type to mitigate the issue.\n\nFound by Linux Verification Center (linuxtesting.org) with static analysis\ntool SVACE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21736",
"url": "https://www.suse.com/security/cve/CVE-2025-21736"
},
{
"category": "external",
"summary": "SUSE Bug 1238715 for CVE-2025-21736",
"url": "https://bugzilla.suse.com/1238715"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-21736"
},
{
"cve": "CVE-2025-21738",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21738"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nata: libata-sff: Ensure that we cannot write outside the allocated buffer\n\nreveliofuzzing reported that a SCSI_IOCTL_SEND_COMMAND ioctl with out_len\nset to 0xd42, SCSI command set to ATA_16 PASS-THROUGH, ATA command set to\nATA_NOP, and protocol set to ATA_PROT_PIO, can cause ata_pio_sector() to\nwrite outside the allocated buffer, overwriting random memory.\n\nWhile a ATA device is supposed to abort a ATA_NOP command, there does seem\nto be a bug either in libata-sff or QEMU, where either this status is not\nset, or the status is cleared before read by ata_sff_hsm_move().\nAnyway, that is most likely a separate bug.\n\nLooking at __atapi_pio_bytes(), it already has a safety check to ensure\nthat __atapi_pio_bytes() cannot write outside the allocated buffer.\n\nAdd a similar check to ata_pio_sector(), such that also ata_pio_sector()\ncannot write outside the allocated buffer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21738",
"url": "https://www.suse.com/security/cve/CVE-2025-21738"
},
{
"category": "external",
"summary": "SUSE Bug 1238917 for CVE-2025-21738",
"url": "https://bugzilla.suse.com/1238917"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-21738"
},
{
"cve": "CVE-2025-21739",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21739"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ufs: core: Fix use-after free in init error and remove paths\n\ndevm_blk_crypto_profile_init() registers a cleanup handler to run when\nthe associated (platform-) device is being released. For UFS, the\ncrypto private data and pointers are stored as part of the ufs_hba\u0027s\ndata structure \u0027struct ufs_hba::crypto_profile\u0027. This structure is\nallocated as part of the underlying ufshcd and therefore Scsi_host\nallocation.\n\nDuring driver release or during error handling in ufshcd_pltfrm_init(),\nthis structure is released as part of ufshcd_dealloc_host() before the\n(platform-) device associated with the crypto call above is released.\nOnce this device is released, the crypto cleanup code will run, using\nthe just-released \u0027struct ufs_hba::crypto_profile\u0027. This causes a\nuse-after-free situation:\n\n Call trace:\n kfree+0x60/0x2d8 (P)\n kvfree+0x44/0x60\n blk_crypto_profile_destroy_callback+0x28/0x70\n devm_action_release+0x1c/0x30\n release_nodes+0x6c/0x108\n devres_release_all+0x98/0x100\n device_unbind_cleanup+0x20/0x70\n really_probe+0x218/0x2d0\n\nIn other words, the initialisation code flow is:\n\n platform-device probe\n ufshcd_pltfrm_init()\n ufshcd_alloc_host()\n scsi_host_alloc()\n allocation of struct ufs_hba\n creation of scsi-host devices\n devm_blk_crypto_profile_init()\n devm registration of cleanup handler using platform-device\n\nand during error handling of ufshcd_pltfrm_init() or during driver\nremoval:\n\n ufshcd_dealloc_host()\n scsi_host_put()\n put_device(scsi-host)\n release of struct ufs_hba\n put_device(platform-device)\n crypto cleanup handler\n\nTo fix this use-after free, change ufshcd_alloc_host() to register a\ndevres action to automatically cleanup the underlying SCSI device on\nufshcd destruction, without requiring explicit calls to\nufshcd_dealloc_host(). This way:\n\n * the crypto profile and all other ufs_hba-owned resources are\n destroyed before SCSI (as they\u0027ve been registered after)\n * a memleak is plugged in tc-dwc-g210-pci.c remove() as a\n side-effect\n * EXPORT_SYMBOL_GPL(ufshcd_dealloc_host) can be removed fully as\n it\u0027s not needed anymore\n * no future drivers using ufshcd_alloc_host() could ever forget\n adding the cleanup",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21739",
"url": "https://www.suse.com/security/cve/CVE-2025-21739"
},
{
"category": "external",
"summary": "SUSE Bug 1238506 for CVE-2025-21739",
"url": "https://bugzilla.suse.com/1238506"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-21739"
},
{
"cve": "CVE-2025-21741",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21741"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusbnet: ipheth: fix DPE OoB read\n\nFix an out-of-bounds DPE read, limit the number of processed DPEs to\nthe amount that fits into the fixed-size NDP16 header.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21741",
"url": "https://www.suse.com/security/cve/CVE-2025-21741"
},
{
"category": "external",
"summary": "SUSE Bug 1238767 for CVE-2025-21741",
"url": "https://bugzilla.suse.com/1238767"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-21741"
},
{
"cve": "CVE-2025-21742",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21742"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusbnet: ipheth: use static NDP16 location in URB\n\nOriginal code allowed for the start of NDP16 to be anywhere within the\nURB based on the `wNdpIndex` value in NTH16. Only the start position of\nNDP16 was checked, so it was possible for even the fixed-length part\nof NDP16 to extend past the end of URB, leading to an out-of-bounds\nread.\n\nOn iOS devices, the NDP16 header always directly follows NTH16. Rely on\nand check for this specific format.\n\nThis, along with NCM-specific minimal URB length check that already\nexists, will ensure that the fixed-length part of NDP16 plus a set\namount of DPEs fit within the URB.\n\nNote that this commit alone does not fully address the OoB read.\nThe limit on the amount of DPEs needs to be enforced separately.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21742",
"url": "https://www.suse.com/security/cve/CVE-2025-21742"
},
{
"category": "external",
"summary": "SUSE Bug 1238771 for CVE-2025-21742",
"url": "https://bugzilla.suse.com/1238771"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-21742"
},
{
"cve": "CVE-2025-21743",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21743"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusbnet: ipheth: fix possible overflow in DPE length check\n\nOriginally, it was possible for the DPE length check to overflow if\nwDatagramIndex + wDatagramLength \u003e U16_MAX. This could lead to an OoB\nread.\n\nMove the wDatagramIndex term to the other side of the inequality.\n\nAn existing condition ensures that wDatagramIndex \u003c urb-\u003eactual_length.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21743",
"url": "https://www.suse.com/security/cve/CVE-2025-21743"
},
{
"category": "external",
"summary": "SUSE Bug 1238781 for CVE-2025-21743",
"url": "https://bugzilla.suse.com/1238781"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-21743"
},
{
"cve": "CVE-2025-21744",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21744"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize()\n\nOn removal of the device or unloading of the kernel module a potential NULL\npointer dereference occurs.\n\nThe following sequence deletes the interface:\n\n brcmf_detach()\n brcmf_remove_interface()\n brcmf_del_if()\n\nInside the brcmf_del_if() function the drvr-\u003eif2bss[ifidx] is updated to\nBRCMF_BSSIDX_INVALID (-1) if the bsscfgidx matches.\n\nAfter brcmf_remove_interface() call the brcmf_proto_detach() function is\ncalled providing the following sequence:\n\n brcmf_detach()\n brcmf_proto_detach()\n brcmf_proto_msgbuf_detach()\n brcmf_flowring_detach()\n brcmf_msgbuf_delete_flowring()\n brcmf_msgbuf_remove_flowring()\n brcmf_flowring_delete()\n brcmf_get_ifp()\n brcmf_txfinalize()\n\nSince brcmf_get_ip() can and actually will return NULL in this case the\ncall to brcmf_txfinalize() will result in a NULL pointer dereference inside\nbrcmf_txfinalize() when trying to update ifp-\u003endev-\u003estats.tx_errors.\n\nThis will only happen if a flowring still has an skb.\n\nAlthough the NULL pointer dereference has only been seen when trying to\nupdate the tx statistic, all other uses of the ifp pointer have been\nguarded as well with an early return if ifp is NULL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21744",
"url": "https://www.suse.com/security/cve/CVE-2025-21744"
},
{
"category": "external",
"summary": "SUSE Bug 1238903 for CVE-2025-21744",
"url": "https://bugzilla.suse.com/1238903"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-21744"
},
{
"cve": "CVE-2025-21745",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21745"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nblk-cgroup: Fix class @block_class\u0027s subsystem refcount leakage\n\nblkcg_fill_root_iostats() iterates over @block_class\u0027s devices by\nclass_dev_iter_(init|next)(), but does not end iterating with\nclass_dev_iter_exit(), so causes the class\u0027s subsystem refcount leakage.\n\nFix by ending the iterating with class_dev_iter_exit().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21745",
"url": "https://www.suse.com/security/cve/CVE-2025-21745"
},
{
"category": "external",
"summary": "SUSE Bug 1238785 for CVE-2025-21745",
"url": "https://bugzilla.suse.com/1238785"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-21745"
},
{
"cve": "CVE-2025-21749",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21749"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: rose: lock the socket in rose_bind()\n\nsyzbot reported a soft lockup in rose_loopback_timer(),\nwith a repro calling bind() from multiple threads.\n\nrose_bind() must lock the socket to avoid this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21749",
"url": "https://www.suse.com/security/cve/CVE-2025-21749"
},
{
"category": "external",
"summary": "SUSE Bug 1238904 for CVE-2025-21749",
"url": "https://bugzilla.suse.com/1238904"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "low"
}
],
"title": "CVE-2025-21749"
},
{
"cve": "CVE-2025-21750",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21750"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: brcmfmac: Check the return value of of_property_read_string_index()\n\nSomewhen between 6.10 and 6.11 the driver started to crash on my\nMacBookPro14,3. The property doesn\u0027t exist and \u0027tmp\u0027 remains\nuninitialized, so we pass a random pointer to devm_kstrdup().\n\nThe crash I am getting looks like this:\n\nBUG: unable to handle page fault for address: 00007f033c669379\nPF: supervisor read access in kernel mode\nPF: error_code(0x0001) - permissions violation\nPGD 8000000101341067 P4D 8000000101341067 PUD 101340067 PMD 1013bb067 PTE 800000010aee9025\nOops: Oops: 0001 [#1] SMP PTI\nCPU: 4 UID: 0 PID: 827 Comm: (udev-worker) Not tainted 6.11.8-gentoo #1\nHardware name: Apple Inc. MacBookPro14,3/Mac-551B86E5744E2388, BIOS 529.140.2.0.0 06/23/2024\nRIP: 0010:strlen+0x4/0x30\nCode: f7 75 ec 31 c0 c3 cc cc cc cc 48 89 f8 c3 cc cc cc cc 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa \u003c80\u003e 3f 00 74 14 48 89 f8 48 83 c0 01 80 38 00 75 f7 48 29 f8 c3 cc\nRSP: 0018:ffffb4aac0683ad8 EFLAGS: 00010202\nRAX: 00000000ffffffea RBX: 00007f033c669379 RCX: 0000000000000001\nRDX: 0000000000000cc0 RSI: 00007f033c669379 RDI: 00007f033c669379\nRBP: 00000000ffffffea R08: 0000000000000000 R09: 00000000c0ba916a\nR10: ffffffffffffffff R11: ffffffffb61ea260 R12: ffff91f7815b50c8\nR13: 0000000000000cc0 R14: ffff91fafefffe30 R15: ffffb4aac0683b30\nFS: 00007f033ccbe8c0(0000) GS:ffff91faeed00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f033c669379 CR3: 0000000107b1e004 CR4: 00000000003706f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n ? __die+0x23/0x70\n ? page_fault_oops+0x149/0x4c0\n ? raw_spin_rq_lock_nested+0xe/0x20\n ? sched_balance_newidle+0x22b/0x3c0\n ? update_load_avg+0x78/0x770\n ? exc_page_fault+0x6f/0x150\n ? asm_exc_page_fault+0x26/0x30\n ? __pfx_pci_conf1_write+0x10/0x10\n ? strlen+0x4/0x30\n devm_kstrdup+0x25/0x70\n brcmf_of_probe+0x273/0x350 [brcmfmac]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21750",
"url": "https://www.suse.com/security/cve/CVE-2025-21750"
},
{
"category": "external",
"summary": "SUSE Bug 1238905 for CVE-2025-21750",
"url": "https://bugzilla.suse.com/1238905"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-21750"
},
{
"cve": "CVE-2025-21753",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21753"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix use-after-free when attempting to join an aborted transaction\n\nWhen we are trying to join the current transaction and if it\u0027s aborted,\nwe read its \u0027aborted\u0027 field after unlocking fs_info-\u003etrans_lock and\nwithout holding any extra reference count on it. This means that a\nconcurrent task that is aborting the transaction may free the transaction\nbefore we read its \u0027aborted\u0027 field, leading to a use-after-free.\n\nFix this by reading the \u0027aborted\u0027 field while holding fs_info-\u003etrans_lock\nsince any freeing task must first acquire that lock and set\nfs_info-\u003erunning_transaction to NULL before freeing the transaction.\n\nThis was reported by syzbot and Dmitry with the following stack traces\nfrom KASAN:\n\n ==================================================================\n BUG: KASAN: slab-use-after-free in join_transaction+0xd9b/0xda0 fs/btrfs/transaction.c:278\n Read of size 4 at addr ffff888011839024 by task kworker/u4:9/1128\n\n CPU: 0 UID: 0 PID: 1128 Comm: kworker/u4:9 Not tainted 6.13.0-rc7-syzkaller-00019-gc45323b7560e #0\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\n Workqueue: events_unbound btrfs_async_reclaim_data_space\n Call Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:489\n kasan_report+0x143/0x180 mm/kasan/report.c:602\n join_transaction+0xd9b/0xda0 fs/btrfs/transaction.c:278\n start_transaction+0xaf8/0x1670 fs/btrfs/transaction.c:697\n flush_space+0x448/0xcf0 fs/btrfs/space-info.c:803\n btrfs_async_reclaim_data_space+0x159/0x510 fs/btrfs/space-info.c:1321\n process_one_work kernel/workqueue.c:3236 [inline]\n process_scheduled_works+0xa66/0x1840 kernel/workqueue.c:3317\n worker_thread+0x870/0xd30 kernel/workqueue.c:3398\n kthread+0x2f0/0x390 kernel/kthread.c:389\n ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n \u003c/TASK\u003e\n\n Allocated by task 5315:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0x98/0xb0 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __kmalloc_cache_noprof+0x243/0x390 mm/slub.c:4329\n kmalloc_noprof include/linux/slab.h:901 [inline]\n join_transaction+0x144/0xda0 fs/btrfs/transaction.c:308\n start_transaction+0xaf8/0x1670 fs/btrfs/transaction.c:697\n btrfs_create_common+0x1b2/0x2e0 fs/btrfs/inode.c:6572\n lookup_open fs/namei.c:3649 [inline]\n open_last_lookups fs/namei.c:3748 [inline]\n path_openat+0x1c03/0x3590 fs/namei.c:3984\n do_filp_open+0x27f/0x4e0 fs/namei.c:4014\n do_sys_openat2+0x13e/0x1d0 fs/open.c:1402\n do_sys_open fs/open.c:1417 [inline]\n __do_sys_creat fs/open.c:1495 [inline]\n __se_sys_creat fs/open.c:1489 [inline]\n __x64_sys_creat+0x123/0x170 fs/open.c:1489\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\n Freed by task 5336:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:582\n poison_slab_object mm/kasan/common.c:247 [inline]\n __kasan_slab_free+0x59/0x70 mm/kasan/common.c:264\n kasan_slab_free include/linux/kasan.h:233 [inline]\n slab_free_hook mm/slub.c:2353 [inline]\n slab_free mm/slub.c:4613 [inline]\n kfree+0x196/0x430 mm/slub.c:4761\n cleanup_transaction fs/btrfs/transaction.c:2063 [inline]\n btrfs_commit_transaction+0x2c97/0x3720 fs/btrfs/transaction.c:2598\n insert_balance_item+0x1284/0x20b0 fs/btrfs/volumes.c:3757\n btrfs_balance+0x992/\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21753",
"url": "https://www.suse.com/security/cve/CVE-2025-21753"
},
{
"category": "external",
"summary": "SUSE Bug 1237875 for CVE-2025-21753",
"url": "https://bugzilla.suse.com/1237875"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-21753"
},
{
"cve": "CVE-2025-21754",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21754"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix assertion failure when splitting ordered extent after transaction abort\n\nIf while we are doing a direct IO write a transaction abort happens, we\nmark all existing ordered extents with the BTRFS_ORDERED_IOERR flag (done\nat btrfs_destroy_ordered_extents()), and then after that if we enter\nbtrfs_split_ordered_extent() and the ordered extent has bytes left\n(meaning we have a bio that doesn\u0027t cover the whole ordered extent, see\ndetails at btrfs_extract_ordered_extent()), we will fail on the following\nassertion at btrfs_split_ordered_extent():\n\n ASSERT(!(flags \u0026 ~BTRFS_ORDERED_TYPE_FLAGS));\n\nbecause the BTRFS_ORDERED_IOERR flag is set and the definition of\nBTRFS_ORDERED_TYPE_FLAGS is just the union of all flags that identify the\ntype of write (regular, nocow, prealloc, compressed, direct IO, encoded).\n\nFix this by returning an error from btrfs_extract_ordered_extent() if we\nfind the BTRFS_ORDERED_IOERR flag in the ordered extent. The error will\nbe the error that resulted in the transaction abort or -EIO if no\ntransaction abort happened.\n\nThis was recently reported by syzbot with the following trace:\n\n FAULT_INJECTION: forcing a failure.\n name failslab, interval 1, probability 0, space 0, times 1\n CPU: 0 UID: 0 PID: 5321 Comm: syz.0.0 Not tainted 6.13.0-rc5-syzkaller #0\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\n Call Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n fail_dump lib/fault-inject.c:53 [inline]\n should_fail_ex+0x3b0/0x4e0 lib/fault-inject.c:154\n should_failslab+0xac/0x100 mm/failslab.c:46\n slab_pre_alloc_hook mm/slub.c:4072 [inline]\n slab_alloc_node mm/slub.c:4148 [inline]\n __do_kmalloc_node mm/slub.c:4297 [inline]\n __kmalloc_noprof+0xdd/0x4c0 mm/slub.c:4310\n kmalloc_noprof include/linux/slab.h:905 [inline]\n kzalloc_noprof include/linux/slab.h:1037 [inline]\n btrfs_chunk_alloc_add_chunk_item+0x244/0x1100 fs/btrfs/volumes.c:5742\n reserve_chunk_space+0x1ca/0x2c0 fs/btrfs/block-group.c:4292\n check_system_chunk fs/btrfs/block-group.c:4319 [inline]\n do_chunk_alloc fs/btrfs/block-group.c:3891 [inline]\n btrfs_chunk_alloc+0x77b/0xf80 fs/btrfs/block-group.c:4187\n find_free_extent_update_loop fs/btrfs/extent-tree.c:4166 [inline]\n find_free_extent+0x42d1/0x5810 fs/btrfs/extent-tree.c:4579\n btrfs_reserve_extent+0x422/0x810 fs/btrfs/extent-tree.c:4672\n btrfs_new_extent_direct fs/btrfs/direct-io.c:186 [inline]\n btrfs_get_blocks_direct_write+0x706/0xfa0 fs/btrfs/direct-io.c:321\n btrfs_dio_iomap_begin+0xbb7/0x1180 fs/btrfs/direct-io.c:525\n iomap_iter+0x697/0xf60 fs/iomap/iter.c:90\n __iomap_dio_rw+0xeb9/0x25b0 fs/iomap/direct-io.c:702\n btrfs_dio_write fs/btrfs/direct-io.c:775 [inline]\n btrfs_direct_write+0x610/0xa30 fs/btrfs/direct-io.c:880\n btrfs_do_write_iter+0x2a0/0x760 fs/btrfs/file.c:1397\n do_iter_readv_writev+0x600/0x880\n vfs_writev+0x376/0xba0 fs/read_write.c:1050\n do_pwritev fs/read_write.c:1146 [inline]\n __do_sys_pwritev2 fs/read_write.c:1204 [inline]\n __se_sys_pwritev2+0x196/0x2b0 fs/read_write.c:1195\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n RIP: 0033:0x7f1281f85d29\n RSP: 002b:00007f12819fe038 EFLAGS: 00000246 ORIG_RAX: 0000000000000148\n RAX: ffffffffffffffda RBX: 00007f1282176080 RCX: 00007f1281f85d29\n RDX: 0000000000000001 RSI: 0000000020000240 RDI: 0000000000000005\n RBP: 00007f12819fe090 R08: 0000000000000000 R09: 0000000000000003\n R10: 0000000000007000 R11: 0000000000000246 R12: 0000000000000002\n R13: 0000000000000000 R14: 00007f1282176080 R15: 00007ffcb9e23328\n \u003c/TASK\u003e\n BTRFS error (device loop0 state A): Transaction aborted (error -12)\n BTRFS: error (device loop0 state A\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21754",
"url": "https://www.suse.com/security/cve/CVE-2025-21754"
},
{
"category": "external",
"summary": "SUSE Bug 1238496 for CVE-2025-21754",
"url": "https://bugzilla.suse.com/1238496"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-21754"
},
{
"cve": "CVE-2025-21756",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21756"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock: Keep the binding until socket destruction\n\nPreserve sockets bindings; this includes both resulting from an explicit\nbind() and those implicitly bound through autobind during connect().\n\nPrevents socket unbinding during a transport reassignment, which fixes a\nuse-after-free:\n\n 1. vsock_create() (refcnt=1) calls vsock_insert_unbound() (refcnt=2)\n 2. transport-\u003erelease() calls vsock_remove_bound() without checking if\n sk was bound and moved to bound list (refcnt=1)\n 3. vsock_bind() assumes sk is in unbound list and before\n __vsock_insert_bound(vsock_bound_sockets()) calls\n __vsock_remove_bound() which does:\n list_del_init(\u0026vsk-\u003ebound_table); // nop\n sock_put(\u0026vsk-\u003esk); // refcnt=0\n\nBUG: KASAN: slab-use-after-free in __vsock_bind+0x62e/0x730\nRead of size 4 at addr ffff88816b46a74c by task a.out/2057\n dump_stack_lvl+0x68/0x90\n print_report+0x174/0x4f6\n kasan_report+0xb9/0x190\n __vsock_bind+0x62e/0x730\n vsock_bind+0x97/0xe0\n __sys_bind+0x154/0x1f0\n __x64_sys_bind+0x6e/0xb0\n do_syscall_64+0x93/0x1b0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nAllocated by task 2057:\n kasan_save_stack+0x1e/0x40\n kasan_save_track+0x10/0x30\n __kasan_slab_alloc+0x85/0x90\n kmem_cache_alloc_noprof+0x131/0x450\n sk_prot_alloc+0x5b/0x220\n sk_alloc+0x2c/0x870\n __vsock_create.constprop.0+0x2e/0xb60\n vsock_create+0xe4/0x420\n __sock_create+0x241/0x650\n __sys_socket+0xf2/0x1a0\n __x64_sys_socket+0x6e/0xb0\n do_syscall_64+0x93/0x1b0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nFreed by task 2057:\n kasan_save_stack+0x1e/0x40\n kasan_save_track+0x10/0x30\n kasan_save_free_info+0x37/0x60\n __kasan_slab_free+0x4b/0x70\n kmem_cache_free+0x1a1/0x590\n __sk_destruct+0x388/0x5a0\n __vsock_bind+0x5e1/0x730\n vsock_bind+0x97/0xe0\n __sys_bind+0x154/0x1f0\n __x64_sys_bind+0x6e/0xb0\n do_syscall_64+0x93/0x1b0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nrefcount_t: addition on 0; use-after-free.\nWARNING: CPU: 7 PID: 2057 at lib/refcount.c:25 refcount_warn_saturate+0xce/0x150\nRIP: 0010:refcount_warn_saturate+0xce/0x150\n __vsock_bind+0x66d/0x730\n vsock_bind+0x97/0xe0\n __sys_bind+0x154/0x1f0\n __x64_sys_bind+0x6e/0xb0\n do_syscall_64+0x93/0x1b0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nrefcount_t: underflow; use-after-free.\nWARNING: CPU: 7 PID: 2057 at lib/refcount.c:28 refcount_warn_saturate+0xee/0x150\nRIP: 0010:refcount_warn_saturate+0xee/0x150\n vsock_remove_bound+0x187/0x1e0\n __vsock_release+0x383/0x4a0\n vsock_release+0x90/0x120\n __sock_release+0xa3/0x250\n sock_close+0x14/0x20\n __fput+0x359/0xa80\n task_work_run+0x107/0x1d0\n do_exit+0x847/0x2560\n do_group_exit+0xb8/0x250\n __x64_sys_exit_group+0x3a/0x50\n x64_sys_call+0xfec/0x14f0\n do_syscall_64+0x93/0x1b0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21756",
"url": "https://www.suse.com/security/cve/CVE-2025-21756"
},
{
"category": "external",
"summary": "SUSE Bug 1238876 for CVE-2025-21756",
"url": "https://bugzilla.suse.com/1238876"
},
{
"category": "external",
"summary": "SUSE Bug 1245795 for CVE-2025-21756",
"url": "https://bugzilla.suse.com/1245795"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "important"
}
],
"title": "CVE-2025-21756"
},
{
"cve": "CVE-2025-21759",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21759"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: mcast: extend RCU protection in igmp6_send()\n\nigmp6_send() can be called without RTNL or RCU being held.\n\nExtend RCU protection so that we can safely fetch the net pointer\nand avoid a potential UAF.\n\nNote that we no longer can use sock_alloc_send_skb() because\nipv6.igmp_sk uses GFP_KERNEL allocations which can sleep.\n\nInstead use alloc_skb() and charge the net-\u003eipv6.igmp_sk\nsocket under RCU protection.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21759",
"url": "https://www.suse.com/security/cve/CVE-2025-21759"
},
{
"category": "external",
"summary": "SUSE Bug 1238738 for CVE-2025-21759",
"url": "https://bugzilla.suse.com/1238738"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-21759"
},
{
"cve": "CVE-2025-21760",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21760"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nndisc: extend RCU protection in ndisc_send_skb()\n\nndisc_send_skb() can be called without RTNL or RCU held.\n\nAcquire rcu_read_lock() earlier, so that we can use dev_net_rcu()\nand avoid a potential UAF.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21760",
"url": "https://www.suse.com/security/cve/CVE-2025-21760"
},
{
"category": "external",
"summary": "SUSE Bug 1238763 for CVE-2025-21760",
"url": "https://bugzilla.suse.com/1238763"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-21760"
},
{
"cve": "CVE-2025-21761",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21761"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nopenvswitch: use RCU protection in ovs_vport_cmd_fill_info()\n\novs_vport_cmd_fill_info() can be called without RTNL or RCU.\n\nUse RCU protection and dev_net_rcu() to avoid potential UAF.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21761",
"url": "https://www.suse.com/security/cve/CVE-2025-21761"
},
{
"category": "external",
"summary": "SUSE Bug 1238775 for CVE-2025-21761",
"url": "https://bugzilla.suse.com/1238775"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-21761"
},
{
"cve": "CVE-2025-21762",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21762"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\narp: use RCU protection in arp_xmit()\n\narp_xmit() can be called without RTNL or RCU protection.\n\nUse RCU protection to avoid potential UAF.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21762",
"url": "https://www.suse.com/security/cve/CVE-2025-21762"
},
{
"category": "external",
"summary": "SUSE Bug 1238780 for CVE-2025-21762",
"url": "https://bugzilla.suse.com/1238780"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-21762"
},
{
"cve": "CVE-2025-21763",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21763"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nneighbour: use RCU protection in __neigh_notify()\n\n__neigh_notify() can be called without RTNL or RCU protection.\n\nUse RCU protection to avoid potential UAF.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21763",
"url": "https://www.suse.com/security/cve/CVE-2025-21763"
},
{
"category": "external",
"summary": "SUSE Bug 1237897 for CVE-2025-21763",
"url": "https://bugzilla.suse.com/1237897"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-21763"
},
{
"cve": "CVE-2025-21764",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21764"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nndisc: use RCU protection in ndisc_alloc_skb()\n\nndisc_alloc_skb() can be called without RTNL or RCU being held.\n\nAdd RCU protection to avoid possible UAF.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21764",
"url": "https://www.suse.com/security/cve/CVE-2025-21764"
},
{
"category": "external",
"summary": "SUSE Bug 1237885 for CVE-2025-21764",
"url": "https://bugzilla.suse.com/1237885"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-21764"
},
{
"cve": "CVE-2025-21765",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21765"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: use RCU protection in ip6_default_advmss()\n\nip6_default_advmss() needs rcu protection to make\nsure the net structure it reads does not disappear.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21765",
"url": "https://www.suse.com/security/cve/CVE-2025-21765"
},
{
"category": "external",
"summary": "SUSE Bug 1237906 for CVE-2025-21765",
"url": "https://bugzilla.suse.com/1237906"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-21765"
},
{
"cve": "CVE-2025-21766",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21766"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv4: use RCU protection in __ip_rt_update_pmtu()\n\n__ip_rt_update_pmtu() must use RCU protection to make\nsure the net structure it reads does not disappear.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21766",
"url": "https://www.suse.com/security/cve/CVE-2025-21766"
},
{
"category": "external",
"summary": "SUSE Bug 1238754 for CVE-2025-21766",
"url": "https://bugzilla.suse.com/1238754"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-21766"
},
{
"cve": "CVE-2025-21767",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21767"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nclocksource: Use migrate_disable() to avoid calling get_random_u32() in atomic context\n\nThe following bug report happened with a PREEMPT_RT kernel:\n\n BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48\n in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 2012, name: kwatchdog\n preempt_count: 1, expected: 0\n RCU nest depth: 0, expected: 0\n get_random_u32+0x4f/0x110\n clocksource_verify_choose_cpus+0xab/0x1a0\n clocksource_verify_percpu.part.0+0x6b/0x330\n clocksource_watchdog_kthread+0x193/0x1a0\n\nIt is due to the fact that clocksource_verify_choose_cpus() is invoked with\npreemption disabled. This function invokes get_random_u32() to obtain\nrandom numbers for choosing CPUs. The batched_entropy_32 local lock and/or\nthe base_crng.lock spinlock in driver/char/random.c will be acquired during\nthe call. In PREEMPT_RT kernel, they are both sleeping locks and so cannot\nbe acquired in atomic context.\n\nFix this problem by using migrate_disable() to allow smp_processor_id() to\nbe reliably used without introducing atomic context. preempt_disable() is\nthen called after clocksource_verify_choose_cpus() but before the\nclocksource measurement is being run to avoid introducing unexpected\nlatency.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21767",
"url": "https://www.suse.com/security/cve/CVE-2025-21767"
},
{
"category": "external",
"summary": "SUSE Bug 1238509 for CVE-2025-21767",
"url": "https://bugzilla.suse.com/1238509"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-21767"
},
{
"cve": "CVE-2025-21772",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21772"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npartitions: mac: fix handling of bogus partition table\n\nFix several issues in partition probing:\n\n - The bailout for a bad partoffset must use put_dev_sector(), since the\n preceding read_part_sector() succeeded.\n - If the partition table claims a silly sector size like 0xfff bytes\n (which results in partition table entries straddling sector boundaries),\n bail out instead of accessing out-of-bounds memory.\n - We must not assume that the partition table contains proper NUL\n termination - use strnlen() and strncmp() instead of strlen() and\n strcmp().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21772",
"url": "https://www.suse.com/security/cve/CVE-2025-21772"
},
{
"category": "external",
"summary": "SUSE Bug 1238911 for CVE-2025-21772",
"url": "https://bugzilla.suse.com/1238911"
},
{
"category": "external",
"summary": "SUSE Bug 1238912 for CVE-2025-21772",
"url": "https://bugzilla.suse.com/1238912"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "important"
}
],
"title": "CVE-2025-21772"
},
{
"cve": "CVE-2025-21773",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21773"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: etas_es58x: fix potential NULL pointer dereference on udev-\u003eserial\n\nThe driver assumed that es58x_dev-\u003eudev-\u003eserial could never be NULL.\nWhile this is true on commercially available devices, an attacker\ncould spoof the device identity providing a NULL USB serial number.\nThat would trigger a NULL pointer dereference.\n\nAdd a check on es58x_dev-\u003eudev-\u003eserial before accessing it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21773",
"url": "https://www.suse.com/security/cve/CVE-2025-21773"
},
{
"category": "external",
"summary": "SUSE Bug 1238762 for CVE-2025-21773",
"url": "https://bugzilla.suse.com/1238762"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-21773"
},
{
"cve": "CVE-2025-21775",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21775"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: ctucanfd: handle skb allocation failure\n\nIf skb allocation fails, the pointer to struct can_frame is NULL. This\nis actually handled everywhere inside ctucan_err_interrupt() except for\nthe only place.\n\nAdd the missed NULL check.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE static\nanalysis tool.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21775",
"url": "https://www.suse.com/security/cve/CVE-2025-21775"
},
{
"category": "external",
"summary": "SUSE Bug 1238501 for CVE-2025-21775",
"url": "https://bugzilla.suse.com/1238501"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-21775"
},
{
"cve": "CVE-2025-21776",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21776"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: hub: Ignore non-compliant devices with too many configs or interfaces\n\nRobert Morris created a test program which can cause\nusb_hub_to_struct_hub() to dereference a NULL or inappropriate\npointer:\n\nOops: general protection fault, probably for non-canonical address\n0xcccccccccccccccc: 0000 [#1] SMP DEBUG_PAGEALLOC PTI\nCPU: 7 UID: 0 PID: 117 Comm: kworker/7:1 Not tainted 6.13.0-rc3-00017-gf44d154d6e3d #14\nHardware name: FreeBSD BHYVE/BHYVE, BIOS 14.0 10/17/2021\nWorkqueue: usb_hub_wq hub_event\nRIP: 0010:usb_hub_adjust_deviceremovable+0x78/0x110\n...\nCall Trace:\n \u003cTASK\u003e\n ? die_addr+0x31/0x80\n ? exc_general_protection+0x1b4/0x3c0\n ? asm_exc_general_protection+0x26/0x30\n ? usb_hub_adjust_deviceremovable+0x78/0x110\n hub_probe+0x7c7/0xab0\n usb_probe_interface+0x14b/0x350\n really_probe+0xd0/0x2d0\n ? __pfx___device_attach_driver+0x10/0x10\n __driver_probe_device+0x6e/0x110\n driver_probe_device+0x1a/0x90\n __device_attach_driver+0x7e/0xc0\n bus_for_each_drv+0x7f/0xd0\n __device_attach+0xaa/0x1a0\n bus_probe_device+0x8b/0xa0\n device_add+0x62e/0x810\n usb_set_configuration+0x65d/0x990\n usb_generic_driver_probe+0x4b/0x70\n usb_probe_device+0x36/0xd0\n\nThe cause of this error is that the device has two interfaces, and the\nhub driver binds to interface 1 instead of interface 0, which is where\nusb_hub_to_struct_hub() looks.\n\nWe can prevent the problem from occurring by refusing to accept hub\ndevices that violate the USB spec by having more than one\nconfiguration or interface.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21776",
"url": "https://www.suse.com/security/cve/CVE-2025-21776"
},
{
"category": "external",
"summary": "SUSE Bug 1238909 for CVE-2025-21776",
"url": "https://bugzilla.suse.com/1238909"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-21776"
},
{
"cve": "CVE-2025-21779",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21779"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: x86: Reject Hyper-V\u0027s SEND_IPI hypercalls if local APIC isn\u0027t in-kernel\n\nAdvertise support for Hyper-V\u0027s SEND_IPI and SEND_IPI_EX hypercalls if and\nonly if the local API is emulated/virtualized by KVM, and explicitly reject\nsaid hypercalls if the local APIC is emulated in userspace, i.e. don\u0027t rely\non userspace to opt-in to KVM_CAP_HYPERV_ENFORCE_CPUID.\n\nRejecting SEND_IPI and SEND_IPI_EX fixes a NULL-pointer dereference if\nHyper-V enlightenments are exposed to the guest without an in-kernel local\nAPIC:\n\n dump_stack+0xbe/0xfd\n __kasan_report.cold+0x34/0x84\n kasan_report+0x3a/0x50\n __apic_accept_irq+0x3a/0x5c0\n kvm_hv_send_ipi.isra.0+0x34e/0x820\n kvm_hv_hypercall+0x8d9/0x9d0\n kvm_emulate_hypercall+0x506/0x7e0\n __vmx_handle_exit+0x283/0xb60\n vmx_handle_exit+0x1d/0xd0\n vcpu_enter_guest+0x16b0/0x24c0\n vcpu_run+0xc0/0x550\n kvm_arch_vcpu_ioctl_run+0x170/0x6d0\n kvm_vcpu_ioctl+0x413/0xb20\n __se_sys_ioctl+0x111/0x160\n do_syscal1_64+0x30/0x40\n entry_SYSCALL_64_after_hwframe+0x67/0xd1\n\nNote, checking the sending vCPU is sufficient, as the per-VM irqchip_mode\ncan\u0027t be modified after vCPUs are created, i.e. if one vCPU has an\nin-kernel local APIC, then all vCPUs have an in-kernel local APIC.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21779",
"url": "https://www.suse.com/security/cve/CVE-2025-21779"
},
{
"category": "external",
"summary": "SUSE Bug 1238768 for CVE-2025-21779",
"url": "https://bugzilla.suse.com/1238768"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-21779"
},
{
"cve": "CVE-2025-21780",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21780"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table()\n\nIt malicious user provides a small pptable through sysfs and then\na bigger pptable, it may cause buffer overflow attack in function\nsmu_sys_set_pp_table().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21780",
"url": "https://www.suse.com/security/cve/CVE-2025-21780"
},
{
"category": "external",
"summary": "SUSE Bug 1239115 for CVE-2025-21780",
"url": "https://bugzilla.suse.com/1239115"
},
{
"category": "external",
"summary": "SUSE Bug 1239116 for CVE-2025-21780",
"url": "https://bugzilla.suse.com/1239116"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "important"
}
],
"title": "CVE-2025-21780"
},
{
"cve": "CVE-2025-21781",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21781"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbatman-adv: fix panic during interface removal\n\nReference counting is used to ensure that\nbatadv_hardif_neigh_node and batadv_hard_iface\nare not freed before/during\nbatadv_v_elp_throughput_metric_update work is\nfinished.\n\nBut there isn\u0027t a guarantee that the hard if will\nremain associated with a soft interface up until\nthe work is finished.\n\nThis fixes a crash triggered by reboot that looks\nlike this:\n\nCall trace:\n batadv_v_mesh_free+0xd0/0x4dc [batman_adv]\n batadv_v_elp_throughput_metric_update+0x1c/0xa4\n process_one_work+0x178/0x398\n worker_thread+0x2e8/0x4d0\n kthread+0xd8/0xdc\n ret_from_fork+0x10/0x20\n\n(the batadv_v_mesh_free call is misleading,\nand does not actually happen)\n\nI was able to make the issue happen more reliably\nby changing hardif_neigh-\u003ebat_v.metric_work work\nto be delayed work. This allowed me to track down\nand confirm the fix.\n\n[sven@narfation.org: prevent entering batadv_v_elp_get_throughput without\n soft_iface]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21781",
"url": "https://www.suse.com/security/cve/CVE-2025-21781"
},
{
"category": "external",
"summary": "SUSE Bug 1238735 for CVE-2025-21781",
"url": "https://bugzilla.suse.com/1238735"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-21781"
},
{
"cve": "CVE-2025-21782",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21782"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\norangefs: fix a oob in orangefs_debug_write\n\nI got a syzbot report: slab-out-of-bounds Read in\norangefs_debug_write... several people suggested fixes,\nI tested Al Viro\u0027s suggestion and made this patch.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21782",
"url": "https://www.suse.com/security/cve/CVE-2025-21782"
},
{
"category": "external",
"summary": "SUSE Bug 1239117 for CVE-2025-21782",
"url": "https://bugzilla.suse.com/1239117"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-21782"
},
{
"cve": "CVE-2025-21784",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21784"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: bail out when failed to load fw in psp_init_cap_microcode()\n\nIn function psp_init_cap_microcode(), it should bail out when failed to\nload firmware, otherwise it may cause invalid memory access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21784",
"url": "https://www.suse.com/security/cve/CVE-2025-21784"
},
{
"category": "external",
"summary": "SUSE Bug 1238510 for CVE-2025-21784",
"url": "https://bugzilla.suse.com/1238510"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-21784"
},
{
"cve": "CVE-2025-21785",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21785"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array\n\nThe loop that detects/populates cache information already has a bounds\ncheck on the array size but does not account for cache levels with\nseparate data/instructions cache. Fix this by incrementing the index\nfor any populated leaf (instead of any populated level).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21785",
"url": "https://www.suse.com/security/cve/CVE-2025-21785"
},
{
"category": "external",
"summary": "SUSE Bug 1238747 for CVE-2025-21785",
"url": "https://bugzilla.suse.com/1238747"
},
{
"category": "external",
"summary": "SUSE Bug 1240745 for CVE-2025-21785",
"url": "https://bugzilla.suse.com/1240745"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "important"
}
],
"title": "CVE-2025-21785"
},
{
"cve": "CVE-2025-21790",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21790"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvxlan: check vxlan_vnigroup_init() return value\n\nvxlan_init() must check vxlan_vnigroup_init() success\notherwise a crash happens later, spotted by syzbot.\n\nOops: general protection fault, probably for non-canonical address 0xdffffc000000002c: 0000 [#1] PREEMPT SMP KASAN NOPTI\nKASAN: null-ptr-deref in range [0x0000000000000160-0x0000000000000167]\nCPU: 0 UID: 0 PID: 7313 Comm: syz-executor147 Not tainted 6.14.0-rc1-syzkaller-00276-g69b54314c975 #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\n RIP: 0010:vxlan_vnigroup_uninit+0x89/0x500 drivers/net/vxlan/vxlan_vnifilter.c:912\nCode: 00 48 8b 44 24 08 4c 8b b0 98 41 00 00 49 8d 86 60 01 00 00 48 89 c2 48 89 44 24 10 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 \u003c80\u003e 3c 02 00 0f 85 4d 04 00 00 49 8b 86 60 01 00 00 48 ba 00 00 00\nRSP: 0018:ffffc9000cc1eea8 EFLAGS: 00010202\nRAX: dffffc0000000000 RBX: 0000000000000001 RCX: ffffffff8672effb\nRDX: 000000000000002c RSI: ffffffff8672ecb9 RDI: ffff8880461b4f18\nRBP: ffff8880461b4ef4 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000000000001 R11: 0000000000000000 R12: 0000000000020000\nR13: ffff8880461b0d80 R14: 0000000000000000 R15: dffffc0000000000\nFS: 00007fecfa95d6c0(0000) GS:ffff88806a600000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007fecfa95cfb8 CR3: 000000004472c000 CR4: 0000000000352ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n vxlan_uninit+0x1ab/0x200 drivers/net/vxlan/vxlan_core.c:2942\n unregister_netdevice_many_notify+0x12d6/0x1f30 net/core/dev.c:11824\n unregister_netdevice_many net/core/dev.c:11866 [inline]\n unregister_netdevice_queue+0x307/0x3f0 net/core/dev.c:11736\n register_netdevice+0x1829/0x1eb0 net/core/dev.c:10901\n __vxlan_dev_create+0x7c6/0xa30 drivers/net/vxlan/vxlan_core.c:3981\n vxlan_newlink+0xd1/0x130 drivers/net/vxlan/vxlan_core.c:4407\n rtnl_newlink_create net/core/rtnetlink.c:3795 [inline]\n __rtnl_newlink net/core/rtnetlink.c:3906 [inline]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21790",
"url": "https://www.suse.com/security/cve/CVE-2025-21790"
},
{
"category": "external",
"summary": "SUSE Bug 1238753 for CVE-2025-21790",
"url": "https://bugzilla.suse.com/1238753"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-21790"
},
{
"cve": "CVE-2025-21791",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21791"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvrf: use RCU protection in l3mdev_l3_out()\n\nl3mdev_l3_out() can be called without RCU being held:\n\nraw_sendmsg()\n ip_push_pending_frames()\n ip_send_skb()\n ip_local_out()\n __ip_local_out()\n l3mdev_ip_out()\n\nAdd rcu_read_lock() / rcu_read_unlock() pair to avoid\na potential UAF.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21791",
"url": "https://www.suse.com/security/cve/CVE-2025-21791"
},
{
"category": "external",
"summary": "SUSE Bug 1238512 for CVE-2025-21791",
"url": "https://bugzilla.suse.com/1238512"
},
{
"category": "external",
"summary": "SUSE Bug 1240744 for CVE-2025-21791",
"url": "https://bugzilla.suse.com/1240744"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "important"
}
],
"title": "CVE-2025-21791"
},
{
"cve": "CVE-2025-21793",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21793"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: sn-f-ospi: Fix division by zero\n\nWhen there is no dummy cycle in the spi-nor commands, both dummy bus cycle\nbytes and width are zero. Because of the cpu\u0027s warning when divided by\nzero, the warning should be avoided. Return just zero to avoid such\ncalculations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21793",
"url": "https://www.suse.com/security/cve/CVE-2025-21793"
},
{
"category": "external",
"summary": "SUSE Bug 1238500 for CVE-2025-21793",
"url": "https://bugzilla.suse.com/1238500"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-21793"
},
{
"cve": "CVE-2025-21794",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21794"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: hid-thrustmaster: fix stack-out-of-bounds read in usb_check_int_endpoints()\n\nSyzbot[1] has detected a stack-out-of-bounds read of the ep_addr array from\nhid-thrustmaster driver. This array is passed to usb_check_int_endpoints\nfunction from usb.c core driver, which executes a for loop that iterates\nover the elements of the passed array. Not finding a null element at the end of\nthe array, it tries to read the next, non-existent element, crashing the kernel.\n\nTo fix this, a 0 element was added at the end of the array to break the for\nloop.\n\n[1] https://syzkaller.appspot.com/bug?extid=9c9179ac46169c56c1ad",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21794",
"url": "https://www.suse.com/security/cve/CVE-2025-21794"
},
{
"category": "external",
"summary": "SUSE Bug 1238502 for CVE-2025-21794",
"url": "https://bugzilla.suse.com/1238502"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-21794"
},
{
"cve": "CVE-2025-21795",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21795"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSD: fix hang in nfsd4_shutdown_callback\n\nIf nfs4_client is in courtesy state then there is no point to send\nthe callback. This causes nfsd4_shutdown_callback to hang since\ncl_cb_inflight is not 0. This hang lasts about 15 minutes until TCP\nnotifies NFSD that the connection was dropped.\n\nThis patch modifies nfsd4_run_cb_work to skip the RPC call if\nnfs4_client is in courtesy state.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21795",
"url": "https://www.suse.com/security/cve/CVE-2025-21795"
},
{
"category": "external",
"summary": "SUSE Bug 1238759 for CVE-2025-21795",
"url": "https://bugzilla.suse.com/1238759"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-21795"
},
{
"cve": "CVE-2025-21796",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21796"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: clear acl_access/acl_default after releasing them\n\nIf getting acl_default fails, acl_access and acl_default will be released\nsimultaneously. However, acl_access will still retain a pointer pointing\nto the released posix_acl, which will trigger a WARNING in\nnfs3svc_release_getacl like this:\n\n------------[ cut here ]------------\nrefcount_t: underflow; use-after-free.\nWARNING: CPU: 26 PID: 3199 at lib/refcount.c:28\nrefcount_warn_saturate+0xb5/0x170\nModules linked in:\nCPU: 26 UID: 0 PID: 3199 Comm: nfsd Not tainted\n6.12.0-rc6-00079-g04ae226af01f-dirty #8\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS\n1.16.1-2.fc37 04/01/2014\nRIP: 0010:refcount_warn_saturate+0xb5/0x170\nCode: cc cc 0f b6 1d b3 20 a5 03 80 fb 01 0f 87 65 48 d8 00 83 e3 01 75\ne4 48 c7 c7 c0 3b 9b 85 c6 05 97 20 a5 03 01 e8 fb 3e 30 ff \u003c0f\u003e 0b eb\ncd 0f b6 1d 8a3\nRSP: 0018:ffffc90008637cd8 EFLAGS: 00010282\nRAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff83904fde\nRDX: dffffc0000000000 RSI: 0000000000000008 RDI: ffff88871ed36380\nRBP: ffff888158beeb40 R08: 0000000000000001 R09: fffff520010c6f56\nR10: ffffc90008637ab7 R11: 0000000000000001 R12: 0000000000000001\nR13: ffff888140e77400 R14: ffff888140e77408 R15: ffffffff858b42c0\nFS: 0000000000000000(0000) GS:ffff88871ed00000(0000)\nknlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000562384d32158 CR3: 000000055cc6a000 CR4: 00000000000006f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n ? refcount_warn_saturate+0xb5/0x170\n ? __warn+0xa5/0x140\n ? refcount_warn_saturate+0xb5/0x170\n ? report_bug+0x1b1/0x1e0\n ? handle_bug+0x53/0xa0\n ? exc_invalid_op+0x17/0x40\n ? asm_exc_invalid_op+0x1a/0x20\n ? tick_nohz_tick_stopped+0x1e/0x40\n ? refcount_warn_saturate+0xb5/0x170\n ? refcount_warn_saturate+0xb5/0x170\n nfs3svc_release_getacl+0xc9/0xe0\n svc_process_common+0x5db/0xb60\n ? __pfx_svc_process_common+0x10/0x10\n ? __rcu_read_unlock+0x69/0xa0\n ? __pfx_nfsd_dispatch+0x10/0x10\n ? svc_xprt_received+0xa1/0x120\n ? xdr_init_decode+0x11d/0x190\n svc_process+0x2a7/0x330\n svc_handle_xprt+0x69d/0x940\n svc_recv+0x180/0x2d0\n nfsd+0x168/0x200\n ? __pfx_nfsd+0x10/0x10\n kthread+0x1a2/0x1e0\n ? kthread+0xf4/0x1e0\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x34/0x60\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\nKernel panic - not syncing: kernel: panic_on_warn set ...\n\nClear acl_access/acl_default after posix_acl_release is called to prevent\nUAF from being triggered.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21796",
"url": "https://www.suse.com/security/cve/CVE-2025-21796"
},
{
"category": "external",
"summary": "SUSE Bug 1238716 for CVE-2025-21796",
"url": "https://bugzilla.suse.com/1238716"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-21796"
},
{
"cve": "CVE-2025-21799",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21799"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ethernet: ti: am65-cpsw: fix freeing IRQ in am65_cpsw_nuss_remove_tx_chns()\n\nWhen getting the IRQ we use k3_udma_glue_tx_get_irq() which returns\nnegative error value on error. So not NULL check is not sufficient\nto deteremine if IRQ is valid. Check that IRQ is greater then zero\nto ensure it is valid.\n\nThere is no issue at probe time but at runtime user can invoke\n.set_channels which results in the following call chain.\nam65_cpsw_set_channels()\n am65_cpsw_nuss_update_tx_rx_chns()\n am65_cpsw_nuss_remove_tx_chns()\n am65_cpsw_nuss_init_tx_chns()\n\nAt this point if am65_cpsw_nuss_init_tx_chns() fails due to\nk3_udma_glue_tx_get_irq() then tx_chn-\u003eirq will be set to a\nnegative value.\n\nThen, at subsequent .set_channels with higher channel count we\nwill attempt to free an invalid IRQ in am65_cpsw_nuss_remove_tx_chns()\nleading to a kernel warning.\n\nThe issue is present in the original commit that introduced this driver,\nalthough there, am65_cpsw_nuss_update_tx_rx_chns() existed as\nam65_cpsw_nuss_update_tx_chns().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21799",
"url": "https://www.suse.com/security/cve/CVE-2025-21799"
},
{
"category": "external",
"summary": "SUSE Bug 1238739 for CVE-2025-21799",
"url": "https://bugzilla.suse.com/1238739"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-21799"
},
{
"cve": "CVE-2025-21802",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21802"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hns3: fix oops when unload drivers paralleling\n\nWhen unload hclge driver, it tries to disable sriov first for each\nae_dev node from hnae3_ae_dev_list. If user unloads hns3 driver at\nthe time, because it removes all the ae_dev nodes, and it may cause\noops.\n\nBut we can\u0027t simply use hnae3_common_lock for this. Because in the\nprocess flow of pci_disable_sriov(), it will trigger the remove flow\nof VF, which will also take hnae3_common_lock.\n\nTo fixes it, introduce a new mutex to protect the unload process.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21802",
"url": "https://www.suse.com/security/cve/CVE-2025-21802"
},
{
"category": "external",
"summary": "SUSE Bug 1238751 for CVE-2025-21802",
"url": "https://bugzilla.suse.com/1238751"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-21802"
},
{
"cve": "CVE-2025-21804",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21804"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: rcar-ep: Fix incorrect variable used when calling devm_request_mem_region()\n\nThe rcar_pcie_parse_outbound_ranges() uses the devm_request_mem_region()\nmacro to request a needed resource. A string variable that lives on the\nstack is then used to store a dynamically computed resource name, which\nis then passed on as one of the macro arguments. This can lead to\nundefined behavior.\n\nDepending on the current contents of the memory, the manifestations of\nerrors may vary. One possible output may be as follows:\n\n $ cat /proc/iomem\n 30000000-37ffffff :\n 38000000-3fffffff :\n\nSometimes, garbage may appear after the colon.\n\nIn very rare cases, if no NULL-terminator is found in memory, the system\nmight crash because the string iterator will overrun which can lead to\naccess of unmapped memory above the stack.\n\nThus, fix this by replacing outbound_name with the name of the previously\nrequested resource. With the changes applied, the output will be as\nfollows:\n\n $ cat /proc/iomem\n 30000000-37ffffff : memory2\n 38000000-3fffffff : memory3\n\n[kwilczynski: commit log]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21804",
"url": "https://www.suse.com/security/cve/CVE-2025-21804"
},
{
"category": "external",
"summary": "SUSE Bug 1238736 for CVE-2025-21804",
"url": "https://bugzilla.suse.com/1238736"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-21804"
},
{
"cve": "CVE-2025-21810",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21810"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndriver core: class: Fix wild pointer dereferences in API class_dev_iter_next()\n\nThere are a potential wild pointer dereferences issue regarding APIs\nclass_dev_iter_(init|next|exit)(), as explained by below typical usage:\n\n// All members of @iter are wild pointers.\nstruct class_dev_iter iter;\n\n// class_dev_iter_init(@iter, @class, ...) checks parameter @class for\n// potential class_to_subsys() error, and it returns void type and does\n// not initialize its output parameter @iter, so caller can not detect\n// the error and continues to invoke class_dev_iter_next(@iter) even if\n// @iter still contains wild pointers.\nclass_dev_iter_init(\u0026iter, ...);\n\n// Dereference these wild pointers in @iter here once suffer the error.\nwhile (dev = class_dev_iter_next(\u0026iter)) { ... };\n\n// Also dereference these wild pointers here.\nclass_dev_iter_exit(\u0026iter);\n\nActually, all callers of these APIs have such usage pattern in kernel tree.\nFix by:\n- Initialize output parameter @iter by memset() in class_dev_iter_init()\n and give callers prompt by pr_crit() for the error.\n- Check if @iter is valid in class_dev_iter_next().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21810",
"url": "https://www.suse.com/security/cve/CVE-2025-21810"
},
{
"category": "external",
"summary": "SUSE Bug 1238757 for CVE-2025-21810",
"url": "https://bugzilla.suse.com/1238757"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-21810"
},
{
"cve": "CVE-2025-21815",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21815"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/compaction: fix UBSAN shift-out-of-bounds warning\n\nsyzkaller reported a UBSAN shift-out-of-bounds warning of (1UL \u003c\u003c order)\nin isolate_freepages_block(). The bogus compound_order can be any value\nbecause it is union with flags. Add back the MAX_PAGE_ORDER check to fix\nthe warning.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21815",
"url": "https://www.suse.com/security/cve/CVE-2025-21815"
},
{
"category": "external",
"summary": "SUSE Bug 1238474 for CVE-2025-21815",
"url": "https://bugzilla.suse.com/1238474"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-21815"
},
{
"cve": "CVE-2025-21819",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21819"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRevert \"drm/amd/display: Use HW lock mgr for PSR1\"\n\nThis reverts commit\na2b5a9956269 (\"drm/amd/display: Use HW lock mgr for PSR1\")\n\nBecause it may cause system hang while connect with two edp panel.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21819",
"url": "https://www.suse.com/security/cve/CVE-2025-21819"
},
{
"category": "external",
"summary": "SUSE Bug 1238994 for CVE-2025-21819",
"url": "https://bugzilla.suse.com/1238994"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-21819"
},
{
"cve": "CVE-2025-21820",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21820"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: xilinx_uartps: split sysrq handling\n\nlockdep detects the following circular locking dependency:\n\nCPU 0 CPU 1\n========================== ============================\ncdns_uart_isr() printk()\n uart_port_lock(port) console_lock()\n\t\t\t cdns_uart_console_write()\n if (!port-\u003esysrq)\n uart_port_lock(port)\n uart_handle_break()\n port-\u003esysrq = ...\n uart_handle_sysrq_char()\n printk()\n console_lock()\n\nThe fixed commit attempts to avoid this situation by only taking the\nport lock in cdns_uart_console_write if port-\u003esysrq unset. However, if\n(as shown above) cdns_uart_console_write runs before port-\u003esysrq is set,\nthen it will try to take the port lock anyway. This may result in a\ndeadlock.\n\nFix this by splitting sysrq handling into two parts. We use the prepare\nhelper under the port lock and defer handling until we release the lock.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21820",
"url": "https://www.suse.com/security/cve/CVE-2025-21820"
},
{
"category": "external",
"summary": "SUSE Bug 1238479 for CVE-2025-21820",
"url": "https://bugzilla.suse.com/1238479"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-21820"
},
{
"cve": "CVE-2025-21821",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21821"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: omap: use threaded IRQ for LCD DMA\n\nWhen using touchscreen and framebuffer, Nokia 770 crashes easily with:\n\n BUG: scheduling while atomic: irq/144-ads7846/82/0x00010000\n Modules linked in: usb_f_ecm g_ether usb_f_rndis u_ether libcomposite configfs omap_udc ohci_omap ohci_hcd\n CPU: 0 UID: 0 PID: 82 Comm: irq/144-ads7846 Not tainted 6.12.7-770 #2\n Hardware name: Nokia 770\n Call trace:\n unwind_backtrace from show_stack+0x10/0x14\n show_stack from dump_stack_lvl+0x54/0x5c\n dump_stack_lvl from __schedule_bug+0x50/0x70\n __schedule_bug from __schedule+0x4d4/0x5bc\n __schedule from schedule+0x34/0xa0\n schedule from schedule_preempt_disabled+0xc/0x10\n schedule_preempt_disabled from __mutex_lock.constprop.0+0x218/0x3b4\n __mutex_lock.constprop.0 from clk_prepare_lock+0x38/0xe4\n clk_prepare_lock from clk_set_rate+0x18/0x154\n clk_set_rate from sossi_read_data+0x4c/0x168\n sossi_read_data from hwa742_read_reg+0x5c/0x8c\n hwa742_read_reg from send_frame_handler+0xfc/0x300\n send_frame_handler from process_pending_requests+0x74/0xd0\n process_pending_requests from lcd_dma_irq_handler+0x50/0x74\n lcd_dma_irq_handler from __handle_irq_event_percpu+0x44/0x130\n __handle_irq_event_percpu from handle_irq_event+0x28/0x68\n handle_irq_event from handle_level_irq+0x9c/0x170\n handle_level_irq from generic_handle_domain_irq+0x2c/0x3c\n generic_handle_domain_irq from omap1_handle_irq+0x40/0x8c\n omap1_handle_irq from generic_handle_arch_irq+0x28/0x3c\n generic_handle_arch_irq from call_with_stack+0x1c/0x24\n call_with_stack from __irq_svc+0x94/0xa8\n Exception stack(0xc5255da0 to 0xc5255de8)\n 5da0: 00000001 c22fc620 00000000 00000000 c08384a8 c106fc00 00000000 c240c248\n 5dc0: c113a600 c3f6ec30 00000001 00000000 c22fc620 c5255df0 c22fc620 c0279a94\n 5de0: 60000013 ffffffff\n __irq_svc from clk_prepare_lock+0x4c/0xe4\n clk_prepare_lock from clk_get_rate+0x10/0x74\n clk_get_rate from uwire_setup_transfer+0x40/0x180\n uwire_setup_transfer from spi_bitbang_transfer_one+0x2c/0x9c\n spi_bitbang_transfer_one from spi_transfer_one_message+0x2d0/0x664\n spi_transfer_one_message from __spi_pump_transfer_message+0x29c/0x498\n __spi_pump_transfer_message from __spi_sync+0x1f8/0x2e8\n __spi_sync from spi_sync+0x24/0x40\n spi_sync from ads7846_halfd_read_state+0x5c/0x1c0\n ads7846_halfd_read_state from ads7846_irq+0x58/0x348\n ads7846_irq from irq_thread_fn+0x1c/0x78\n irq_thread_fn from irq_thread+0x120/0x228\n irq_thread from kthread+0xc8/0xe8\n kthread from ret_from_fork+0x14/0x28\n\nAs a quick fix, switch to a threaded IRQ which provides a stable system.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21821",
"url": "https://www.suse.com/security/cve/CVE-2025-21821"
},
{
"category": "external",
"summary": "SUSE Bug 1239174 for CVE-2025-21821",
"url": "https://bugzilla.suse.com/1239174"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-21821"
},
{
"cve": "CVE-2025-21823",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21823"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbatman-adv: Drop unmanaged ELP metric worker\n\nThe ELP worker needs to calculate new metric values for all neighbors\n\"reachable\" over an interface. Some of the used metric sources require\nlocks which might need to sleep. This sleep is incompatible with the RCU\nlist iterator used for the recorded neighbors. The initial approach to work\naround of this problem was to queue another work item per neighbor and then\nrun this in a new context.\n\nEven when this solved the RCU vs might_sleep() conflict, it has a major\nproblems: Nothing was stopping the work item in case it is not needed\nanymore - for example because one of the related interfaces was removed or\nthe batman-adv module was unloaded - resulting in potential invalid memory\naccesses.\n\nDirectly canceling the metric worker also has various problems:\n\n* cancel_work_sync for a to-be-deactivated interface is called with\n rtnl_lock held. But the code in the ELP metric worker also tries to use\n rtnl_lock() - which will never return in this case. This also means that\n cancel_work_sync would never return because it is waiting for the worker\n to finish.\n* iterating over the neighbor list for the to-be-deactivated interface is\n currently done using the RCU specific methods. Which means that it is\n possible to miss items when iterating over it without the associated\n spinlock - a behaviour which is acceptable for a periodic metric check\n but not for a cleanup routine (which must \"stop\" all still running\n workers)\n\nThe better approch is to get rid of the per interface neighbor metric\nworker and handle everything in the interface worker. The original problems\nare solved by:\n\n* creating a list of neighbors which require new metric information inside\n the RCU protected context, gathering the metric according to the new list\n outside the RCU protected context\n* only use rcu_trylock inside metric gathering code to avoid a deadlock\n when the cancel_delayed_work_sync is called in the interface removal code\n (which is called with the rtnl_lock held)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21823",
"url": "https://www.suse.com/security/cve/CVE-2025-21823"
},
{
"category": "external",
"summary": "SUSE Bug 1238475 for CVE-2025-21823",
"url": "https://bugzilla.suse.com/1238475"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-21823"
},
{
"cve": "CVE-2025-21825",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21825"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Cancel the running bpf_timer through kworker for PREEMPT_RT\n\nDuring the update procedure, when overwrite element in a pre-allocated\nhtab, the freeing of old_element is protected by the bucket lock. The\nreason why the bucket lock is necessary is that the old_element has\nalready been stashed in htab-\u003eextra_elems after alloc_htab_elem()\nreturns. If freeing the old_element after the bucket lock is unlocked,\nthe stashed element may be reused by concurrent update procedure and the\nfreeing of old_element will run concurrently with the reuse of the\nold_element. However, the invocation of check_and_free_fields() may\nacquire a spin-lock which violates the lockdep rule because its caller\nhas already held a raw-spin-lock (bucket lock). The following warning\nwill be reported when such race happens:\n\n BUG: scheduling while atomic: test_progs/676/0x00000003\n 3 locks held by test_progs/676:\n #0: ffffffff864b0240 (rcu_read_lock_trace){....}-{0:0}, at: bpf_prog_test_run_syscall+0x2c0/0x830\n #1: ffff88810e961188 (\u0026htab-\u003elockdep_key){....}-{2:2}, at: htab_map_update_elem+0x306/0x1500\n #2: ffff8881f4eac1b8 (\u0026base-\u003esoftirq_expiry_lock){....}-{2:2}, at: hrtimer_cancel_wait_running+0xe9/0x1b0\n Modules linked in: bpf_testmod(O)\n Preemption disabled at:\n [\u003cffffffff817837a3\u003e] htab_map_update_elem+0x293/0x1500\n CPU: 0 UID: 0 PID: 676 Comm: test_progs Tainted: G ... 6.12.0+ #11\n Tainted: [W]=WARN, [O]=OOT_MODULE\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996)...\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x57/0x70\n dump_stack+0x10/0x20\n __schedule_bug+0x120/0x170\n __schedule+0x300c/0x4800\n schedule_rtlock+0x37/0x60\n rtlock_slowlock_locked+0x6d9/0x54c0\n rt_spin_lock+0x168/0x230\n hrtimer_cancel_wait_running+0xe9/0x1b0\n hrtimer_cancel+0x24/0x30\n bpf_timer_delete_work+0x1d/0x40\n bpf_timer_cancel_and_free+0x5e/0x80\n bpf_obj_free_fields+0x262/0x4a0\n check_and_free_fields+0x1d0/0x280\n htab_map_update_elem+0x7fc/0x1500\n bpf_prog_9f90bc20768e0cb9_overwrite_cb+0x3f/0x43\n bpf_prog_ea601c4649694dbd_overwrite_timer+0x5d/0x7e\n bpf_prog_test_run_syscall+0x322/0x830\n __sys_bpf+0x135d/0x3ca0\n __x64_sys_bpf+0x75/0xb0\n x64_sys_call+0x1b5/0xa10\n do_syscall_64+0x3b/0xc0\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\n ...\n \u003c/TASK\u003e\n\nIt seems feasible to break the reuse and refill of per-cpu extra_elems\ninto two independent parts: reuse the per-cpu extra_elems with bucket\nlock being held and refill the old_element as per-cpu extra_elems after\nthe bucket lock is unlocked. However, it will make the concurrent\noverwrite procedures on the same CPU return unexpected -E2BIG error when\nthe map is full.\n\nTherefore, the patch fixes the lock problem by breaking the cancelling\nof bpf_timer into two steps for PREEMPT_RT:\n1) use hrtimer_try_to_cancel() and check its return value\n2) if the timer is running, use hrtimer_cancel() through a kworker to\n cancel it again\nConsidering that the current implementation of hrtimer_cancel() will try\nto acquire a being held softirq_expiry_lock when the current timer is\nrunning, these steps above are reasonable. However, it also has\ndownside. When the timer is running, the cancelling of the timer is\ndelayed when releasing the last map uref. The delay is also fixable\n(e.g., break the cancelling of bpf timer into two parts: one part in\nlocked scope, another one in unlocked scope), it can be revised later if\nnecessary.\n\nIt is a bit hard to decide the right fix tag. One reason is that the\nproblem depends on PREEMPT_RT which is enabled in v6.12. Considering the\nsoftirq_expiry_lock lock exists since v5.4 and bpf_timer is introduced\nin v5.15, the bpf_timer commit is used in the fixes tag and an extra\ndepends-on tag is added to state the dependency on PREEMPT_RT.\n\nDepends-on: v6.12+ with PREEMPT_RT enabled",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21825",
"url": "https://www.suse.com/security/cve/CVE-2025-21825"
},
{
"category": "external",
"summary": "SUSE Bug 1238971 for CVE-2025-21825",
"url": "https://bugzilla.suse.com/1238971"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-21825"
},
{
"cve": "CVE-2025-21828",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21828"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: don\u0027t flush non-uploaded STAs\n\nIf STA state is pre-moved to AUTHORIZED (such as in IBSS\nscenarios) and insertion fails, the station is freed.\nIn this case, the driver never knew about the station,\nso trying to flush it is unexpected and may crash.\n\nCheck if the sta was uploaded to the driver before and\nfix this.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21828",
"url": "https://www.suse.com/security/cve/CVE-2025-21828"
},
{
"category": "external",
"summary": "SUSE Bug 1238958 for CVE-2025-21828",
"url": "https://bugzilla.suse.com/1238958"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-21828"
},
{
"cve": "CVE-2025-21829",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21829"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/rxe: Fix the warning \"__rxe_cleanup+0x12c/0x170 [rdma_rxe]\"\n\nThe Call Trace is as below:\n\"\n \u003cTASK\u003e\n ? show_regs.cold+0x1a/0x1f\n ? __rxe_cleanup+0x12c/0x170 [rdma_rxe]\n ? __warn+0x84/0xd0\n ? __rxe_cleanup+0x12c/0x170 [rdma_rxe]\n ? report_bug+0x105/0x180\n ? handle_bug+0x46/0x80\n ? exc_invalid_op+0x19/0x70\n ? asm_exc_invalid_op+0x1b/0x20\n ? __rxe_cleanup+0x12c/0x170 [rdma_rxe]\n ? __rxe_cleanup+0x124/0x170 [rdma_rxe]\n rxe_destroy_qp.cold+0x24/0x29 [rdma_rxe]\n ib_destroy_qp_user+0x118/0x190 [ib_core]\n rdma_destroy_qp.cold+0x43/0x5e [rdma_cm]\n rtrs_cq_qp_destroy.cold+0x1d/0x2b [rtrs_core]\n rtrs_srv_close_work.cold+0x1b/0x31 [rtrs_server]\n process_one_work+0x21d/0x3f0\n worker_thread+0x4a/0x3c0\n ? process_one_work+0x3f0/0x3f0\n kthread+0xf0/0x120\n ? kthread_complete_and_exit+0x20/0x20\n ret_from_fork+0x22/0x30\n \u003c/TASK\u003e\n\"\nWhen too many rdma resources are allocated, rxe needs more time to\nhandle these rdma resources. Sometimes with the current timeout, rxe\ncan not release the rdma resources correctly.\n\nCompared with other rdma drivers, a bigger timeout is used.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21829",
"url": "https://www.suse.com/security/cve/CVE-2025-21829"
},
{
"category": "external",
"summary": "SUSE Bug 1239030 for CVE-2025-21829",
"url": "https://bugzilla.suse.com/1239030"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-21829"
},
{
"cve": "CVE-2025-21830",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21830"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nlandlock: Handle weird files\n\nA corrupted filesystem (e.g. bcachefs) might return weird files.\nInstead of throwing a warning and allowing access to such file, treat\nthem as regular files.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21830",
"url": "https://www.suse.com/security/cve/CVE-2025-21830"
},
{
"category": "external",
"summary": "SUSE Bug 1239033 for CVE-2025-21830",
"url": "https://bugzilla.suse.com/1239033"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-21830"
},
{
"cve": "CVE-2025-21831",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21831"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: Avoid putting some root ports into D3 on TUXEDO Sirius Gen1\n\ncommit 9d26d3a8f1b0 (\"PCI: Put PCIe ports into D3 during suspend\") sets the\npolicy that all PCIe ports are allowed to use D3. When the system is\nsuspended if the port is not power manageable by the platform and won\u0027t be\nused for wakeup via a PME this sets up the policy for these ports to go\ninto D3hot.\n\nThis policy generally makes sense from an OSPM perspective but it leads to\nproblems with wakeup from suspend on the TUXEDO Sirius 16 Gen 1 with a\nspecific old BIOS. This manifests as a system hang.\n\nOn the affected Device + BIOS combination, add a quirk for the root port of\nthe problematic controller to ensure that these root ports are not put into\nD3hot at suspend.\n\nThis patch is based on\n\n https://lore.kernel.org/linux-pci/20230708214457.1229-2-mario.limonciello@amd.com\n\nbut with the added condition both in the documentation and in the code to\napply only to the TUXEDO Sirius 16 Gen 1 with a specific old BIOS and only\nthe affected root ports.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21831",
"url": "https://www.suse.com/security/cve/CVE-2025-21831"
},
{
"category": "external",
"summary": "SUSE Bug 1239039 for CVE-2025-21831",
"url": "https://bugzilla.suse.com/1239039"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-21831"
},
{
"cve": "CVE-2025-21832",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21832"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: don\u0027t revert iter for -EIOCBQUEUED\n\nblkdev_read_iter() has a few odd checks, like gating the position and\ncount adjustment on whether or not the result is bigger-than-or-equal to\nzero (where bigger than makes more sense), and not checking the return\nvalue of blkdev_direct_IO() before doing an iov_iter_revert(). The\nlatter can lead to attempting to revert with a negative value, which\nwhen passed to iov_iter_revert() as an unsigned value will lead to\nthrowing a WARN_ON() because unroll is bigger than MAX_RW_COUNT.\n\nBe sane and don\u0027t revert for -EIOCBQUEUED, like what is done in other\nspots.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21832",
"url": "https://www.suse.com/security/cve/CVE-2025-21832"
},
{
"category": "external",
"summary": "SUSE Bug 1239105 for CVE-2025-21832",
"url": "https://bugzilla.suse.com/1239105"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-21832"
},
{
"cve": "CVE-2025-21835",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21835"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: f_midi: fix MIDI Streaming descriptor lengths\n\nWhile the MIDI jacks are configured correctly, and the MIDIStreaming\nendpoint descriptors are filled with the correct information,\nbNumEmbMIDIJack and bLength are set incorrectly in these descriptors.\n\nThis does not matter when the numbers of in and out ports are equal, but\nwhen they differ the host will receive broken descriptors with\nuninitialized stack memory leaking into the descriptor for whichever\nvalue is smaller.\n\nThe precise meaning of \"in\" and \"out\" in the port counts is not clearly\ndefined and can be confusing. But elsewhere the driver consistently\nuses this to match the USB meaning of IN and OUT viewed from the host,\nso that \"in\" ports send data to the host and \"out\" ports receive data\nfrom it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21835",
"url": "https://www.suse.com/security/cve/CVE-2025-21835"
},
{
"category": "external",
"summary": "SUSE Bug 1239068 for CVE-2025-21835",
"url": "https://bugzilla.suse.com/1239068"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-21835"
},
{
"cve": "CVE-2025-21838",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21838"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: core: flush gadget workqueue after device removal\n\ndevice_del() can lead to new work being scheduled in gadget-\u003ework\nworkqueue. This is observed, for example, with the dwc3 driver with the\nfollowing call stack:\n device_del()\n gadget_unbind_driver()\n usb_gadget_disconnect_locked()\n dwc3_gadget_pullup()\n\t dwc3_gadget_soft_disconnect()\n\t usb_gadget_set_state()\n\t schedule_work(\u0026gadget-\u003ework)\n\nMove flush_work() after device_del() to ensure the workqueue is cleaned\nup.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21838",
"url": "https://www.suse.com/security/cve/CVE-2025-21838"
},
{
"category": "external",
"summary": "SUSE Bug 1239065 for CVE-2025-21838",
"url": "https://bugzilla.suse.com/1239065"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-21838"
},
{
"cve": "CVE-2025-21844",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21844"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: Add check for next_buffer in receive_encrypted_standard()\n\nAdd check for the return value of cifs_buf_get() and cifs_small_buf_get()\nin receive_encrypted_standard() to prevent null pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21844",
"url": "https://www.suse.com/security/cve/CVE-2025-21844"
},
{
"category": "external",
"summary": "SUSE Bug 1239512 for CVE-2025-21844",
"url": "https://bugzilla.suse.com/1239512"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-21844"
},
{
"cve": "CVE-2025-21846",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21846"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nacct: perform last write from workqueue\n\nIn [1] it was reported that the acct(2) system call can be used to\ntrigger NULL deref in cases where it is set to write to a file that\ntriggers an internal lookup. This can e.g., happen when pointing acc(2)\nto /sys/power/resume. At the point the where the write to this file\nhappens the calling task has already exited and called exit_fs(). A\nlookup will thus trigger a NULL-deref when accessing current-\u003efs.\n\nReorganize the code so that the the final write happens from the\nworkqueue but with the caller\u0027s credentials. This preserves the\n(strange) permission model and has almost no regression risk.\n\nThis api should stop to exist though.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21846",
"url": "https://www.suse.com/security/cve/CVE-2025-21846"
},
{
"category": "external",
"summary": "SUSE Bug 1239508 for CVE-2025-21846",
"url": "https://bugzilla.suse.com/1239508"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-21846"
},
{
"cve": "CVE-2025-21847",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21847"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data()\n\nThe nullity of sps-\u003ecstream should be checked similarly as it is done in\nsof_set_stream_data_offset() function.\nAssuming that it is not NULL if sps-\u003estream is NULL is incorrect and can\nlead to NULL pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21847",
"url": "https://www.suse.com/security/cve/CVE-2025-21847"
},
{
"category": "external",
"summary": "SUSE Bug 1239471 for CVE-2025-21847",
"url": "https://bugzilla.suse.com/1239471"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-21847"
},
{
"cve": "CVE-2025-21848",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21848"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfp: bpf: Add check for nfp_app_ctrl_msg_alloc()\n\nAdd check for the return value of nfp_app_ctrl_msg_alloc() in\nnfp_bpf_cmsg_alloc() to prevent null pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21848",
"url": "https://www.suse.com/security/cve/CVE-2025-21848"
},
{
"category": "external",
"summary": "SUSE Bug 1239479 for CVE-2025-21848",
"url": "https://bugzilla.suse.com/1239479"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-21848"
},
{
"cve": "CVE-2025-21850",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21850"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvmet: Fix crash when a namespace is disabled\n\nThe namespace percpu counter protects pending I/O, and we can\nonly safely diable the namespace once the counter drop to zero.\nOtherwise we end up with a crash when running blktests/nvme/058\n(eg for loop transport):\n\n[ 2352.930426] [ T53909] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000005: 0000 [#1] PREEMPT SMP KASAN PTI\n[ 2352.930431] [ T53909] KASAN: null-ptr-deref in range [0x0000000000000028-0x000000000000002f]\n[ 2352.930434] [ T53909] CPU: 3 UID: 0 PID: 53909 Comm: kworker/u16:5 Tainted: G W 6.13.0-rc6 #232\n[ 2352.930438] [ T53909] Tainted: [W]=WARN\n[ 2352.930440] [ T53909] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-3.fc41 04/01/2014\n[ 2352.930443] [ T53909] Workqueue: nvmet-wq nvme_loop_execute_work [nvme_loop]\n[ 2352.930449] [ T53909] RIP: 0010:blkcg_set_ioprio+0x44/0x180\n\nas the queue is already torn down when calling submit_bio();\n\nSo we need to init the percpu counter in nvmet_ns_enable(), and\nwait for it to drop to zero in nvmet_ns_disable() to avoid having\nI/O pending after the namespace has been disabled.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21850",
"url": "https://www.suse.com/security/cve/CVE-2025-21850"
},
{
"category": "external",
"summary": "SUSE Bug 1239477 for CVE-2025-21850",
"url": "https://bugzilla.suse.com/1239477"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-21850"
},
{
"cve": "CVE-2025-21855",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21855"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nibmvnic: Don\u0027t reference skb after sending to VIOS\n\nPreviously, after successfully flushing the xmit buffer to VIOS,\nthe tx_bytes stat was incremented by the length of the skb.\n\nIt is invalid to access the skb memory after sending the buffer to\nthe VIOS because, at any point after sending, the VIOS can trigger\nan interrupt to free this memory. A race between reading skb-\u003elen\nand freeing the skb is possible (especially during LPM) and will\nresult in use-after-free:\n ==================================================================\n BUG: KASAN: slab-use-after-free in ibmvnic_xmit+0x75c/0x1808 [ibmvnic]\n Read of size 4 at addr c00000024eb48a70 by task hxecom/14495\n \u003c...\u003e\n Call Trace:\n [c000000118f66cf0] [c0000000018cba6c] dump_stack_lvl+0x84/0xe8 (unreliable)\n [c000000118f66d20] [c0000000006f0080] print_report+0x1a8/0x7f0\n [c000000118f66df0] [c0000000006f08f0] kasan_report+0x128/0x1f8\n [c000000118f66f00] [c0000000006f2868] __asan_load4+0xac/0xe0\n [c000000118f66f20] [c0080000046eac84] ibmvnic_xmit+0x75c/0x1808 [ibmvnic]\n [c000000118f67340] [c0000000014be168] dev_hard_start_xmit+0x150/0x358\n \u003c...\u003e\n Freed by task 0:\n kasan_save_stack+0x34/0x68\n kasan_save_track+0x2c/0x50\n kasan_save_free_info+0x64/0x108\n __kasan_mempool_poison_object+0x148/0x2d4\n napi_skb_cache_put+0x5c/0x194\n net_tx_action+0x154/0x5b8\n handle_softirqs+0x20c/0x60c\n do_softirq_own_stack+0x6c/0x88\n \u003c...\u003e\n The buggy address belongs to the object at c00000024eb48a00 which\n belongs to the cache skbuff_head_cache of size 224\n==================================================================",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21855",
"url": "https://www.suse.com/security/cve/CVE-2025-21855"
},
{
"category": "external",
"summary": "SUSE Bug 1239484 for CVE-2025-21855",
"url": "https://bugzilla.suse.com/1239484"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-21855"
},
{
"cve": "CVE-2025-21856",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21856"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/ism: add release function for struct device\n\nAccording to device_release() in /drivers/base/core.c,\na device without a release function is a broken device\nand must be fixed.\n\nThe current code directly frees the device after calling device_add()\nwithout waiting for other kernel parts to release their references.\nThus, a reference could still be held to a struct device,\ne.g., by sysfs, leading to potential use-after-free\nissues if a proper release function is not set.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21856",
"url": "https://www.suse.com/security/cve/CVE-2025-21856"
},
{
"category": "external",
"summary": "SUSE Bug 1239486 for CVE-2025-21856",
"url": "https://bugzilla.suse.com/1239486"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-21856"
},
{
"cve": "CVE-2025-21857",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21857"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: cls_api: fix error handling causing NULL dereference\n\ntcf_exts_miss_cookie_base_alloc() calls xa_alloc_cyclic() which can\nreturn 1 if the allocation succeeded after wrapping. This was treated as\nan error, with value 1 returned to caller tcf_exts_init_ex() which sets\nexts-\u003eactions to NULL and returns 1 to caller fl_change().\n\nfl_change() treats err == 1 as success, calling tcf_exts_validate_ex()\nwhich calls tcf_action_init() with exts-\u003eactions as argument, where it\nis dereferenced.\n\nExample trace:\n\nBUG: kernel NULL pointer dereference, address: 0000000000000000\nCPU: 114 PID: 16151 Comm: handler114 Kdump: loaded Not tainted 5.14.0-503.16.1.el9_5.x86_64 #1\nRIP: 0010:tcf_action_init+0x1f8/0x2c0\nCall Trace:\n tcf_action_init+0x1f8/0x2c0\n tcf_exts_validate_ex+0x175/0x190\n fl_change+0x537/0x1120 [cls_flower]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21857",
"url": "https://www.suse.com/security/cve/CVE-2025-21857"
},
{
"category": "external",
"summary": "SUSE Bug 1239478 for CVE-2025-21857",
"url": "https://bugzilla.suse.com/1239478"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-21857"
},
{
"cve": "CVE-2025-21858",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21858"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngeneve: Fix use-after-free in geneve_find_dev().\n\nsyzkaller reported a use-after-free in geneve_find_dev() [0]\nwithout repro.\n\ngeneve_configure() links struct geneve_dev.next to\nnet_generic(net, geneve_net_id)-\u003egeneve_list.\n\nThe net here could differ from dev_net(dev) if IFLA_NET_NS_PID,\nIFLA_NET_NS_FD, or IFLA_TARGET_NETNSID is set.\n\nWhen dev_net(dev) is dismantled, geneve_exit_batch_rtnl() finally\ncalls unregister_netdevice_queue() for each dev in the netns,\nand later the dev is freed.\n\nHowever, its geneve_dev.next is still linked to the backend UDP\nsocket netns.\n\nThen, use-after-free will occur when another geneve dev is created\nin the netns.\n\nLet\u0027s call geneve_dellink() instead in geneve_destroy_tunnels().\n\n[0]:\nBUG: KASAN: slab-use-after-free in geneve_find_dev drivers/net/geneve.c:1295 [inline]\nBUG: KASAN: slab-use-after-free in geneve_configure+0x234/0x858 drivers/net/geneve.c:1343\nRead of size 2 at addr ffff000054d6ee24 by task syz.1.4029/13441\n\nCPU: 1 UID: 0 PID: 13441 Comm: syz.1.4029 Not tainted 6.13.0-g0ad9617c78ac #24 dc35ca22c79fb82e8e7bc5c9c9adafea898b1e3d\nHardware name: linux,dummy-virt (DT)\nCall trace:\n show_stack+0x38/0x50 arch/arm64/kernel/stacktrace.c:466 (C)\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0xbc/0x108 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0x16c/0x6f0 mm/kasan/report.c:489\n kasan_report+0xc0/0x120 mm/kasan/report.c:602\n __asan_report_load2_noabort+0x20/0x30 mm/kasan/report_generic.c:379\n geneve_find_dev drivers/net/geneve.c:1295 [inline]\n geneve_configure+0x234/0x858 drivers/net/geneve.c:1343\n geneve_newlink+0xb8/0x128 drivers/net/geneve.c:1634\n rtnl_newlink_create+0x23c/0x868 net/core/rtnetlink.c:3795\n __rtnl_newlink net/core/rtnetlink.c:3906 [inline]\n rtnl_newlink+0x1054/0x1630 net/core/rtnetlink.c:4021\n rtnetlink_rcv_msg+0x61c/0x918 net/core/rtnetlink.c:6911\n netlink_rcv_skb+0x1dc/0x398 net/netlink/af_netlink.c:2543\n rtnetlink_rcv+0x34/0x50 net/core/rtnetlink.c:6938\n netlink_unicast_kernel net/netlink/af_netlink.c:1322 [inline]\n netlink_unicast+0x618/0x838 net/netlink/af_netlink.c:1348\n netlink_sendmsg+0x5fc/0x8b0 net/netlink/af_netlink.c:1892\n sock_sendmsg_nosec net/socket.c:713 [inline]\n __sock_sendmsg net/socket.c:728 [inline]\n ____sys_sendmsg+0x410/0x6f8 net/socket.c:2568\n ___sys_sendmsg+0x178/0x1d8 net/socket.c:2622\n __sys_sendmsg net/socket.c:2654 [inline]\n __do_sys_sendmsg net/socket.c:2659 [inline]\n __se_sys_sendmsg net/socket.c:2657 [inline]\n __arm64_sys_sendmsg+0x12c/0x1c8 net/socket.c:2657\n __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]\n invoke_syscall+0x90/0x278 arch/arm64/kernel/syscall.c:49\n el0_svc_common+0x13c/0x250 arch/arm64/kernel/syscall.c:132\n do_el0_svc+0x54/0x70 arch/arm64/kernel/syscall.c:151\n el0_svc+0x4c/0xa8 arch/arm64/kernel/entry-common.c:744\n el0t_64_sync_handler+0x78/0x108 arch/arm64/kernel/entry-common.c:762\n el0t_64_sync+0x198/0x1a0 arch/arm64/kernel/entry.S:600\n\nAllocated by task 13247:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x30/0x68 mm/kasan/common.c:68\n kasan_save_alloc_info+0x44/0x58 mm/kasan/generic.c:568\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0x84/0xa0 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __do_kmalloc_node mm/slub.c:4298 [inline]\n __kmalloc_node_noprof+0x2a0/0x560 mm/slub.c:4304\n __kvmalloc_node_noprof+0x9c/0x230 mm/util.c:645\n alloc_netdev_mqs+0xb8/0x11a0 net/core/dev.c:11470\n rtnl_create_link+0x2b8/0xb50 net/core/rtnetlink.c:3604\n rtnl_newlink_create+0x19c/0x868 net/core/rtnetlink.c:3780\n __rtnl_newlink net/core/rtnetlink.c:3906 [inline]\n rtnl_newlink+0x1054/0x1630 net/core/rtnetlink.c:4021\n rtnetlink_rcv_msg+0x61c/0x918 net/core/rtnetlink.c:6911\n netlink_rcv_skb+0x1dc/0x398 net/netlink/af_netlink.c:2543\n rtnetlink_rcv+0x34/0x50 net/core/rtnetlink.c:6938\n netlink_unicast_kernel net/netlink/af_n\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21858",
"url": "https://www.suse.com/security/cve/CVE-2025-21858"
},
{
"category": "external",
"summary": "SUSE Bug 1239468 for CVE-2025-21858",
"url": "https://bugzilla.suse.com/1239468"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-21858"
},
{
"cve": "CVE-2025-21859",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21859"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: gadget: f_midi: f_midi_complete to call queue_work\n\nWhen using USB MIDI, a lock is attempted to be acquired twice through a\nre-entrant call to f_midi_transmit, causing a deadlock.\n\nFix it by using queue_work() to schedule the inner f_midi_transmit() via\na high priority work queue from the completion handler.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21859",
"url": "https://www.suse.com/security/cve/CVE-2025-21859"
},
{
"category": "external",
"summary": "SUSE Bug 1239467 for CVE-2025-21859",
"url": "https://bugzilla.suse.com/1239467"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-21859"
},
{
"cve": "CVE-2025-21861",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21861"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/migrate_device: don\u0027t add folio to be freed to LRU in migrate_device_finalize()\n\nIf migration succeeded, we called\nfolio_migrate_flags()-\u003emem_cgroup_migrate() to migrate the memcg from the\nold to the new folio. This will set memcg_data of the old folio to 0.\n\nSimilarly, if migration failed, memcg_data of the dst folio is left unset.\n\nIf we call folio_putback_lru() on such folios (memcg_data == 0), we will\nadd the folio to be freed to the LRU, making memcg code unhappy. Running\nthe hmm selftests:\n\n # ./hmm-tests\n ...\n # RUN hmm.hmm_device_private.migrate ...\n [ 102.078007][T14893] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x7ff27d200 pfn:0x13cc00\n [ 102.079974][T14893] anon flags: 0x17ff00000020018(uptodate|dirty|swapbacked|node=0|zone=2|lastcpupid=0x7ff)\n [ 102.082037][T14893] raw: 017ff00000020018 dead000000000100 dead000000000122 ffff8881353896c9\n [ 102.083687][T14893] raw: 00000007ff27d200 0000000000000000 00000001ffffffff 0000000000000000\n [ 102.085331][T14893] page dumped because: VM_WARN_ON_ONCE_FOLIO(!memcg \u0026\u0026 !mem_cgroup_disabled())\n [ 102.087230][T14893] ------------[ cut here ]------------\n [ 102.088279][T14893] WARNING: CPU: 0 PID: 14893 at ./include/linux/memcontrol.h:726 folio_lruvec_lock_irqsave+0x10e/0x170\n [ 102.090478][T14893] Modules linked in:\n [ 102.091244][T14893] CPU: 0 UID: 0 PID: 14893 Comm: hmm-tests Not tainted 6.13.0-09623-g6c216bc522fd #151\n [ 102.093089][T14893] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-2.fc40 04/01/2014\n [ 102.094848][T14893] RIP: 0010:folio_lruvec_lock_irqsave+0x10e/0x170\n [ 102.096104][T14893] Code: ...\n [ 102.099908][T14893] RSP: 0018:ffffc900236c37b0 EFLAGS: 00010293\n [ 102.101152][T14893] RAX: 0000000000000000 RBX: ffffea0004f30000 RCX: ffffffff8183f426\n [ 102.102684][T14893] RDX: ffff8881063cb880 RSI: ffffffff81b8117f RDI: ffff8881063cb880\n [ 102.104227][T14893] RBP: 0000000000000000 R08: 0000000000000005 R09: 0000000000000000\n [ 102.105757][T14893] R10: 0000000000000001 R11: 0000000000000002 R12: ffffc900236c37d8\n [ 102.107296][T14893] R13: ffff888277a2bcb0 R14: 000000000000001f R15: 0000000000000000\n [ 102.108830][T14893] FS: 00007ff27dbdd740(0000) GS:ffff888277a00000(0000) knlGS:0000000000000000\n [ 102.110643][T14893] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n [ 102.111924][T14893] CR2: 00007ff27d400000 CR3: 000000010866e000 CR4: 0000000000750ef0\n [ 102.113478][T14893] PKRU: 55555554\n [ 102.114172][T14893] Call Trace:\n [ 102.114805][T14893] \u003cTASK\u003e\n [ 102.115397][T14893] ? folio_lruvec_lock_irqsave+0x10e/0x170\n [ 102.116547][T14893] ? __warn.cold+0x110/0x210\n [ 102.117461][T14893] ? folio_lruvec_lock_irqsave+0x10e/0x170\n [ 102.118667][T14893] ? report_bug+0x1b9/0x320\n [ 102.119571][T14893] ? handle_bug+0x54/0x90\n [ 102.120494][T14893] ? exc_invalid_op+0x17/0x50\n [ 102.121433][T14893] ? asm_exc_invalid_op+0x1a/0x20\n [ 102.122435][T14893] ? __wake_up_klogd.part.0+0x76/0xd0\n [ 102.123506][T14893] ? dump_page+0x4f/0x60\n [ 102.124352][T14893] ? folio_lruvec_lock_irqsave+0x10e/0x170\n [ 102.125500][T14893] folio_batch_move_lru+0xd4/0x200\n [ 102.126577][T14893] ? __pfx_lru_add+0x10/0x10\n [ 102.127505][T14893] __folio_batch_add_and_move+0x391/0x720\n [ 102.128633][T14893] ? __pfx_lru_add+0x10/0x10\n [ 102.129550][T14893] folio_putback_lru+0x16/0x80\n [ 102.130564][T14893] migrate_device_finalize+0x9b/0x530\n [ 102.131640][T14893] dmirror_migrate_to_device.constprop.0+0x7c5/0xad0\n [ 102.133047][T14893] dmirror_fops_unlocked_ioctl+0x89b/0xc80\n\nLikely, nothing else goes wrong: putting the last folio reference will\nremove the folio from the LRU again. So besides memcg complaining, adding\nthe folio to be freed to the LRU is just an unnecessary step.\n\nThe new flow resembles what we have in migrate_folio_move(): add the dst\nto the lru, rem\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21861",
"url": "https://www.suse.com/security/cve/CVE-2025-21861"
},
{
"category": "external",
"summary": "SUSE Bug 1239483 for CVE-2025-21861",
"url": "https://bugzilla.suse.com/1239483"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-21861"
},
{
"cve": "CVE-2025-21862",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21862"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrop_monitor: fix incorrect initialization order\n\nSyzkaller reports the following bug:\n\nBUG: spinlock bad magic on CPU#1, syz-executor.0/7995\n lock: 0xffff88805303f3e0, .magic: 00000000, .owner: \u003cnone\u003e/-1, .owner_cpu: 0\nCPU: 1 PID: 7995 Comm: syz-executor.0 Tainted: G E 5.10.209+ #1\nHardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 11/12/2020\nCall Trace:\n __dump_stack lib/dump_stack.c:77 [inline]\n dump_stack+0x119/0x179 lib/dump_stack.c:118\n debug_spin_lock_before kernel/locking/spinlock_debug.c:83 [inline]\n do_raw_spin_lock+0x1f6/0x270 kernel/locking/spinlock_debug.c:112\n __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:117 [inline]\n _raw_spin_lock_irqsave+0x50/0x70 kernel/locking/spinlock.c:159\n reset_per_cpu_data+0xe6/0x240 [drop_monitor]\n net_dm_cmd_trace+0x43d/0x17a0 [drop_monitor]\n genl_family_rcv_msg_doit+0x22f/0x330 net/netlink/genetlink.c:739\n genl_family_rcv_msg net/netlink/genetlink.c:783 [inline]\n genl_rcv_msg+0x341/0x5a0 net/netlink/genetlink.c:800\n netlink_rcv_skb+0x14d/0x440 net/netlink/af_netlink.c:2497\n genl_rcv+0x29/0x40 net/netlink/genetlink.c:811\n netlink_unicast_kernel net/netlink/af_netlink.c:1322 [inline]\n netlink_unicast+0x54b/0x800 net/netlink/af_netlink.c:1348\n netlink_sendmsg+0x914/0xe00 net/netlink/af_netlink.c:1916\n sock_sendmsg_nosec net/socket.c:651 [inline]\n __sock_sendmsg+0x157/0x190 net/socket.c:663\n ____sys_sendmsg+0x712/0x870 net/socket.c:2378\n ___sys_sendmsg+0xf8/0x170 net/socket.c:2432\n __sys_sendmsg+0xea/0x1b0 net/socket.c:2461\n do_syscall_64+0x30/0x40 arch/x86/entry/common.c:46\n entry_SYSCALL_64_after_hwframe+0x62/0xc7\nRIP: 0033:0x7f3f9815aee9\nCode: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007f3f972bf0c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\nRAX: ffffffffffffffda RBX: 00007f3f9826d050 RCX: 00007f3f9815aee9\nRDX: 0000000020000000 RSI: 0000000020001300 RDI: 0000000000000007\nRBP: 00007f3f981b63bd R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\nR13: 000000000000006e R14: 00007f3f9826d050 R15: 00007ffe01ee6768\n\nIf drop_monitor is built as a kernel module, syzkaller may have time\nto send a netlink NET_DM_CMD_START message during the module loading.\nThis will call the net_dm_monitor_start() function that uses\na spinlock that has not yet been initialized.\n\nTo fix this, let\u0027s place resource initialization above the registration\nof a generic netlink family.\n\nFound by InfoTeCS on behalf of Linux Verification Center\n(linuxtesting.org) with Syzkaller.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21862",
"url": "https://www.suse.com/security/cve/CVE-2025-21862"
},
{
"category": "external",
"summary": "SUSE Bug 1239474 for CVE-2025-21862",
"url": "https://bugzilla.suse.com/1239474"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-21862"
},
{
"cve": "CVE-2025-21864",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21864"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: drop secpath at the same time as we currently drop dst\n\nXiumei reported hitting the WARN in xfrm6_tunnel_net_exit while\nrunning tests that boil down to:\n - create a pair of netns\n - run a basic TCP test over ipcomp6\n - delete the pair of netns\n\nThe xfrm_state found on spi_byaddr was not deleted at the time we\ndelete the netns, because we still have a reference on it. This\nlingering reference comes from a secpath (which holds a ref on the\nxfrm_state), which is still attached to an skb. This skb is not\nleaked, it ends up on sk_receive_queue and then gets defer-free\u0027d by\nskb_attempt_defer_free.\n\nThe problem happens when we defer freeing an skb (push it on one CPU\u0027s\ndefer_list), and don\u0027t flush that list before the netns is deleted. In\nthat case, we still have a reference on the xfrm_state that we don\u0027t\nexpect at this point.\n\nWe already drop the skb\u0027s dst in the TCP receive path when it\u0027s no\nlonger needed, so let\u0027s also drop the secpath. At this point,\ntcp_filter has already called into the LSM hooks that may require the\nsecpath, so it should not be needed anymore. However, in some of those\nplaces, the MPTCP extension has just been attached to the skb, so we\ncannot simply drop all extensions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21864",
"url": "https://www.suse.com/security/cve/CVE-2025-21864"
},
{
"category": "external",
"summary": "SUSE Bug 1239482 for CVE-2025-21864",
"url": "https://bugzilla.suse.com/1239482"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-21864"
},
{
"cve": "CVE-2025-21865",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21865"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl().\n\nBrad Spengler reported the list_del() corruption splat in\ngtp_net_exit_batch_rtnl(). [0]\n\nCommit eb28fd76c0a0 (\"gtp: Destroy device along with udp socket\u0027s netns\ndismantle.\") added the for_each_netdev() loop in gtp_net_exit_batch_rtnl()\nto destroy devices in each netns as done in geneve and ip tunnels.\n\nHowever, this could trigger -\u003edellink() twice for the same device during\n-\u003eexit_batch_rtnl().\n\nSay we have two netns A \u0026 B and gtp device B that resides in netns B but\nwhose UDP socket is in netns A.\n\n 1. cleanup_net() processes netns A and then B.\n\n 2. gtp_net_exit_batch_rtnl() finds the device B while iterating\n netns A\u0027s gn-\u003egtp_dev_list and calls -\u003edellink().\n\n [ device B is not yet unlinked from netns B\n as unregister_netdevice_many() has not been called. ]\n\n 3. gtp_net_exit_batch_rtnl() finds the device B while iterating\n netns B\u0027s for_each_netdev() and calls -\u003edellink().\n\ngtp_dellink() cleans up the device\u0027s hash table, unlinks the dev from\ngn-\u003egtp_dev_list, and calls unregister_netdevice_queue().\n\nBasically, calling gtp_dellink() multiple times is fine unless\nCONFIG_DEBUG_LIST is enabled.\n\nLet\u0027s remove for_each_netdev() in gtp_net_exit_batch_rtnl() and\ndelegate the destruction to default_device_exit_batch() as done\nin bareudp.\n\n[0]:\nlist_del corruption, ffff8880aaa62c00-\u003enext (autoslab_size_M_dev_P_net_core_dev_11127_8_1328_8_S_4096_A_64_n_139+0xc00/0x1000 [slab object]) is LIST_POISON1 (ffffffffffffff02) (prev is 0xffffffffffffff04)\nkernel BUG at lib/list_debug.c:58!\nOops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN\nCPU: 1 UID: 0 PID: 1804 Comm: kworker/u8:7 Tainted: G T 6.12.13-grsec-full-20250211091339 #1\nTainted: [T]=RANDSTRUCT\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\nWorkqueue: netns cleanup_net\nRIP: 0010:[\u003cffffffff84947381\u003e] __list_del_entry_valid_or_report+0x141/0x200 lib/list_debug.c:58\nCode: c2 76 91 31 c0 e8 9f b1 f7 fc 0f 0b 4d 89 f0 48 c7 c1 02 ff ff ff 48 89 ea 48 89 ee 48 c7 c7 e0 c2 76 91 31 c0 e8 7f b1 f7 fc \u003c0f\u003e 0b 4d 89 e8 48 c7 c1 04 ff ff ff 48 89 ea 48 89 ee 48 c7 c7 60\nRSP: 0018:fffffe8040b4fbd0 EFLAGS: 00010283\nRAX: 00000000000000cc RBX: dffffc0000000000 RCX: ffffffff818c4054\nRDX: ffffffff84947381 RSI: ffffffff818d1512 RDI: 0000000000000000\nRBP: ffff8880aaa62c00 R08: 0000000000000001 R09: fffffbd008169f32\nR10: fffffe8040b4f997 R11: 0000000000000001 R12: a1988d84f24943e4\nR13: ffffffffffffff02 R14: ffffffffffffff04 R15: ffff8880aaa62c08\nRBX: kasan shadow of 0x0\nRCX: __wake_up_klogd.part.0+0x74/0xe0 kernel/printk/printk.c:4554\nRDX: __list_del_entry_valid_or_report+0x141/0x200 lib/list_debug.c:58\nRSI: vprintk+0x72/0x100 kernel/printk/printk_safe.c:71\nRBP: autoslab_size_M_dev_P_net_core_dev_11127_8_1328_8_S_4096_A_64_n_139+0xc00/0x1000 [slab object]\nRSP: process kstack fffffe8040b4fbd0+0x7bd0/0x8000 [kworker/u8:7+netns 1804 ]\nR09: kasan shadow of process kstack fffffe8040b4f990+0x7990/0x8000 [kworker/u8:7+netns 1804 ]\nR10: process kstack fffffe8040b4f997+0x7997/0x8000 [kworker/u8:7+netns 1804 ]\nR15: autoslab_size_M_dev_P_net_core_dev_11127_8_1328_8_S_4096_A_64_n_139+0xc08/0x1000 [slab object]\nFS: 0000000000000000(0000) GS:ffff888116000000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000748f5372c000 CR3: 0000000015408000 CR4: 00000000003406f0 shadow CR4: 00000000003406f0\nStack:\n 0000000000000000 ffffffff8a0c35e7 ffffffff8a0c3603 ffff8880aaa62c00\n ffff8880aaa62c00 0000000000000004 ffff88811145311c 0000000000000005\n 0000000000000001 ffff8880aaa62000 fffffe8040b4fd40 ffffffff8a0c360d\nCall Trace:\n \u003cTASK\u003e\n [\u003cffffffff8a0c360d\u003e] __list_del_entry_valid include/linux/list.h:131 [inline] fffffe8040b4fc28\n [\u003cffffffff8a0c360d\u003e] __list_del_entry include/linux/list.h:248 [inline] fffffe8040b4fc28\n [\u003cffffffff8a0c360d\u003e] list_del include/linux/list.h:262 [inl\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21865",
"url": "https://www.suse.com/security/cve/CVE-2025-21865"
},
{
"category": "external",
"summary": "SUSE Bug 1239481 for CVE-2025-21865",
"url": "https://bugzilla.suse.com/1239481"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-21865"
},
{
"cve": "CVE-2025-21866",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21866"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/code-patching: Fix KASAN hit by not flagging text patching area as VM_ALLOC\n\nErhard reported the following KASAN hit while booting his PowerMac G4\nwith a KASAN-enabled kernel 6.13-rc6:\n\n BUG: KASAN: vmalloc-out-of-bounds in copy_to_kernel_nofault+0xd8/0x1c8\n Write of size 8 at addr f1000000 by task chronyd/1293\n\n CPU: 0 UID: 123 PID: 1293 Comm: chronyd Tainted: G W 6.13.0-rc6-PMacG4 #2\n Tainted: [W]=WARN\n Hardware name: PowerMac3,6 7455 0x80010303 PowerMac\n Call Trace:\n [c2437590] [c1631a84] dump_stack_lvl+0x70/0x8c (unreliable)\n [c24375b0] [c0504998] print_report+0xdc/0x504\n [c2437610] [c050475c] kasan_report+0xf8/0x108\n [c2437690] [c0505a3c] kasan_check_range+0x24/0x18c\n [c24376a0] [c03fb5e4] copy_to_kernel_nofault+0xd8/0x1c8\n [c24376c0] [c004c014] patch_instructions+0x15c/0x16c\n [c2437710] [c00731a8] bpf_arch_text_copy+0x60/0x7c\n [c2437730] [c0281168] bpf_jit_binary_pack_finalize+0x50/0xac\n [c2437750] [c0073cf4] bpf_int_jit_compile+0xb30/0xdec\n [c2437880] [c0280394] bpf_prog_select_runtime+0x15c/0x478\n [c24378d0] [c1263428] bpf_prepare_filter+0xbf8/0xc14\n [c2437990] [c12677ec] bpf_prog_create_from_user+0x258/0x2b4\n [c24379d0] [c027111c] do_seccomp+0x3dc/0x1890\n [c2437ac0] [c001d8e0] system_call_exception+0x2dc/0x420\n [c2437f30] [c00281ac] ret_from_syscall+0x0/0x2c\n --- interrupt: c00 at 0x5a1274\n NIP: 005a1274 LR: 006a3b3c CTR: 005296c8\n REGS: c2437f40 TRAP: 0c00 Tainted: G W (6.13.0-rc6-PMacG4)\n MSR: 0200f932 \u003cVEC,EE,PR,FP,ME,IR,DR,RI\u003e CR: 24004422 XER: 00000000\n\n GPR00: 00000166 af8f3fa0 a7ee3540 00000001 00000000 013b6500 005a5858 0200f932\n GPR08: 00000000 00001fe9 013d5fc8 005296c8 2822244c 00b2fcd8 00000000 af8f4b57\n GPR16: 00000000 00000001 00000000 00000000 00000000 00000001 00000000 00000002\n GPR24: 00afdbb0 00000000 00000000 00000000 006e0004 013ce060 006e7c1c 00000001\n NIP [005a1274] 0x5a1274\n LR [006a3b3c] 0x6a3b3c\n --- interrupt: c00\n\n The buggy address belongs to the virtual mapping at\n [f1000000, f1002000) created by:\n text_area_cpu_up+0x20/0x190\n\n The buggy address belongs to the physical page:\n page: refcount:1 mapcount:0 mapping:00000000 index:0x0 pfn:0x76e30\n flags: 0x80000000(zone=2)\n raw: 80000000 00000000 00000122 00000000 00000000 00000000 ffffffff 00000001\n raw: 00000000\n page dumped because: kasan: bad access detected\n\n Memory state around the buggy address:\n f0ffff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n f0ffff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n \u003ef1000000: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8\n ^\n f1000080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8\n f1000100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8\n ==================================================================\n\nf8 corresponds to KASAN_VMALLOC_INVALID which means the area is not\ninitialised hence not supposed to be used yet.\n\nPowerpc text patching infrastructure allocates a virtual memory area\nusing get_vm_area() and flags it as VM_ALLOC. But that flag is meant\nto be used for vmalloc() and vmalloc() allocated memory is not\nsupposed to be used before a call to __vmalloc_node_range() which is\nnever called for that area.\n\nThat went undetected until commit e4137f08816b (\"mm, kasan, kmsan:\ninstrument copy_from/to_kernel_nofault\")\n\nThe area allocated by text_area_cpu_up() is not vmalloc memory, it is\nmapped directly on demand when needed by map_kernel_page(). There is\nno VM flag corresponding to such usage, so just pass no flag. That way\nthe area will be unpoisonned and usable immediately.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21866",
"url": "https://www.suse.com/security/cve/CVE-2025-21866"
},
{
"category": "external",
"summary": "SUSE Bug 1239473 for CVE-2025-21866",
"url": "https://bugzilla.suse.com/1239473"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-21866"
},
{
"cve": "CVE-2025-21869",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21869"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/code-patching: Disable KASAN report during patching via temporary mm\n\nErhard reports the following KASAN hit on Talos II (power9) with kernel 6.13:\n\n[ 12.028126] ==================================================================\n[ 12.028198] BUG: KASAN: user-memory-access in copy_to_kernel_nofault+0x8c/0x1a0\n[ 12.028260] Write of size 8 at addr 0000187e458f2000 by task systemd/1\n\n[ 12.028346] CPU: 87 UID: 0 PID: 1 Comm: systemd Tainted: G T 6.13.0-P9-dirty #3\n[ 12.028408] Tainted: [T]=RANDSTRUCT\n[ 12.028446] Hardware name: T2P9D01 REV 1.01 POWER9 0x4e1202 opal:skiboot-bc106a0 PowerNV\n[ 12.028500] Call Trace:\n[ 12.028536] [c000000008dbf3b0] [c000000001656a48] dump_stack_lvl+0xbc/0x110 (unreliable)\n[ 12.028609] [c000000008dbf3f0] [c0000000006e2fc8] print_report+0x6b0/0x708\n[ 12.028666] [c000000008dbf4e0] [c0000000006e2454] kasan_report+0x164/0x300\n[ 12.028725] [c000000008dbf600] [c0000000006e54d4] kasan_check_range+0x314/0x370\n[ 12.028784] [c000000008dbf640] [c0000000006e6310] __kasan_check_write+0x20/0x40\n[ 12.028842] [c000000008dbf660] [c000000000578e8c] copy_to_kernel_nofault+0x8c/0x1a0\n[ 12.028902] [c000000008dbf6a0] [c0000000000acfe4] __patch_instructions+0x194/0x210\n[ 12.028965] [c000000008dbf6e0] [c0000000000ade80] patch_instructions+0x150/0x590\n[ 12.029026] [c000000008dbf7c0] [c0000000001159bc] bpf_arch_text_copy+0x6c/0xe0\n[ 12.029085] [c000000008dbf800] [c000000000424250] bpf_jit_binary_pack_finalize+0x40/0xc0\n[ 12.029147] [c000000008dbf830] [c000000000115dec] bpf_int_jit_compile+0x3bc/0x930\n[ 12.029206] [c000000008dbf990] [c000000000423720] bpf_prog_select_runtime+0x1f0/0x280\n[ 12.029266] [c000000008dbfa00] [c000000000434b18] bpf_prog_load+0xbb8/0x1370\n[ 12.029324] [c000000008dbfb70] [c000000000436ebc] __sys_bpf+0x5ac/0x2e00\n[ 12.029379] [c000000008dbfd00] [c00000000043a228] sys_bpf+0x28/0x40\n[ 12.029435] [c000000008dbfd20] [c000000000038eb4] system_call_exception+0x334/0x610\n[ 12.029497] [c000000008dbfe50] [c00000000000c270] system_call_vectored_common+0xf0/0x280\n[ 12.029561] --- interrupt: 3000 at 0x3fff82f5cfa8\n[ 12.029608] NIP: 00003fff82f5cfa8 LR: 00003fff82f5cfa8 CTR: 0000000000000000\n[ 12.029660] REGS: c000000008dbfe80 TRAP: 3000 Tainted: G T (6.13.0-P9-dirty)\n[ 12.029735] MSR: 900000000280f032 \u003cSF,HV,VEC,VSX,EE,PR,FP,ME,IR,DR,RI\u003e CR: 42004848 XER: 00000000\n[ 12.029855] IRQMASK: 0\n GPR00: 0000000000000169 00003fffdcf789a0 00003fff83067100 0000000000000005\n GPR04: 00003fffdcf78a98 0000000000000090 0000000000000000 0000000000000008\n GPR08: 0000000000000000 0000000000000000 0000000000000000 0000000000000000\n GPR12: 0000000000000000 00003fff836ff7e0 c000000000010678 0000000000000000\n GPR16: 0000000000000000 0000000000000000 00003fffdcf78f28 00003fffdcf78f90\n GPR20: 0000000000000000 0000000000000000 0000000000000000 00003fffdcf78f80\n GPR24: 00003fffdcf78f70 00003fffdcf78d10 00003fff835c7239 00003fffdcf78bd8\n GPR28: 00003fffdcf78a98 0000000000000000 0000000000000000 000000011f547580\n[ 12.030316] NIP [00003fff82f5cfa8] 0x3fff82f5cfa8\n[ 12.030361] LR [00003fff82f5cfa8] 0x3fff82f5cfa8\n[ 12.030405] --- interrupt: 3000\n[ 12.030444] ==================================================================\n\nCommit c28c15b6d28a (\"powerpc/code-patching: Use temporary mm for\nRadix MMU\") is inspired from x86 but unlike x86 is doesn\u0027t disable\nKASAN reports during patching. This wasn\u0027t a problem at the begining\nbecause __patch_mem() is not instrumented.\n\nCommit 465cabc97b42 (\"powerpc/code-patching: introduce\npatch_instructions()\") use copy_to_kernel_nofault() to copy several\ninstructions at once. But when using temporary mm the destination is\nnot regular kernel memory but a kind of kernel-like memory located\nin user address space. \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21869",
"url": "https://www.suse.com/security/cve/CVE-2025-21869"
},
{
"category": "external",
"summary": "SUSE Bug 1240182 for CVE-2025-21869",
"url": "https://bugzilla.suse.com/1240182"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-21869"
},
{
"cve": "CVE-2025-21870",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21870"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: SOF: ipc4-topology: Harden loops for looking up ALH copiers\n\nOther, non DAI copier widgets could have the same stream name (sname) as\nthe ALH copier and in that case the copier-\u003edata is NULL, no alh_data is\nattached, which could lead to NULL pointer dereference.\nWe could check for this NULL pointer in sof_ipc4_prepare_copier_module()\nand avoid the crash, but a similar loop in sof_ipc4_widget_setup_comp_dai()\nwill miscalculate the ALH device count, causing broken audio.\n\nThe correct fix is to harden the matching logic by making sure that the\n1. widget is a DAI widget - so dai = w-\u003eprivate is valid\n2. the dai (and thus the copier) is ALH copier",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21870",
"url": "https://www.suse.com/security/cve/CVE-2025-21870"
},
{
"category": "external",
"summary": "SUSE Bug 1240191 for CVE-2025-21870",
"url": "https://bugzilla.suse.com/1240191"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-21870"
},
{
"cve": "CVE-2025-21871",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21871"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntee: optee: Fix supplicant wait loop\n\nOP-TEE supplicant is a user-space daemon and it\u0027s possible for it\nbe hung or crashed or killed in the middle of processing an OP-TEE\nRPC call. It becomes more complicated when there is incorrect shutdown\nordering of the supplicant process vs the OP-TEE client application which\ncan eventually lead to system hang-up waiting for the closure of the\nclient application.\n\nAllow the client process waiting in kernel for supplicant response to\nbe killed rather than indefinitely waiting in an unkillable state. Also,\na normal uninterruptible wait should not have resulted in the hung-task\nwatchdog getting triggered, but the endless loop would.\n\nThis fixes issues observed during system reboot/shutdown when supplicant\ngot hung for some reason or gets crashed/killed which lead to client\ngetting hung in an unkillable state. It in turn lead to system being in\nhung up state requiring hard power off/on to recover.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21871",
"url": "https://www.suse.com/security/cve/CVE-2025-21871"
},
{
"category": "external",
"summary": "SUSE Bug 1240183 for CVE-2025-21871",
"url": "https://bugzilla.suse.com/1240183"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-21871"
},
{
"cve": "CVE-2025-21876",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21876"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/vt-d: Fix suspicious RCU usage\n\nCommit \u003cd74169ceb0d2\u003e (\"iommu/vt-d: Allocate DMAR fault interrupts\nlocally\") moved the call to enable_drhd_fault_handling() to a code\npath that does not hold any lock while traversing the drhd list. Fix\nit by ensuring the dmar_global_lock lock is held when traversing the\ndrhd list.\n\nWithout this fix, the following warning is triggered:\n =============================\n WARNING: suspicious RCU usage\n 6.14.0-rc3 #55 Not tainted\n -----------------------------\n drivers/iommu/intel/dmar.c:2046 RCU-list traversed in non-reader section!!\n other info that might help us debug this:\n rcu_scheduler_active = 1, debug_locks = 1\n 2 locks held by cpuhp/1/23:\n #0: ffffffff84a67c50 (cpu_hotplug_lock){++++}-{0:0}, at: cpuhp_thread_fun+0x87/0x2c0\n #1: ffffffff84a6a380 (cpuhp_state-up){+.+.}-{0:0}, at: cpuhp_thread_fun+0x87/0x2c0\n stack backtrace:\n CPU: 1 UID: 0 PID: 23 Comm: cpuhp/1 Not tainted 6.14.0-rc3 #55\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0xb7/0xd0\n lockdep_rcu_suspicious+0x159/0x1f0\n ? __pfx_enable_drhd_fault_handling+0x10/0x10\n enable_drhd_fault_handling+0x151/0x180\n cpuhp_invoke_callback+0x1df/0x990\n cpuhp_thread_fun+0x1ea/0x2c0\n smpboot_thread_fn+0x1f5/0x2e0\n ? __pfx_smpboot_thread_fn+0x10/0x10\n kthread+0x12a/0x2d0\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x4a/0x60\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n\nHolding the lock in enable_drhd_fault_handling() triggers a lockdep splat\nabout a possible deadlock between dmar_global_lock and cpu_hotplug_lock.\nThis is avoided by not holding dmar_global_lock when calling\niommu_device_register(), which initiates the device probe process.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21876",
"url": "https://www.suse.com/security/cve/CVE-2025-21876"
},
{
"category": "external",
"summary": "SUSE Bug 1240179 for CVE-2025-21876",
"url": "https://bugzilla.suse.com/1240179"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-21876"
},
{
"cve": "CVE-2025-21877",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21877"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusbnet: gl620a: fix endpoint checking in genelink_bind()\n\nSyzbot reports [1] a warning in usb_submit_urb() triggered by\ninconsistencies between expected and actually present endpoints\nin gl620a driver. Since genelink_bind() does not properly\nverify whether specified eps are in fact provided by the device,\nin this case, an artificially manufactured one, one may get a\nmismatch.\n\nFix the issue by resorting to a usbnet utility function\nusbnet_get_endpoints(), usually reserved for this very problem.\nCheck for endpoints and return early before proceeding further if\nany are missing.\n\n[1] Syzbot report:\nusb 5-1: Manufacturer: syz\nusb 5-1: SerialNumber: syz\nusb 5-1: config 0 descriptor??\ngl620a 5-1:0.23 usb0: register \u0027gl620a\u0027 at usb-dummy_hcd.0-1, ...\n------------[ cut here ]------------\nusb 5-1: BOGUS urb xfer, pipe 3 != type 1\nWARNING: CPU: 2 PID: 1841 at drivers/usb/core/urb.c:503 usb_submit_urb+0xe4b/0x1730 drivers/usb/core/urb.c:503\nModules linked in:\nCPU: 2 UID: 0 PID: 1841 Comm: kworker/2:2 Not tainted 6.12.0-syzkaller-07834-g06afb0f36106 #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\nWorkqueue: mld mld_ifc_work\nRIP: 0010:usb_submit_urb+0xe4b/0x1730 drivers/usb/core/urb.c:503\n...\nCall Trace:\n \u003cTASK\u003e\n usbnet_start_xmit+0x6be/0x2780 drivers/net/usb/usbnet.c:1467\n __netdev_start_xmit include/linux/netdevice.h:5002 [inline]\n netdev_start_xmit include/linux/netdevice.h:5011 [inline]\n xmit_one net/core/dev.c:3590 [inline]\n dev_hard_start_xmit+0x9a/0x7b0 net/core/dev.c:3606\n sch_direct_xmit+0x1ae/0xc30 net/sched/sch_generic.c:343\n __dev_xmit_skb net/core/dev.c:3827 [inline]\n __dev_queue_xmit+0x13d4/0x43e0 net/core/dev.c:4400\n dev_queue_xmit include/linux/netdevice.h:3168 [inline]\n neigh_resolve_output net/core/neighbour.c:1514 [inline]\n neigh_resolve_output+0x5bc/0x950 net/core/neighbour.c:1494\n neigh_output include/net/neighbour.h:539 [inline]\n ip6_finish_output2+0xb1b/0x2070 net/ipv6/ip6_output.c:141\n __ip6_finish_output net/ipv6/ip6_output.c:215 [inline]\n ip6_finish_output+0x3f9/0x1360 net/ipv6/ip6_output.c:226\n NF_HOOK_COND include/linux/netfilter.h:303 [inline]\n ip6_output+0x1f8/0x540 net/ipv6/ip6_output.c:247\n dst_output include/net/dst.h:450 [inline]\n NF_HOOK include/linux/netfilter.h:314 [inline]\n NF_HOOK include/linux/netfilter.h:308 [inline]\n mld_sendpack+0x9f0/0x11d0 net/ipv6/mcast.c:1819\n mld_send_cr net/ipv6/mcast.c:2120 [inline]\n mld_ifc_work+0x740/0xca0 net/ipv6/mcast.c:2651\n process_one_work+0x9c5/0x1ba0 kernel/workqueue.c:3229\n process_scheduled_works kernel/workqueue.c:3310 [inline]\n worker_thread+0x6c8/0xf00 kernel/workqueue.c:3391\n kthread+0x2c1/0x3a0 kernel/kthread.c:389\n ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21877",
"url": "https://www.suse.com/security/cve/CVE-2025-21877"
},
{
"category": "external",
"summary": "SUSE Bug 1240172 for CVE-2025-21877",
"url": "https://bugzilla.suse.com/1240172"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-21877"
},
{
"cve": "CVE-2025-21878",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21878"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni2c: npcm: disable interrupt enable bit before devm_request_irq\n\nThe customer reports that there is a soft lockup issue related to\nthe i2c driver. After checking, the i2c module was doing a tx transfer\nand the bmc machine reboots in the middle of the i2c transaction, the i2c\nmodule keeps the status without being reset.\n\nDue to such an i2c module status, the i2c irq handler keeps getting\ntriggered since the i2c irq handler is registered in the kernel booting\nprocess after the bmc machine is doing a warm rebooting.\nThe continuous triggering is stopped by the soft lockup watchdog timer.\n\nDisable the interrupt enable bit in the i2c module before calling\ndevm_request_irq to fix this issue since the i2c relative status bit\nis read-only.\n\nHere is the soft lockup log.\n[ 28.176395] watchdog: BUG: soft lockup - CPU#0 stuck for 26s! [swapper/0:1]\n[ 28.183351] Modules linked in:\n[ 28.186407] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.15.120-yocto-s-dirty-bbebc78 #1\n[ 28.201174] pstate: 40000005 (nZcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 28.208128] pc : __do_softirq+0xb0/0x368\n[ 28.212055] lr : __do_softirq+0x70/0x368\n[ 28.215972] sp : ffffff8035ebca00\n[ 28.219278] x29: ffffff8035ebca00 x28: 0000000000000002 x27: ffffff80071a3780\n[ 28.226412] x26: ffffffc008bdc000 x25: ffffffc008bcc640 x24: ffffffc008be50c0\n[ 28.233546] x23: ffffffc00800200c x22: 0000000000000000 x21: 000000000000001b\n[ 28.240679] x20: 0000000000000000 x19: ffffff80001c3200 x18: ffffffffffffffff\n[ 28.247812] x17: ffffffc02d2e0000 x16: ffffff8035eb8b40 x15: 00001e8480000000\n[ 28.254945] x14: 02c3647e37dbfcb6 x13: 02c364f2ab14200c x12: 0000000002c364f2\n[ 28.262078] x11: 00000000fa83b2da x10: 000000000000b67e x9 : ffffffc008010250\n[ 28.269211] x8 : 000000009d983d00 x7 : 7fffffffffffffff x6 : 0000036d74732434\n[ 28.276344] x5 : 00ffffffffffffff x4 : 0000000000000015 x3 : 0000000000000198\n[ 28.283476] x2 : ffffffc02d2e0000 x1 : 00000000000000e0 x0 : ffffffc008bdcb40\n[ 28.290611] Call trace:\n[ 28.293052] __do_softirq+0xb0/0x368\n[ 28.296625] __irq_exit_rcu+0xe0/0x100\n[ 28.300374] irq_exit+0x14/0x20\n[ 28.303513] handle_domain_irq+0x68/0x90\n[ 28.307440] gic_handle_irq+0x78/0xb0\n[ 28.311098] call_on_irq_stack+0x20/0x38\n[ 28.315019] do_interrupt_handler+0x54/0x5c\n[ 28.319199] el1_interrupt+0x2c/0x4c\n[ 28.322777] el1h_64_irq_handler+0x14/0x20\n[ 28.326872] el1h_64_irq+0x74/0x78\n[ 28.330269] __setup_irq+0x454/0x780\n[ 28.333841] request_threaded_irq+0xd0/0x1b4\n[ 28.338107] devm_request_threaded_irq+0x84/0x100\n[ 28.342809] npcm_i2c_probe_bus+0x188/0x3d0\n[ 28.346990] platform_probe+0x6c/0xc4\n[ 28.350653] really_probe+0xcc/0x45c\n[ 28.354227] __driver_probe_device+0x8c/0x160\n[ 28.358578] driver_probe_device+0x44/0xe0\n[ 28.362670] __driver_attach+0x124/0x1d0\n[ 28.366589] bus_for_each_dev+0x7c/0xe0\n[ 28.370426] driver_attach+0x28/0x30\n[ 28.373997] bus_add_driver+0x124/0x240\n[ 28.377830] driver_register+0x7c/0x124\n[ 28.381662] __platform_driver_register+0x2c/0x34\n[ 28.386362] npcm_i2c_init+0x3c/0x5c\n[ 28.389937] do_one_initcall+0x74/0x230\n[ 28.393768] kernel_init_freeable+0x24c/0x2b4\n[ 28.398126] kernel_init+0x28/0x130\n[ 28.401614] ret_from_fork+0x10/0x20\n[ 28.405189] Kernel panic - not syncing: softlockup: hung tasks\n[ 28.411011] SMP: stopping secondary CPUs\n[ 28.414933] Kernel Offset: disabled\n[ 28.418412] CPU features: 0x00000000,00000802\n[ 28.427644] Rebooting in 20 seconds..",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21878",
"url": "https://www.suse.com/security/cve/CVE-2025-21878"
},
{
"category": "external",
"summary": "SUSE Bug 1240192 for CVE-2025-21878",
"url": "https://bugzilla.suse.com/1240192"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-21878"
},
{
"cve": "CVE-2025-21883",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21883"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: Fix deinitializing VF in error path\n\nIf ice_ena_vfs() fails after calling ice_create_vf_entries(), it frees\nall VFs without removing them from snapshot PF-VF mailbox list, leading\nto list corruption.\n\nReproducer:\n devlink dev eswitch set $PF1_PCI mode switchdev\n ip l s $PF1 up\n ip l s $PF1 promisc on\n sleep 1\n echo 1 \u003e /sys/class/net/$PF1/device/sriov_numvfs\n sleep 1\n echo 1 \u003e /sys/class/net/$PF1/device/sriov_numvfs\n\nTrace (minimized):\n list_add corruption. next-\u003eprev should be prev (ffff8882e241c6f0), but was 0000000000000000. (next=ffff888455da1330).\n kernel BUG at lib/list_debug.c:29!\n RIP: 0010:__list_add_valid_or_report+0xa6/0x100\n ice_mbx_init_vf_info+0xa7/0x180 [ice]\n ice_initialize_vf_entry+0x1fa/0x250 [ice]\n ice_sriov_configure+0x8d7/0x1520 [ice]\n ? __percpu_ref_switch_mode+0x1b1/0x5d0\n ? __pfx_ice_sriov_configure+0x10/0x10 [ice]\n\nSometimes a KASAN report can be seen instead with a similar stack trace:\n BUG: KASAN: use-after-free in __list_add_valid_or_report+0xf1/0x100\n\nVFs are added to this list in ice_mbx_init_vf_info(), but only removed\nin ice_free_vfs(). Move the removing to ice_free_vf_entries(), which is\nalso being called in other places where VFs are being removed (including\nice_free_vfs() itself).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21883",
"url": "https://www.suse.com/security/cve/CVE-2025-21883"
},
{
"category": "external",
"summary": "SUSE Bug 1240189 for CVE-2025-21883",
"url": "https://bugzilla.suse.com/1240189"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-21883"
},
{
"cve": "CVE-2025-21885",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21885"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/bnxt_re: Fix the page details for the srq created by kernel consumers\n\nWhile using nvme target with use_srq on, below kernel panic is noticed.\n\n[ 549.698111] bnxt_en 0000:41:00.0 enp65s0np0: FEC autoneg off encoding: Clause 91 RS(544,514)\n[ 566.393619] Oops: divide error: 0000 [#1] PREEMPT SMP NOPTI\n..\n[ 566.393799] \u003cTASK\u003e\n[ 566.393807] ? __die_body+0x1a/0x60\n[ 566.393823] ? die+0x38/0x60\n[ 566.393835] ? do_trap+0xe4/0x110\n[ 566.393847] ? bnxt_qplib_alloc_init_hwq+0x1d4/0x580 [bnxt_re]\n[ 566.393867] ? bnxt_qplib_alloc_init_hwq+0x1d4/0x580 [bnxt_re]\n[ 566.393881] ? do_error_trap+0x7c/0x120\n[ 566.393890] ? bnxt_qplib_alloc_init_hwq+0x1d4/0x580 [bnxt_re]\n[ 566.393911] ? exc_divide_error+0x34/0x50\n[ 566.393923] ? bnxt_qplib_alloc_init_hwq+0x1d4/0x580 [bnxt_re]\n[ 566.393939] ? asm_exc_divide_error+0x16/0x20\n[ 566.393966] ? bnxt_qplib_alloc_init_hwq+0x1d4/0x580 [bnxt_re]\n[ 566.393997] bnxt_qplib_create_srq+0xc9/0x340 [bnxt_re]\n[ 566.394040] bnxt_re_create_srq+0x335/0x3b0 [bnxt_re]\n[ 566.394057] ? srso_return_thunk+0x5/0x5f\n[ 566.394068] ? __init_swait_queue_head+0x4a/0x60\n[ 566.394090] ib_create_srq_user+0xa7/0x150 [ib_core]\n[ 566.394147] nvmet_rdma_queue_connect+0x7d0/0xbe0 [nvmet_rdma]\n[ 566.394174] ? lock_release+0x22c/0x3f0\n[ 566.394187] ? srso_return_thunk+0x5/0x5f\n\nPage size and shift info is set only for the user space SRQs.\nSet page size and page shift for kernel space SRQs also.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21885",
"url": "https://www.suse.com/security/cve/CVE-2025-21885"
},
{
"category": "external",
"summary": "SUSE Bug 1240169 for CVE-2025-21885",
"url": "https://bugzilla.suse.com/1240169"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-21885"
},
{
"cve": "CVE-2025-21886",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21886"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mlx5: Fix implicit ODP hang on parent deregistration\n\nFix the destroy_unused_implicit_child_mr() to prevent hanging during\nparent deregistration as of below [1].\n\nUpon entering destroy_unused_implicit_child_mr(), the reference count\nfor the implicit MR parent is incremented using:\nrefcount_inc_not_zero().\n\nA corresponding decrement must be performed if\nfree_implicit_child_mr_work() is not called.\n\nThe code has been updated to properly manage the reference count that\nwas incremented.\n\n[1]\nINFO: task python3:2157 blocked for more than 120 seconds.\nNot tainted 6.12.0-rc7+ #1633\n\"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\ntask:python3 state:D stack:0 pid:2157 tgid:2157 ppid:1685 flags:0x00000000\nCall Trace:\n\u003cTASK\u003e\n__schedule+0x420/0xd30\nschedule+0x47/0x130\n__mlx5_ib_dereg_mr+0x379/0x5d0 [mlx5_ib]\n? __pfx_autoremove_wake_function+0x10/0x10\nib_dereg_mr_user+0x5f/0x120 [ib_core]\n? lock_release+0xc6/0x280\ndestroy_hw_idr_uobject+0x1d/0x60 [ib_uverbs]\nuverbs_destroy_uobject+0x58/0x1d0 [ib_uverbs]\nuobj_destroy+0x3f/0x70 [ib_uverbs]\nib_uverbs_cmd_verbs+0x3e4/0xbb0 [ib_uverbs]\n? __pfx_uverbs_destroy_def_handler+0x10/0x10 [ib_uverbs]\n? lock_acquire+0xc1/0x2f0\n? ib_uverbs_ioctl+0xcb/0x170 [ib_uverbs]\n? ib_uverbs_ioctl+0x116/0x170 [ib_uverbs]\n? lock_release+0xc6/0x280\nib_uverbs_ioctl+0xe7/0x170 [ib_uverbs]\n? ib_uverbs_ioctl+0xcb/0x170 [ib_uverbs]\n __x64_sys_ioctl+0x1b0/0xa70\n? kmem_cache_free+0x221/0x400\ndo_syscall_64+0x6b/0x140\nentry_SYSCALL_64_after_hwframe+0x76/0x7e\nRIP: 0033:0x7f20f21f017b\nRSP: 002b:00007ffcfc4a77c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\nRAX: ffffffffffffffda RBX: 00007ffcfc4a78d8 RCX: 00007f20f21f017b\nRDX: 00007ffcfc4a78c0 RSI: 00000000c0181b01 RDI: 0000000000000003\nRBP: 00007ffcfc4a78a0 R08: 000056147d125190 R09: 00007f20f1f14c60\nR10: 0000000000000001 R11: 0000000000000246 R12: 00007ffcfc4a7890\nR13: 000000000000001c R14: 000056147d100fc0 R15: 00007f20e365c9d0\n\u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21886",
"url": "https://www.suse.com/security/cve/CVE-2025-21886"
},
{
"category": "external",
"summary": "SUSE Bug 1240188 for CVE-2025-21886",
"url": "https://bugzilla.suse.com/1240188"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-21886"
},
{
"cve": "CVE-2025-21888",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21888"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mlx5: Fix a WARN during dereg_mr for DM type\n\nMemory regions (MR) of type DM (device memory) do not have an associated\numem.\n\nIn the __mlx5_ib_dereg_mr() -\u003e mlx5_free_priv_descs() flow, the code\nincorrectly takes the wrong branch, attempting to call\ndma_unmap_single() on a DMA address that is not mapped.\n\nThis results in a WARN [1], as shown below.\n\nThe issue is resolved by properly accounting for the DM type and\nensuring the correct branch is selected in mlx5_free_priv_descs().\n\n[1]\nWARNING: CPU: 12 PID: 1346 at drivers/iommu/dma-iommu.c:1230 iommu_dma_unmap_page+0x79/0x90\nModules linked in: ip6table_mangle ip6table_nat ip6table_filter ip6_tables iptable_mangle xt_conntrack xt_MASQUERADE nf_conntrack_netlink nfnetlink xt_addrtype iptable_nat nf_nat br_netfilter rpcsec_gss_krb5 auth_rpcgss oid_registry ovelay rpcrdma rdma_ucm ib_iser libiscsi scsi_transport_iscsi ib_umad rdma_cm ib_ipoib iw_cm ib_cm mlx5_ib ib_uverbs ib_core fuse mlx5_core\nCPU: 12 UID: 0 PID: 1346 Comm: ibv_rc_pingpong Not tainted 6.12.0-rc7+ #1631\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\nRIP: 0010:iommu_dma_unmap_page+0x79/0x90\nCode: 2b 49 3b 29 72 26 49 3b 69 08 73 20 4d 89 f0 44 89 e9 4c 89 e2 48 89 ee 48 89 df 5b 5d 41 5c 41 5d 41 5e 41 5f e9 07 b8 88 ff \u003c0f\u003e 0b 5b 5d 41 5c 41 5d 41 5e 41 5f c3 cc cc cc cc 66 0f 1f 44 00\nRSP: 0018:ffffc90001913a10 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: ffff88810194b0a8 RCX: 0000000000000000\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001\nRBP: ffff88810194b0a8 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000000\nR13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000000\nFS: 00007f537abdd740(0000) GS:ffff88885fb00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f537aeb8000 CR3: 000000010c248001 CR4: 0000000000372eb0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n\u003cTASK\u003e\n? __warn+0x84/0x190\n? iommu_dma_unmap_page+0x79/0x90\n? report_bug+0xf8/0x1c0\n? handle_bug+0x55/0x90\n? exc_invalid_op+0x13/0x60\n? asm_exc_invalid_op+0x16/0x20\n? iommu_dma_unmap_page+0x79/0x90\ndma_unmap_page_attrs+0xe6/0x290\nmlx5_free_priv_descs+0xb0/0xe0 [mlx5_ib]\n__mlx5_ib_dereg_mr+0x37e/0x520 [mlx5_ib]\n? _raw_spin_unlock_irq+0x24/0x40\n? wait_for_completion+0xfe/0x130\n? rdma_restrack_put+0x63/0xe0 [ib_core]\nib_dereg_mr_user+0x5f/0x120 [ib_core]\n? lock_release+0xc6/0x280\ndestroy_hw_idr_uobject+0x1d/0x60 [ib_uverbs]\nuverbs_destroy_uobject+0x58/0x1d0 [ib_uverbs]\nuobj_destroy+0x3f/0x70 [ib_uverbs]\nib_uverbs_cmd_verbs+0x3e4/0xbb0 [ib_uverbs]\n? __pfx_uverbs_destroy_def_handler+0x10/0x10 [ib_uverbs]\n? lock_acquire+0xc1/0x2f0\n? ib_uverbs_ioctl+0xcb/0x170 [ib_uverbs]\n? ib_uverbs_ioctl+0x116/0x170 [ib_uverbs]\n? lock_release+0xc6/0x280\nib_uverbs_ioctl+0xe7/0x170 [ib_uverbs]\n? ib_uverbs_ioctl+0xcb/0x170 [ib_uverbs]\n__x64_sys_ioctl+0x1b0/0xa70\ndo_syscall_64+0x6b/0x140\nentry_SYSCALL_64_after_hwframe+0x76/0x7e\nRIP: 0033:0x7f537adaf17b\nCode: 0f 1e fa 48 8b 05 1d ad 0c 00 64 c7 00 26 00 00 00 48 c7 c0 ff ff ff ff c3 66 0f 1f 44 00 00 f3 0f 1e fa b8 10 00 00 00 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 0d ed ac 0c 00 f7 d8 64 89 01 48\nRSP: 002b:00007ffff218f0b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\nRAX: ffffffffffffffda RBX: 00007ffff218f1d8 RCX: 00007f537adaf17b\nRDX: 00007ffff218f1c0 RSI: 00000000c0181b01 RDI: 0000000000000003\nRBP: 00007ffff218f1a0 R08: 00007f537aa8d010 R09: 0000561ee2e4f270\nR10: 00007f537aace3a8 R11: 0000000000000246 R12: 00007ffff218f190\nR13: 000000000000001c R14: 0000561ee2e4d7c0 R15: 00007ffff218f450\n\u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21888",
"url": "https://www.suse.com/security/cve/CVE-2025-21888"
},
{
"category": "external",
"summary": "SUSE Bug 1240177 for CVE-2025-21888",
"url": "https://bugzilla.suse.com/1240177"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-21888"
},
{
"cve": "CVE-2025-21890",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21890"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nidpf: fix checksums set in idpf_rx_rsc()\n\nidpf_rx_rsc() uses skb_transport_offset(skb) while the transport header\nis not set yet.\n\nThis triggers the following warning for CONFIG_DEBUG_NET=y builds.\n\nDEBUG_NET_WARN_ON_ONCE(!skb_transport_header_was_set(skb))\n\n[ 69.261620] WARNING: CPU: 7 PID: 0 at ./include/linux/skbuff.h:3020 idpf_vport_splitq_napi_poll (include/linux/skbuff.h:3020) idpf\n[ 69.261629] Modules linked in: vfat fat dummy bridge intel_uncore_frequency_tpmi intel_uncore_frequency_common intel_vsec_tpmi idpf intel_vsec cdc_ncm cdc_eem cdc_ether usbnet mii xhci_pci xhci_hcd ehci_pci ehci_hcd libeth\n[ 69.261644] CPU: 7 UID: 0 PID: 0 Comm: swapper/7 Tainted: G S W 6.14.0-smp-DEV #1697\n[ 69.261648] Tainted: [S]=CPU_OUT_OF_SPEC, [W]=WARN\n[ 69.261650] RIP: 0010:idpf_vport_splitq_napi_poll (include/linux/skbuff.h:3020) idpf\n[ 69.261677] ? __warn (kernel/panic.c:242 kernel/panic.c:748)\n[ 69.261682] ? idpf_vport_splitq_napi_poll (include/linux/skbuff.h:3020) idpf\n[ 69.261687] ? report_bug (lib/bug.c:?)\n[ 69.261690] ? handle_bug (arch/x86/kernel/traps.c:285)\n[ 69.261694] ? exc_invalid_op (arch/x86/kernel/traps.c:309)\n[ 69.261697] ? asm_exc_invalid_op (arch/x86/include/asm/idtentry.h:621)\n[ 69.261700] ? __pfx_idpf_vport_splitq_napi_poll (drivers/net/ethernet/intel/idpf/idpf_txrx.c:4011) idpf\n[ 69.261704] ? idpf_vport_splitq_napi_poll (include/linux/skbuff.h:3020) idpf\n[ 69.261708] ? idpf_vport_splitq_napi_poll (drivers/net/ethernet/intel/idpf/idpf_txrx.c:3072) idpf\n[ 69.261712] __napi_poll (net/core/dev.c:7194)\n[ 69.261716] net_rx_action (net/core/dev.c:7265)\n[ 69.261718] ? __qdisc_run (net/sched/sch_generic.c:293)\n[ 69.261721] ? sched_clock (arch/x86/include/asm/preempt.h:84 arch/x86/kernel/tsc.c:288)\n[ 69.261726] handle_softirqs (kernel/softirq.c:561)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21890",
"url": "https://www.suse.com/security/cve/CVE-2025-21890"
},
{
"category": "external",
"summary": "SUSE Bug 1240173 for CVE-2025-21890",
"url": "https://bugzilla.suse.com/1240173"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-21890"
},
{
"cve": "CVE-2025-21891",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21891"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipvlan: ensure network headers are in skb linear part\n\nsyzbot found that ipvlan_process_v6_outbound() was assuming\nthe IPv6 network header isis present in skb-\u003ehead [1]\n\nAdd the needed pskb_network_may_pull() calls for both\nIPv4 and IPv6 handlers.\n\n[1]\nBUG: KMSAN: uninit-value in __ipv6_addr_type+0xa2/0x490 net/ipv6/addrconf_core.c:47\n __ipv6_addr_type+0xa2/0x490 net/ipv6/addrconf_core.c:47\n ipv6_addr_type include/net/ipv6.h:555 [inline]\n ip6_route_output_flags_noref net/ipv6/route.c:2616 [inline]\n ip6_route_output_flags+0x51/0x720 net/ipv6/route.c:2651\n ip6_route_output include/net/ip6_route.h:93 [inline]\n ipvlan_route_v6_outbound+0x24e/0x520 drivers/net/ipvlan/ipvlan_core.c:476\n ipvlan_process_v6_outbound drivers/net/ipvlan/ipvlan_core.c:491 [inline]\n ipvlan_process_outbound drivers/net/ipvlan/ipvlan_core.c:541 [inline]\n ipvlan_xmit_mode_l3 drivers/net/ipvlan/ipvlan_core.c:605 [inline]\n ipvlan_queue_xmit+0xd72/0x1780 drivers/net/ipvlan/ipvlan_core.c:671\n ipvlan_start_xmit+0x5b/0x210 drivers/net/ipvlan/ipvlan_main.c:223\n __netdev_start_xmit include/linux/netdevice.h:5150 [inline]\n netdev_start_xmit include/linux/netdevice.h:5159 [inline]\n xmit_one net/core/dev.c:3735 [inline]\n dev_hard_start_xmit+0x247/0xa20 net/core/dev.c:3751\n sch_direct_xmit+0x399/0xd40 net/sched/sch_generic.c:343\n qdisc_restart net/sched/sch_generic.c:408 [inline]\n __qdisc_run+0x14da/0x35d0 net/sched/sch_generic.c:416\n qdisc_run+0x141/0x4d0 include/net/pkt_sched.h:127\n net_tx_action+0x78b/0x940 net/core/dev.c:5484\n handle_softirqs+0x1a0/0x7c0 kernel/softirq.c:561\n __do_softirq+0x14/0x1a kernel/softirq.c:595\n do_softirq+0x9a/0x100 kernel/softirq.c:462\n __local_bh_enable_ip+0x9f/0xb0 kernel/softirq.c:389\n local_bh_enable include/linux/bottom_half.h:33 [inline]\n rcu_read_unlock_bh include/linux/rcupdate.h:919 [inline]\n __dev_queue_xmit+0x2758/0x57d0 net/core/dev.c:4611\n dev_queue_xmit include/linux/netdevice.h:3311 [inline]\n packet_xmit+0x9c/0x6c0 net/packet/af_packet.c:276\n packet_snd net/packet/af_packet.c:3132 [inline]\n packet_sendmsg+0x93e0/0xa7e0 net/packet/af_packet.c:3164\n sock_sendmsg_nosec net/socket.c:718 [inline]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21891",
"url": "https://www.suse.com/security/cve/CVE-2025-21891"
},
{
"category": "external",
"summary": "SUSE Bug 1240186 for CVE-2025-21891",
"url": "https://bugzilla.suse.com/1240186"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-21891"
},
{
"cve": "CVE-2025-21892",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21892"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mlx5: Fix the recovery flow of the UMR QP\n\nThis patch addresses an issue in the recovery flow of the UMR QP,\nensuring tasks do not get stuck, as highlighted by the call trace [1].\n\nDuring recovery, before transitioning the QP to the RESET state, the\nsoftware must wait for all outstanding WRs to complete.\n\nFailing to do so can cause the firmware to skip sending some flushed\nCQEs with errors and simply discard them upon the RESET, as per the IB\nspecification.\n\nThis race condition can result in lost CQEs and tasks becoming stuck.\n\nTo resolve this, the patch sends a final WR which serves only as a\nbarrier before moving the QP state to RESET.\n\nOnce a CQE is received for that final WR, it guarantees that no\noutstanding WRs remain, making it safe to transition the QP to RESET and\nsubsequently back to RTS, restoring proper functionality.\n\nNote:\nFor the barrier WR, we simply reuse the failed and ready WR.\nSince the QP is in an error state, it will only receive\nIB_WC_WR_FLUSH_ERR. However, as it serves only as a barrier we don\u0027t\ncare about its status.\n\n[1]\nINFO: task rdma_resource_l:1922 blocked for more than 120 seconds.\nTainted: G W 6.12.0-rc7+ #1626\n\"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\ntask:rdma_resource_l state:D stack:0 pid:1922 tgid:1922 ppid:1369\n flags:0x00004004\nCall Trace:\n\u003cTASK\u003e\n__schedule+0x420/0xd30\nschedule+0x47/0x130\nschedule_timeout+0x280/0x300\n? mark_held_locks+0x48/0x80\n? lockdep_hardirqs_on_prepare+0xe5/0x1a0\nwait_for_completion+0x75/0x130\nmlx5r_umr_post_send_wait+0x3c2/0x5b0 [mlx5_ib]\n? __pfx_mlx5r_umr_done+0x10/0x10 [mlx5_ib]\nmlx5r_umr_revoke_mr+0x93/0xc0 [mlx5_ib]\n__mlx5_ib_dereg_mr+0x299/0x520 [mlx5_ib]\n? _raw_spin_unlock_irq+0x24/0x40\n? wait_for_completion+0xfe/0x130\n? rdma_restrack_put+0x63/0xe0 [ib_core]\nib_dereg_mr_user+0x5f/0x120 [ib_core]\n? lock_release+0xc6/0x280\ndestroy_hw_idr_uobject+0x1d/0x60 [ib_uverbs]\nuverbs_destroy_uobject+0x58/0x1d0 [ib_uverbs]\nuobj_destroy+0x3f/0x70 [ib_uverbs]\nib_uverbs_cmd_verbs+0x3e4/0xbb0 [ib_uverbs]\n? __pfx_uverbs_destroy_def_handler+0x10/0x10 [ib_uverbs]\n? __lock_acquire+0x64e/0x2080\n? mark_held_locks+0x48/0x80\n? find_held_lock+0x2d/0xa0\n? lock_acquire+0xc1/0x2f0\n? ib_uverbs_ioctl+0xcb/0x170 [ib_uverbs]\n? __fget_files+0xc3/0x1b0\nib_uverbs_ioctl+0xe7/0x170 [ib_uverbs]\n? ib_uverbs_ioctl+0xcb/0x170 [ib_uverbs]\n__x64_sys_ioctl+0x1b0/0xa70\ndo_syscall_64+0x6b/0x140\nentry_SYSCALL_64_after_hwframe+0x76/0x7e\nRIP: 0033:0x7f99c918b17b\nRSP: 002b:00007ffc766d0468 EFLAGS: 00000246 ORIG_RAX:\n 0000000000000010\nRAX: ffffffffffffffda RBX: 00007ffc766d0578 RCX:\n 00007f99c918b17b\nRDX: 00007ffc766d0560 RSI: 00000000c0181b01 RDI:\n 0000000000000003\nRBP: 00007ffc766d0540 R08: 00007f99c8f99010 R09:\n 000000000000bd7e\nR10: 00007f99c94c1c70 R11: 0000000000000246 R12:\n 00007ffc766d0530\nR13: 000000000000001c R14: 0000000040246a80 R15:\n 0000000000000000\n\u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21892",
"url": "https://www.suse.com/security/cve/CVE-2025-21892"
},
{
"category": "external",
"summary": "SUSE Bug 1240175 for CVE-2025-21892",
"url": "https://bugzilla.suse.com/1240175"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T09:25:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-21892"
}
]
}
SUSE-SU-2025:0499-1
Vulnerability from csaf_suse - Published: 2025-02-13 08:14 - Updated: 2025-02-13 08:14Summary
Security update for the Linux Kernel
Notes
Title of the patch
Security update for the Linux Kernel
Description of the patch
The SUSE Linux Enterprise 15 SP6 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2025-21682: eth: bnxt: always recalculate features after XDP clearing, fix null-deref (bsc#1236703).
- CVE-2025-21678: gtp: Destroy device along with udp socket's netns dismantle (bsc#1236698).
- CVE-2025-21676: net: fec: handle page_pool_dev_alloc_pages error (bsc#1236696).
- CVE-2025-21675: net/mlx5: Clear port select structure when fail to create (bsc#1236694).
- CVE-2025-21674: net/mlx5e: Fix inversion dependency warning while enabling IPsec tunnel (bsc#1236688).
- CVE-2025-21670: vsock/bpf: return early if transport is not assigned (bsc#1236685).
- CVE-2025-21669: vsock/virtio: discard packets if the transport changes (bsc#1236683).
- CVE-2025-21666: vsock: prevent null-ptr-deref in vsock_*[has_data|has_space] (bsc#1236680).
- CVE-2025-21664: dm thin: make get_first_thin use rcu-safe list first function (bsc#1236262).
- CVE-2025-21663: net: stmmac: dwmac-tegra: Read iommu stream id from device tree (bsc#1236260).
- CVE-2025-21662: net/mlx5: Fix variable not being completed when function returns (bsc#1236198).
- CVE-2025-21655: io_uring/eventfd: ensure io_eventfd_signal() defers another RCU period (bsc#1236163).
- CVE-2025-21653: net_sched: cls_flow: validate TCA_FLOW_RSHIFT attribute (bsc#1236161).
- CVE-2025-21652: ipvlan: Fix use-after-free in ipvlan_get_iflink() (bsc#1236160).
- CVE-2025-21651: net: hns3: do not auto enable misc vector (bsc#1236145).
- CVE-2025-21650: net: hns3: fixed hclge_fetch_pf_reg accesses bar space out of bounds issue (bsc#1236144).
- CVE-2025-21649: net: hns3: fix kernel crash when 1588 is sent on HIP08 devices (bsc#1236143).
- CVE-2025-21632: x86/fpu: Ensure shadow stack is active before 'getting' registers (bsc#1236106).
- CVE-2024-57946: virtio-blk: do not keep queue frozen during system suspend (bsc#1236247).
- CVE-2024-57938: net/sctp: Prevent autoclose integer overflow in sctp_association_init() (bsc#1236182).
- CVE-2024-57933: gve: guard XSK operations on the existence of queues (bsc#1236178).
- CVE-2024-57932: gve: guard XDP xmit NDO on existence of xdp queues (bsc#1236190).
- CVE-2024-57931: selinux: ignore unknown extended permissions (bsc#1236192).
- CVE-2024-57929: dm array: fix releasing a faulty array block twice in dm_array_cursor_end (bsc#1236096).
- CVE-2024-57917: topology: Keep the cpumask unchanged when printing cpumap (bsc#1236127).
- CVE-2024-57903: net: restrict SO_REUSEPORT to inet sockets (bsc#1235967).
- CVE-2024-57896: btrfs: flush delalloc workers queue before stopping cleaner kthread during unmount (bsc#1235965).
- CVE-2024-57892: ocfs2: fix slab-use-after-free due to dangling pointer dqi_priv (bsc#1235964).
- CVE-2024-57884: mm: vmscan: account for free pages to prevent infinite Loop in throttle_direct_reclaim() (bsc#1235948).
- CVE-2024-57882: mptcp: fix TCP options overflow. (bsc#1235914).
- CVE-2024-57857: RDMA/siw: Remove direct link to net_device (bsc#1235946).
- CVE-2024-57838: s390/entry: Mark IRQ entries to fix stack depot warnings (bsc#1235798).
- CVE-2024-57809: PCI: imx6: Fix suspend/resume support on i.MX6QDL (bsc#1235793).
- CVE-2024-57804: scsi: mpi3mr: Fix corrupt config pages PHY state is switched in sysfs (bsc#1235779).
- CVE-2024-57802: netrom: check buffer length before accessing it (bsc#1235941).
- CVE-2024-57801: net/mlx5e: Skip restore TC rules for vport rep without loaded flag (bsc#1235940).
- CVE-2024-57795: RDMA/rxe: Remove the direct link to net_device (bsc#1235906).
- CVE-2024-57793: virt: tdx-guest: Just leak decrypted memory on unrecoverable errors (bsc#1235768).
- CVE-2024-57791: net/smc: check return value of sock_recvmsg when draining clc data (bsc#1235759).
- CVE-2024-56775: drm/amd/display: Fix handling of plane refcount (bsc#1235657).
- CVE-2024-56774: btrfs: add a sanity check for btrfs root in btrfs_search_slot() (bsc#1235653).
- CVE-2024-56763: tracing: Prevent bad count for tracing_cpumask_write (bsc#1235638).
- CVE-2024-56759: btrfs: fix use-after-free when COWing tree bock and tracing is enabled (bsc#1235645).
- CVE-2024-56748: scsi: qedf: Fix a possible memory leak in qedf_alloc_and_init_sb() (bsc#1235627).
- CVE-2024-56747: scsi: qedi: Fix a possible memory leak in qedi_alloc_and_init_sb() (bsc#1234934).
- CVE-2024-56729: smb: Initialize cfid->tcon before performing network ops (bsc#1235503).
- CVE-2024-56728: octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_ethtool.c (bsc#1235656).
- CVE-2024-56727: octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_flows.c (bsc#1235583).
- CVE-2024-56726: octeontx2-pf: handle otx2_mbox_get_rsp errors in cn10k.c (bsc#1235582).
- CVE-2024-56725: octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_dcbnl.c (bsc#1235578).
- CVE-2024-56716: netdevsim: prevent bad user input in nsim_dev_health_break_write() (bsc#1235587).
- CVE-2024-56715: ionic: Fix netdev notifier unregister on failure (bsc#1235612).
- CVE-2024-56712: udmabuf: fix memory leak on last export_udmabuf() error path (bsc#1235565).
- CVE-2024-56708: EDAC/igen6: Avoid segmentation fault on module unload (bsc#1235564).
- CVE-2024-56707: octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_dmac_flt.c (bsc#1235545).
- CVE-2024-56704: 9p/xen: fix release of IRQ (bsc#1235584).
- CVE-2024-56694: bpf: fix recursive lock when verdict program return SK_PASS (bsc#1235412).
- CVE-2024-56693: brd: defer automatic disk creation until module initialization succeeds (bsc#1235418).
- CVE-2024-56679: octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_common.c (bsc#1235498).
- CVE-2024-56675: bpf: Fix UAF via mismatching bpf_prog/attachment RCU flavors (bsc#1235555).
- CVE-2024-56665: bpf,perf: Fix invalid prog_array access in perf_event_detach_bpf_prog (bsc#1235489).
- CVE-2024-56664: bpf, sockmap: Fix race between element replace and close() (bsc#1235249).
- CVE-2024-56660: net/mlx5: DR, prevent potential error pointer dereference (bsc#1235437).
- CVE-2024-56659: net: lapb: increase LAPB_HEADER_LEN (bsc#1235439).
- CVE-2024-56658: net: defer final 'struct net' free in netns dismantle (bsc#1235441).
- CVE-2024-56656: bnxt_en: Fix aggregation ID mask to prevent oops on 5760X chips (bsc#1235444).
- CVE-2024-56650: netfilter: x_tables: fix LED ID check in led_tg_check() (bsc#1235430).
- CVE-2024-56649: net: enetc: Do not configure preemptible TCs if SIs do not support (bsc#1235449).
- CVE-2024-56648: net: hsr: avoid potential out-of-bound access in fill_frame_info() (bsc#1235451).
- CVE-2024-56643: dccp: Fix memory leak in dccp_feat_change_recv (bsc#1235132).
- CVE-2024-56641: net/smc: initialize close_work early to avoid warning (bsc#1235526).
- CVE-2024-56637: netfilter: ipset: Hold module reference while requesting a module (bsc#1235523).
- CVE-2024-56636: geneve: do not assume mac header is set in geneve_xmit_skb() (bsc#1235520).
- CVE-2024-56635: net: avoid potential UAF in default_operstate() (bsc#1235519).
- CVE-2024-56631: scsi: sg: Fix slab-use-after-free read in sg_release() (bsc#1235480).
- CVE-2024-56622: scsi: ufs: core: sysfs: Prevent div by zero (bsc#1235251).
- CVE-2024-56620: scsi: ufs: qcom: Only free platform MSIs when ESI is enabled (bsc#1235227).
- CVE-2024-56617: cacheinfo: Allocate memory during CPU hotplug if not done from the primary CPU (bsc#1235429).
- CVE-2024-56615: bpf: fix OOB devmap writes when deleting elements (bsc#1235426).
- CVE-2024-56614: xsk: fix OOB map writes when deleting elements (bsc#1235424).
- CVE-2024-56611: mm/mempolicy: fix migrate_to_node() assuming there is at least one VMA in a MM (bsc#1235391).
- CVE-2024-56610: kcsan: Turn report_filterlist_lock into a raw_spinlock (bsc#1235390).
- CVE-2024-56608: drm/amd/display: Fix out-of-bounds access in 'dcn21_link_encoder_create' (bsc#1235487).
- CVE-2024-56603: net: af_can: do not leave a dangling sk pointer in can_create() (bsc#1235415).
- CVE-2024-56602: net: ieee802154: do not leave a dangling sk pointer in ieee802154_create() (bsc#1235521).
- CVE-2024-56601: net: inet: do not leave a dangling sk pointer in inet_create() (bsc#1235230).
- CVE-2024-56600: net: inet6: do not leave a dangling sk pointer in inet6_create() (bsc#1235217).
- CVE-2024-56592: bpf: Call free_htab_elem() after htab_unlock_bucket() (bsc#1235244).
- CVE-2024-56589: scsi: hisi_sas: Add cond_resched() for no forced preemption model (bsc#1235241).
- CVE-2024-56588: scsi: hisi_sas: Create all dump files during debugfs initialization (bsc#1235123).
- CVE-2024-56570: ovl: Filter invalid inodes with missing lookup function (bsc#1235035).
- CVE-2024-56569: ftrace: Fix regression with module command in stack_trace_filter (bsc#1235031).
- CVE-2024-56568: iommu/arm-smmu: Defer probe of clients after smmu device bound (bsc#1235032).
- CVE-2024-56372: net: tun: fix tun_napi_alloc_frags() (bsc#1235753).
- CVE-2024-55881: KVM: x86: Play nice with protected guests in complete_hypercall_exit() (bsc#1235745).
- CVE-2024-55639: net: renesas: rswitch: avoid use-after-put for a device tree node (bsc#1235737).
- CVE-2024-53685: ceph: give up on paths longer than PATH_MAX (bsc#1235720).
- CVE-2024-53236: xsk: Free skb when TX metadata options are invalid (bsc#1235000).
- CVE-2024-53232: iommu/s390: Implement blocking domain (bsc#1235050).
- CVE-2024-53227: scsi: bfa: Fix use-after-free in bfad_im_module_exit() (bsc#1235011).
- CVE-2024-53203: usb: typec: fix potential array underflow in ucsi_ccg_sync_control() (bsc#1235001).
- CVE-2024-53198: xen: Fix the issue of resource not being properly released in xenbus_dev_probe() (bsc#1234923).
- CVE-2024-53196: KVM: arm64: Do not retire aborted MMIO instruction (bsc#1234906).
- CVE-2024-53195: KVM: arm64: Get rid of userspace_irqchip_in_use (bsc#1234957).
- CVE-2024-53187: io_uring: check for overflows in io_pin_pages (bsc#1234947).
- CVE-2024-53185: smb: client: fix NULL ptr deref in crypto_aead_setkey() (bsc#1234901).
- CVE-2024-53175: ipc: fix memleak if msg_init_ns failed in create_ipc_ns (bsc#1234893).
- CVE-2024-53172: ubi: fastmap: Fix duplicate slab cache names while attaching (bsc#1234898).
- CVE-2024-53170: block: fix uaf for flush rq while iterating tags (bsc#1234888).
- CVE-2024-53164: net: sched: fix ordering of qlen adjustment (bsc#1234863).
- CVE-2024-53091: bpf: Add sk_is_inet and IS_ICSK check in tls_sw_has_ctx_tx/rx (bsc#1233638).
- CVE-2024-50304: ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_find() (bsc#1233522).
- CVE-2024-50299: sctp: properly validate chunk size in sctp_sf_ootb() (bsc#1233488).
- CVE-2024-50258: net: fix crash when config small gso_max_size/gso_ipv4_max_size (bsc#1233221).
- CVE-2024-50251: netfilter: nft_payload: sanitize offset and length before calling skb_checksum() (bsc#1233248).
- CVE-2024-50199: mm/swapfile: skip HugeTLB pages for unuse_vma (bsc#1233112).
- CVE-2024-50151: smb: client: fix OOBs when building SMB2_IOCTL request (bsc#1233055).
- CVE-2024-49998: net: dsa: improve shutdown sequence (bsc#1232087).
- CVE-2024-49978: gso: fix udp gso fraglist segmentation after pull from frag_list (bsc#1232101).
- CVE-2024-49951: Bluetooth: MGMT: Fix possible crash on mgmt_index_removed (bsc#1232158).
- CVE-2024-49948: net: add more sanity checks to qdisc_pkt_len_init() (bsc#1232161).
- CVE-2024-48881: bcache: revert replacing IS_ERR_OR_NULL with IS_ERR again (bsc#1235727).
- CVE-2024-46858: mptcp: pm: Fix uaf in __timer_delete_sync (bsc#1231088).
- CVE-2024-45828: i3c: mipi-i3c-hci: Mask ring interrupts before ring stop request (bsc#1235705).
- CVE-2024-26810: vfio/pci: Lock external INTx masking ops (bsc#1222803).
- CVE-2023-52489: mm/sparsemem: fix race in accessing memory_section->usage (bsc#1221326).
The following non-security bugs were fixed:
- ACPI/IORT: Add PMCG platform information for HiSilicon HIP09A (stable-fixes).
- ACPI/IORT: Add PMCG platform information for HiSilicon HIP10/11 (stable-fixes).
- ACPI: PCC: Add PCC shared memory region command and status bitfields (stable-fixes).
- ACPI: fan: cleanup resources in the error path of .probe() (git-fixes).
- ACPI: resource: Add Asus Vivobook X1504VAP to irq1_level_low_skip_override[] (stable-fixes).
- ACPI: resource: Add TongFang GM5HG0A to irq1_edge_low_force_override[] (stable-fixes).
- ACPI: resource: acpi_dev_irq_override(): Check DMI match last (stable-fixes).
- ALSA: hda/realtek - Add support for ASUS Zen AIO 27 Z272SD_A272SD audio (stable-fixes).
- ALSA: hda/realtek - Fixed headphone distorted sound on Acer Aspire A115-31 laptop (git-fixes).
- ALSA: hda/realtek: Add new alc2xx-fixup-headset-mic model (stable-fixes).
- ALSA: hda/realtek: Add support for Ayaneo System using CS35L41 HDA (stable-fixes).
- ALSA: hda/realtek: Add support for Galaxy Book2 Pro (NP950XEE) (stable-fixes).
- ALSA: hda/realtek: Enable Mute LED on HP Laptop 14s-fq1xxx (stable-fixes).
- ALSA: hda/realtek: Enable headset mic on Positivo C6400 (stable-fixes).
- ALSA: hda/realtek: Workaround for resume on Dell Venue 11 Pro 7130 (bsc#1235686).
- ALSA: hda: Fix headset detection failure due to unstable sort (git-fixes).
- ALSA: ump: Use guard() for locking (stable-fixes).
- ALSA: usb-audio: Add delay quirk for USB Audio Device (stable-fixes).
- ALSA: usb-audio: Add delay quirk for iBasso DC07 Pro (stable-fixes).
- ASoC: Intel: avs: Fix theoretical infinite loop (git-fixes).
- ASoC: acp: Support microphone from Lenovo Go S (stable-fixes).
- ASoC: mediatek: disable buffer pre-allocation (stable-fixes).
- ASoC: rockchip: i2s_tdm: Re-add the set_sysclk callback (git-fixes).
- ASoC: rt722: add delay time to wait for the calibration procedure (stable-fixes).
- ASoC: samsung: Add missing depends on I2C (git-fixes).
- ASoC: samsung: Add missing selects for MFD_WM8994 (stable-fixes).
- ASoC: sun4i-spdif: Add clock multiplier settings (git-fixes).
- ASoC: wm8994: Add depends on MFD core (stable-fixes).
- Align git commit ID abbreviation guidelines and checks (git-fixes).
- Bluetooth: Add support ITTIM PE50-M75C (stable-fixes).
- Bluetooth: L2CAP: accept zero as a special value for MTU auto-selection (git-fixes).
- Bluetooth: L2CAP: handle NULL sock pointer in l2cap_sock_alloc (git-fixes).
- Bluetooth: MGMT: Fix Add Device to responding before completing (git-fixes).
- Bluetooth: btnxpuart: Fix driver sending truncated data (git-fixes).
- Bluetooth: btnxpuart: Fix glitches seen in dual A2DP streaming (git-fixes).
- Bluetooth: btusb: Add USB HW IDs for MT7921/MT7922/MT7925 (stable-fixes).
- Bluetooth: btusb: Add new VID/PID 0489/e111 for MT7925 (stable-fixes).
- Bluetooth: btusb: Add new VID/PID 13d3/3602 for MT7925 (stable-fixes).
- Bluetooth: btusb: add callback function in btusb suspend/resume (stable-fixes).
- Bluetooth: btusb: mediatek: add callback function in btusb_disconnect (stable-fixes).
- Bluetooth: hci_sync: Fix not setting Random Address when required (git-fixes).
- EDAC/{i10nm,skx,skx_common}: Support UV systems (bsc#1234693).
- HID: core: Fix assumption that Resolution Multipliers must be in Logical Collections (git-fixes).
- HID: fix generic desktop D-Pad controls (git-fixes).
- HID: hid-sensor-hub: do not use stale platform-data on remove (git-fixes).
- HID: hid-thrustmaster: Fix warning in thrustmaster_probe by adding endpoint check (git-fixes).
- HID: multitouch: fix support for Goodix PID 0x01e9 (git-fixes).
- Input: atkbd - map F23 key to support default copilot shortcut (stable-fixes).
- Input: bbnsm_pwrkey - add remove hook (git-fixes).
- Input: bbnsm_pwrkey - fix missed key press after suspend (git-fixes).
- Input: davinci-keyscan - remove leftover header (git-fixes).
- Input: xpad - add QH Electronics VID/PID (stable-fixes).
- Input: xpad - add support for Nacon Evol-X Xbox One Controller (stable-fixes).
- Input: xpad - add support for Nacon Pro Compact (stable-fixes).
- Input: xpad - add support for wooting two he (arm) (stable-fixes).
- Input: xpad - add unofficial Xbox 360 wireless receiver clone (stable-fixes).
- Input: xpad - improve name of 8BitDo controller 2dc8:3106 (stable-fixes).
- KVM: SVM: Allow guest writes to set MSR_AMD64_DE_CFG bits (bsc#1234635).
- KVM: s390: Reject KVM_SET_GSI_ROUTING on ucontrol VMs (git-fixes bsc#1235776).
- KVM: s390: Reject setting flic pfault attributes on ucontrol VMs (git-fixes bsc#1235777).
- KVM: s390: vsie: fix virtual/physical address in unpin_scb() (git-fixes bsc#1235778).
- NFC: nci: Add bounds checking in nci_hci_create_pipe() (git-fixes).
- NFSv4.2: fix COPY_NOTIFY xdr buf size calculation (git-fixes).
- NFSv4.2: mark OFFLOAD_CANCEL MOVEABLE (git-fixes).
- PCI: Avoid putting some root ports into D3 on TUXEDO Sirius Gen1 (git-fixes).
- PCI: dwc: Always stop link in the dw_pcie_suspend_noirq (git-fixes).
- PCI: dwc: ep: Prevent changing BAR size/flags in pci_epc_set_bar() (git-fixes).
- PCI: dwc: ep: Write BAR_MASK before iATU registers in pci_epc_set_bar() (git-fixes).
- PCI: endpoint: Destroy the EPC device in devm_pci_epc_destroy() (git-fixes).
- PCI: endpoint: Finish virtual EP removal in pci_epf_remove_vepf() (git-fixes).
- PCI: endpoint: pci-epf-test: Fix check for DMA MEMCPY test (git-fixes).
- PCI: endpoint: pci-epf-test: Set dma_chan_rx pointer to NULL on error (git-fixes).
- PCI: imx6: Deassert apps_reset in imx_pcie_deassert_core_reset() (git-fixes).
- PCI: imx6: Skip controller_id generation logic for i.MX7D (git-fixes).
- PCI: microchip: Set inbound address translation for coherent or non-coherent mode (git-fixes).
- PCI: rcar-ep: Fix incorrect variable used when calling devm_request_mem_region() (git-fixes).
- PM: hibernate: Add error handling for syscore_suspend() (git-fixes).
- RDMA/bnxt_re: Add send queue size check for variable wqe (git-fixes)
- RDMA/bnxt_re: Fix MSN table size for variable wqe mode (git-fixes)
- RDMA/bnxt_re: Fix max SGEs for the Work Request (git-fixes)
- RDMA/bnxt_re: Fix the max WQE size for static WQE support (git-fixes)
- RDMA/bnxt_re: Fix the max WQEs used in Static WQE mode (git-fixes)
- RDMA/bnxt_re: Fix to drop reference to the mmap entry in case of error (git-fixes)
- RDMA/bnxt_re: Fix to export port num to ib_query_qp (git-fixes)
- RDMA/mlx4: Avoid false error about access to uninitialized gids array (git-fixes)
- RDMA/mlx5: Fix a race for an ODP MR which leads to CQE with error (git-fixes)
- RDMA/mlx5: Fix implicit ODP use after free (git-fixes)
- RDMA/mlx5: Fix indirect mkey ODP page count (git-fixes)
- RDMA/rxe: Fix mismatched max_msg_sz (git-fixes)
- RDMA/rxe: Fix the warning '__rxe_cleanup+0x12c/0x170 [rdma_rxe]' (git-fixes)
- RDMA/srp: Fix error handling in srp_add_port (git-fixes)
- Revert 'HID: multitouch: Add support for lenovo Y9000P Touchpad' (stable-fixes).
- Revert 'drm/i915/dpt: Make DPT object unshrinkable' (stable-fixes).
- Revert 'mtd: spi-nor: core: replace dummy buswidth from addr to data' (git-fixes).
- Revert 'usb: gadget: u_serial: Disable ep before setting port to null to fix the crash caused by port being null' (stable-fixes).
- USB: core: Disable LPM only for non-suspended ports (git-fixes).
- USB: serial: cp210x: add Phoenix Contact UPS Device (stable-fixes).
- USB: serial: option: add MeiG Smart SRM815 (stable-fixes).
- USB: serial: option: add Neoway N723-EA support (stable-fixes).
- USB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb() (git-fixes).
- USB: usblp: return error when setting unsupported protocol (git-fixes).
- VFS: use system_unbound_wq for delayed_mntput (bsc#1234683).
- VMCI: fix reference to ioctl-number.rst (git-fixes).
- afs: Fix EEXIST error returned from afs_rmdir() to be ENOTEMPTY (git-fixes).
- afs: Fix cleanup of immediately failed async calls (git-fixes).
- afs: Fix directory format encoding struct (git-fixes).
- afs: Fix the fallback handling for the YFS.RemoveFile2 RPC call (git-fixes).
- afs: Fix the maximum cell name length (git-fixes).
- arm64/sme: Move storage of reg_smidr to __cpuinfo_store_cpu() (git-fixes)
- arm64: Filter out SVE hwcaps when FEAT_SVE isn't implemented (git-fixes)
- arm64: Kconfig: Make SME depend on BROKEN for now (git-fixes bsc#1236245).
- arm64: dts: rockchip: Add sdmmc/sdio/emmc reset controls for RK3328 (git-fixes)
- arm64: dts: rockchip: add hevc power domain clock to rk3328 (git-fixes).
- arm64: dts: rockchip: increase gmac rx_delay on rk3399-puma (git-fixes)
- arm64: ptrace: fix partial SETREGSET for NT_ARM_TAGGED_ADDR_CTRL (git-fixes).
- arm64: tegra: Disable Tegra234 sce-fabric node (git-fixes)
- arm64: tegra: Fix Tegra234 PCIe interrupt-map (git-fixes)
- arm64: tegra: Fix typo in Tegra234 dce-fabric compatible (git-fixes)
- ata: libata-core: Set ATA_QCFLAG_RTF_FILLED in fill_result_tf() (stable-fixes).
- bnxt_en: Fix GSO type for HW GRO packets on 5750X chips (git-fixes)
- btrfs: fix use-after-free in btrfs_encoded_read_endio() (bsc#1235445).
- btrfs: fix use-after-free waiting for encoded read endios (bsc#1235445).
- bus: mhi: host: Free mhi_buf vector inside mhi_alloc_bhie_table() (git-fixes).
- ceph: improve error handling and short/overflow-read logic in __ceph_sync_read() (bsc#1228592).
- cleanup: Add conditional guard support (stable-fixes).
- cleanup: Adjust scoped_guard() macros to avoid potential warning (stable-fixes).
- cleanup: Remove address space of returned pointer (git-fixes).
- cpufreq: ACPI: Fix max-frequency computation (git-fixes).
- cpufreq: Do not unregister cpufreq cooling on CPU hotplug (git-fixes).
- cpufreq: amd-pstate: remove global header file (git-fixes).
- cpufreq: intel_pstate: Check turbo_is_disabled() in store_no_turbo() (bsc#1234619).
- cpufreq: intel_pstate: Do not update global.turbo_disabled after initialization (bsc#1234619).
- cpufreq: intel_pstate: Drop redundant locking from intel_pstate_driver_cleanup() (bsc#1234619).
- cpufreq: intel_pstate: Fix unchecked HWP MSR access (bsc#1234619).
- cpufreq: intel_pstate: Fold intel_pstate_max_within_limits() into caller (bsc#1234619).
- cpufreq: intel_pstate: Get rid of unnecessary READ_ONCE() annotations (bsc#1234619).
- cpufreq: intel_pstate: Make hwp_notify_lock a raw spinlock (git-fixes).
- cpufreq: intel_pstate: Read global.no_turbo under READ_ONCE() (bsc#1234619).
- cpufreq: intel_pstate: Rearrange show_no_turbo() and store_no_turbo() (bsc#1234619).
- cpufreq: intel_pstate: Refine computation of P-state for given frequency (bsc#1234619).
- cpufreq: intel_pstate: Replace three global.turbo_disabled checks (bsc#1234619).
- cpufreq: intel_pstate: Revise global turbo disable check (bsc#1234619).
- cpufreq: intel_pstate: Simplify spinlock locking (bsc#1234619).
- cpufreq: intel_pstate: Update the maximum CPU frequency consistently (bsc#1234619).
- cpufreq: intel_pstate: Use HWP to initialize ITMT if CPPC is missing (git-fixes).
- cpufreq: intel_pstate: Use __ro_after_init for three variables (bsc#1234619).
- cpufreq: intel_pstate: Wait for canceled delayed work to complete (bsc#1234619).
- cpufreq: intel_pstate: fix pstate limits enforcement for adjust_perf call back (git-fixes).
- cpuidle: Avoid potential overflow in integer multiplication (git-fixes).
- cpupower: fix TSC MHz calculation (git-fixes).
- crypto: caam - use JobR's space to access page 0 regs (git-fixes).
- crypto: ecc - Prevent ecc_digits_from_bytes from reading too many bytes (git-fixes).
- crypto: ecdsa - Avoid signed integer overflow on signature decoding (stable-fixes).
- crypto: ecdsa - Convert byte arrays with key coordinates to digits (stable-fixes).
- crypto: ecdsa - Rename keylen to bufsize where necessary (stable-fixes).
- crypto: ecdsa - Use ecc_digits_from_bytes to convert signature (stable-fixes).
- crypto: iaa - Fix IAA disabling that occurs when sync_mode is set to 'async' (git-fixes).
- crypto: ixp4xx - fix OF node reference leaks in init_ixp_crypto() (git-fixes).
- crypto: qce - fix goto jump in error path (git-fixes).
- crypto: qce - fix priority to be less than ARMv8 CE (git-fixes).
- crypto: qce - unregister previously registered algos in error path (git-fixes).
- devcoredump: cleanup some comments (git-fixes).
- dlm: fix possible lkb_resource null dereference (git-fixes).
- dmaengine: ti: edma: fix OF node reference leaks in edma_driver (git-fixes).
- docs: media: update location of the media patches (stable-fixes).
- docs: power: Fix footnote reference for Toshiba Satellite P10-554 (git-fixes).
- driver core: class: Fix wild pointer dereferences in API class_dev_iter_next() (git-fixes).
- drivers/card_reader/rtsx_usb: Restore interrupt based detection (git-fixes).
- drm/amd/display: Add check for granularity in dml ceil/floor helpers (stable-fixes).
- drm/amd/display: Fix DSC-re-computing (stable-fixes).
- drm/amd/display: Fix incorrect DSC recompute trigger (stable-fixes).
- drm/amd/display: Use HW lock mgr for PSR1 (stable-fixes).
- drm/amd/display: increase MAX_SURFACES to the value supported by hw (stable-fixes).
- drm/amd/pm: Fix an error handling path in vega10_enable_se_edc_force_stall_config() (git-fixes).
- drm/amdgpu/vcn: reset fw_shared under SRIOV (git-fixes).
- drm/amdgpu: Fix potential NULL pointer dereference in atomctrl_get_smc_sclk_range_table (git-fixes).
- drm/amdgpu: always sync the GFX pipe on ctx switch (stable-fixes).
- drm/amdgpu: simplify return statement in amdgpu_ras_eeprom_init (git-fixes).
- drm/amdgpu: tear down ttm range manager for doorbell in amdgpu_ttm_fini() (git-fixes).
- drm/amdkfd: Correct the migration DMA map direction (stable-fixes).
- drm/amdkfd: fixed page fault when enable MES shader debugger (git-fixes).
- drm/bridge: it6505: Change definition of AUX_FIFO_MAX_SIZE (git-fixes).
- drm/etnaviv: Fix page property being used for non writecombine buffers (git-fixes).
- drm/i915/fb: Relax clear color alignment to 64 bytes (stable-fixes).
- drm/mediatek: Add return value check when reading DPCD (git-fixes).
- drm/mediatek: Add support for 180-degree rotation in the display driver (git-fixes).
- drm/mediatek: Fix YCbCr422 color format issue for DP (git-fixes).
- drm/mediatek: Fix mode valid issue for dp (git-fixes).
- drm/mediatek: Set private->all_drm_private[i]->drm to NULL if mtk_drm_bind returns err (git-fixes).
- drm/mediatek: mtk_dsi: Add registers to pdata to fix MT8186/MT8188 (git-fixes).
- drm/mediatek: stop selecting foreign drivers (git-fixes).
- drm/msm/dp: set safe_to_exit_level before printing it (git-fixes).
- drm/msm/dpu: link DSPP_2/_3 blocks on SC8180X (git-fixes).
- drm/msm/dpu: link DSPP_2/_3 blocks on SM8150 (git-fixes).
- drm/msm/dpu: link DSPP_2/_3 blocks on SM8250 (git-fixes).
- drm/msm/dpu: link DSPP_2/_3 blocks on SM8350 (git-fixes).
- drm/msm/dpu: link DSPP_2/_3 blocks on SM8550 (git-fixes).
- drm/msm: Check return value of of_dma_configure() (git-fixes).
- drm/msm: do not clean up priv->kms prematurely (git-fixes).
- drm/rcar-du: dsi: Fix PHY lock bit check (git-fixes).
- drm/rockchip: cdn-dp: Use drm_connector_helper_hpd_irq_event() (git-fixes).
- drm/rockchip: vop2: Check linear format for Cluster windows on rk3566/8 (git-fixes).
- drm/rockchip: vop2: Fix cluster windows alpha ctrl regsiters offset (git-fixes).
- drm/rockchip: vop2: Fix the mixer alpha setup for layer 0 (git-fixes).
- drm/tidss: Clear the interrupt status for interrupts being disabled (git-fixes).
- drm/tidss: Fix issue in irq handling causing irq-flood issue (git-fixes).
- drm/v3d: Assign job pointer to NULL before signaling the fence (git-fixes).
- drm/v3d: Ensure job pointer is set to NULL after job completion (git-fixes).
- drm/v3d: Stop active perfmon if it is being destroyed (git-fixes).
- drm/vmwgfx: Add new keep_resv BO param (git-fixes).
- exfat: ensure that ctime is updated whenever the mtime is (git-fixes).
- exfat: fix the infinite loop in __exfat_free_cluster() (git-fixes).
- exfat: fix the infinite loop in exfat_readdir() (git-fixes).
- fbdev: omapfb: Fix an OF node leak in dss_of_port_get_parent_device() (git-fixes).
- genirq: Make handle_enforce_irqctx() unconditionally available (git-fixes).
- genksyms: fix memory leak when the same symbol is added from source (git-fixes).
- genksyms: fix memory leak when the same symbol is read from *.symref file (git-fixes).
- gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag (git-fixes).
- gpio: mxc: remove dead code after switch to DT-only (git-fixes).
- gpio: xilinx: Convert gpio_lock to raw spinlock (git-fixes).
- gtp: Use for_each_netdev_rcu() in gtp_genl_dump_pdp() (git-fixes).
- hwmon: (drivetemp) Fix driver producing garbage data when SCSI errors occur (git-fixes).
- hwmon: (drivetemp) Set scsi command timeout to 10s (stable-fixes).
- hwmon: (tmp513) Fix division of negative numbers (git-fixes).
- hyperv: Do not overlap the hvcall IO areas in get_vtl() (git-fixes).
- i2c: core: fix reference leak in i2c_register_adapter() (git-fixes).
- i2c: i801: Add support for Intel Arrow Lake-H (stable-fixes).
- i2c: i801: Add support for Intel Panther Lake (stable-fixes).
- i2c: mux: demux-pinctrl: check initial mux selection, too (git-fixes).
- i2c: rcar: fix NACK handling when being a target (git-fixes).
- i2c: xgene-slimpro: Migrate to use generic PCC shmem related macros (stable-fixes).
- ibmvnic: Free any outstanding tx skbs during scrq reset (bsc#1226980).
- ieee802154: ca8210: Add missing check for kfifo_alloc() in ca8210_probe() (git-fixes).
- iio: adc: ad7124: Disable all channels at probe time (git-fixes).
- iio: adc: ad_sigma_delta: Handle CS assertion as intended in ad_sd_read_reg_raw() (git-fixes).
- iio: adc: at91: call input_free_device() on allocated iio_dev (git-fixes).
- iio: adc: rockchip_saradc: fix information leak in triggered buffer (git-fixes).
- iio: adc: ti-ads124s08: Use gpiod_set_value_cansleep() (git-fixes).
- iio: adc: ti-ads8688: fix information leak in triggered buffer (git-fixes).
- iio: dummy: iio_simply_dummy_buffer: fix information leak in triggered buffer (git-fixes).
- iio: gyro: fxas21002c: Fix missing data update in trigger handler (git-fixes).
- iio: iio-mux: kzalloc instead of devm_kzalloc to ensure page alignment (git-fixes).
- iio: imu: kmx61: fix information leak in triggered buffer (git-fixes).
- iio: inkern: call iio_device_put() only on mapped devices (git-fixes).
- iio: light: as73211: fix channel handling in only-color triggered buffer (git-fixes).
- iio: light: vcnl4035: fix information leak in triggered buffer (git-fixes).
- iio: pressure: zpa2326: fix information leak in triggered buffer (git-fixes).
- iio: test : check null return of kunit_kmalloc in iio_rescale_test_scale (git-fixes).
- intel_th: core: fix kernel-doc warnings (git-fixes).
- ipmi: ipmb: Add check devm_kasprintf() returned value (git-fixes).
- ipmi: ssif_bmc: Fix new request loss when bmc ready for a response (git-fixes).
- irqchip/gic-v3: Force propagation of the active state with a read-back (stable-fixes).
- irqchip/gic: Correct declaration of *percpu_base pointer in union gic_base (stable-fixes).
- kABI workaround for struct auto_pin_cfg_item change (git-fixes).
- kconfig: fix file name in warnings when loading KCONFIG_DEFCONFIG_LIST (git-fixes).
- kheaders: Ignore silly-rename files (stable-fixes).
- ktest.pl: Avoid false positives with grub2 skip regex (stable-fixes).
- ktest.pl: Check kernelrelease return in get_version (git-fixes).
- ktest.pl: Fix typo 'accesing' (git-fixes).
- ktest.pl: Fix typo in comment (git-fixes).
- ktest.pl: Remove unused declarations in run_bisect_test function (git-fixes).
- ktest: force $buildonly = 1 for 'make_warnings_file' test type (stable-fixes).
- landlock: Handle weird files (git-fixes).
- latencytop: use correct kernel-doc format for func params (git-fixes).
- leds: lp8860: Write full EEPROM, not only half of it (git-fixes).
- leds: netxbig: Fix an OF node reference leak in netxbig_leds_get_of_pdata() (git-fixes).
- lib/inflate.c: remove dead code (git-fixes).
- lib/stackdepot: print disabled message only if truly disabled (git-fixes).
- mac802154: check local interfaces before deleting sdata list (stable-fixes).
- mailbox: pcc: Add support for platform notification handling (stable-fixes).
- mailbox: pcc: Support shared interrupt for multiple subspaces (stable-fixes).
- mailbox: tegra-hsp: Clear mailbox before using message (git-fixes).
- maple_tree: simplify split calculation (git-fixes).
- media: camif-core: Add check for clk_enable() (git-fixes).
- media: ccs: Clean up parsed CCS static data on parse failure (git-fixes).
- media: ccs: Fix CCS static data parsing for large block sizes (git-fixes).
- media: ccs: Fix cleanup order in ccs_probe() (git-fixes).
- media: dvb-usb-v2: af9035: fix ISO C90 compilation error on af9035_i2c_master_xfer (git-fixes).
- media: dvb: mb86a16: check the return value of mb86a16_read() (git-fixes).
- media: firewire: firedtv-avc.c: replace BUG with proper, error return (git-fixes).
- media: i2c: imx412: Add missing newline to prints (git-fixes).
- media: i2c: ov9282: Correct the exposure offset (git-fixes).
- media: imx-jpeg: Fix potential error pointer dereference in detach_pm() (git-fixes).
- media: imx296: Add standby delay during probe (git-fixes).
- media: lmedm04: Handle errors for lme2510_int_read (git-fixes).
- media: marvell: Add check for clk_enable() (git-fixes).
- media: mc: fix endpoint iteration (git-fixes).
- media: mipi-csis: Add check for clk_enable() (git-fixes).
- media: nxp: imx8-isi: fix v4l2-compliance test errors (git-fixes).
- media: ov08x40: Fix hblank out of range issue (git-fixes).
- media: ov5640: fix get_light_freq on auto (git-fixes).
- media: rc: iguanair: handle timeouts (git-fixes).
- media: rkisp1: Fix unused value issue (git-fixes).
- media: uvcvideo: Drop uvcvideo fix due to regression (bsc#1235894)
- media: uvcvideo: Fix crash during unbind if gpio unit is in use (git-fixes).
- media: uvcvideo: Fix double free in error path (git-fixes).
- media: uvcvideo: Fix event flags in uvc_ctrl_send_events (git-fixes).
- media: uvcvideo: Force UVC version to 1.0a for 0408:4035 (stable-fixes).
- media: uvcvideo: Only save async fh if success (git-fixes).
- media: uvcvideo: Propagate buf->error to userspace (git-fixes).
- media: uvcvideo: Remove dangling pointers (git-fixes).
- media: uvcvideo: Remove redundant NULL assignment (git-fixes).
- media: uvcvideo: Support partial control reads (git-fixes).
- memory tiering: count PGPROMOTE_SUCCESS when mem tiering is enabled (git-fixes).
- memory-failure: use a folio in me_huge_page() (git-fixes).
- memory: tegra20-emc: fix an OF node reference bug in tegra_emc_find_node_by_ram_code() (git-fixes).
- misc: fastrpc: Deregister device nodes properly in error scenarios (git-fixes).
- misc: fastrpc: Fix copy buffer page size (git-fixes).
- misc: fastrpc: Fix registered buffer page address (git-fixes).
- misc: microchip: pci1xxxx: Resolve kernel panic during GPIO IRQ handling (git-fixes).
- misc: microchip: pci1xxxx: Resolve return code mismatch during GPIO set config (git-fixes).
- misc: misc_minor_alloc to use ida for all dynamic/misc dynamic minors (git-fixes).
- mm, kmsan: fix infinite recursion due to RCU critical section (git-fixes).
- mm,page_owner: do not remove __GFP_NOLOCKDEP in add_stack_record_to_list (git-fixes).
- mm/compaction: fix UBSAN shift-out-of-bounds warning (git fixes (mm/compaction)).
- mm/memory-failure: cast index to loff_t before shifting it (git-fixes).
- mm/memory-failure: check the mapcount of the precise page (git-fixes).
- mm/memory-failure: fix crash in split_huge_page_to_list from soft_offline_page (git-fixes).
- mm/memory-failure: pass the folio and the page to collect_procs() (git-fixes).
- mm/memory-failure: use raw_spinlock_t in struct memory_failure_cpu (git-fixes).
- mm/memory_hotplug: add missing mem_hotplug_lock (git-fixes).
- mm/memory_hotplug: fix error handling in add_memory_resource() (git-fixes).
- mm/memory_hotplug: prevent accessing by index=-1 (git-fixes).
- mm/memory_hotplug: use pfn math in place of direct struct page manipulation (git-fixes).
- mm/migrate: correct nr_failed in migrate_pages_sync() (git-fixes).
- mm/migrate: fix deadlock in migrate_pages_batch() on large folios (git-fixes).
- mm/migrate: putback split folios when numa hint migration fails (git-fixes).
- mm/migrate: split source folio if it is on deferred split list (git-fixes).
- mm/page_owner: remove free_ts from page_owner output (git-fixes).
- mm/rodata_test: use READ_ONCE() to read const variable (git-fixes).
- mm: convert DAX lock/unlock page to lock/unlock folio (git-fixes).
- mm: memory-failure: ensure moving HWPoison flag to the raw error pages (git-fixes).
- mm: memory-failure: fetch compound head after extra page refcnt is held (git-fixes).
- mm: memory-failure: fix potential page refcnt leak in memory_failure() (git-fixes).
- mm: memory-failure: fix race window when trying to get hugetlb folio (git-fixes).
- mm: memory-failure: remove unneeded PageHuge() check (git-fixes).
- mm: prevent derefencing NULL ptr in pfn_section_valid() (git-fixes).
- modpost: fix the missed iteration for the max bit in do_input() (git-fixes).
- mtd: onenand: Fix uninitialized retlen in do_otp_read() (git-fixes).
- mtd: spinand: Remove write_enable_op() in markbad() (git-fixes).
- net/rose: prevent integer overflows in rose_setsockopt() (git-fixes).
- net: mana: Add get_link and get_link_ksettings in ethtool (bsc#1236761).
- net: mana: Cleanup 'mana' debugfs dir after cleanup of all children (bsc#1236760).
- net: mana: Enable debugfs files for MANA device (bsc#1236758).
- net: netvsc: Update default VMBus channels (bsc#1236757).
- net: phy: c45-tjaxx: add delay between MDIO write and read in soft_reset (git-fixes).
- net: rose: fix timer races against user threads (git-fixes).
- net: usb: qmi_wwan: add Telit FE910C04 compositions (stable-fixes).
- net: usb: rtl8150: enable basic endpoint checking (git-fixes).
- net: wwan: iosm: Properly check for valid exec stage in ipc_mmio_init() (git-fixes).
- net: wwan: t7xx: Fix FSM command timeout issue (git-fixes).
- netfilter: nf_tables: validate family when identifying table via handle (bsc#1233778 ZDI-24-1454).
- nilfs2: fix possible int overflows in nilfs_fiemap() (git-fixes).
- nvme-tcp: Fix I/O queue cpu spreading for multiple controllers (git-fixes).
- nvme: Add error check for xa_store in nvme_get_effects_log (git-fixes).
- nvme: Add error path for xa_store in nvme_init_effects (git-fixes).
- nvme: fix bogus kzalloc() return check in nvme_init_effects_log() (git-fixes).
- nvmet: propagate npwg topology (git-fixes).
- ocfs2: temporarily disable upstream patch (bsc#1236138)
- padata: add pd get/put refcnt helper (git-fixes).
- padata: avoid UAF for reorder_work (git-fixes).
- padata: fix UAF in padata_reorder (git-fixes).
- pinctrl: amd: Take suspend type into consideration which pins are non-wake (git-fixes).
- pinctrl: samsung: fix fwnode refcount cleanup if platform_get_irq_optional() fails (git-fixes).
- platform/x86/amd/pmc: Only disable IRQ1 wakeup where i8042 actually enabled it (git-fixes).
- platform/x86/intel-uncore-freq: Ignore minor version change (bsc#1225897).
- platform/x86/intel/tpmi: Add defines to get version information (bsc#1225897).
- pm:cpupower: Add missing powercap_set_enabled() stub function (git-fixes).
- power: ip5xxx_power: Fix return value on ADC read errors (git-fixes).
- powerpc/iommu: Move pSeries specific functions to pseries/iommu.c (bsc#1220711 ltc#205755).
- powerpc/iommu: Only build sPAPR access functions on pSeries (bsc#1220711 ltc#205755).
- powerpc/powernv/pci: Remove MVE code (bsc#1220711 ltc#205755).
- powerpc/powernv/pci: Remove ioda1 support (bsc#1220711 ltc#205755).
- powerpc/powernv/pci: Remove last IODA1 defines (bsc#1220711 ltc#205755).
- powerpc/pseries/eeh: Fix get PE state translation (bsc#1215199).
- powerpc/pseries/iommu: IOMMU incorrectly marks MMIO range in DDW (bsc#1218470 ltc#204531).
- powerpc/pseries/vas: Add close() callback in vas_vm_ops struct (bsc#1234825).
- pps: add an error check in parport_attach (git-fixes).
- pps: remove usage of the deprecated ida_simple_xx() API (stable-fixes).
- printk: Add is_printk_legacy_deferred() (bsc#1236733).
- printk: Defer legacy printing when holding printk_cpu_sync (bsc#1236733).
- pwm: stm32-lp: Add check for clk_enable() (git-fixes).
- pwm: stm32: Add check for clk_enable() (git-fixes).
- r8169: enable SG/TSO on selected chip versions per default (bsc#1235874).
- rcu-tasks: Pull sampling of ->percpu_dequeue_lim out of loop (git-fixes)
- rcu/tree: Defer setting of jiffies during stall reset (git-fixes)
- rcu: Dump memory object info if callback function is invalid (git-fixes)
- rcu: Eliminate rcu_gp_slow_unregister() false positive (git-fixes)
- rcuscale: Move rcu_scale_writer() (git-fixes)
- rdma/cxgb4: Prevent potential integer overflow on 32bit (git-fixes)
- regulator: core: Add missing newline character (git-fixes).
- regulator: of: Implement the unwind path of of_regulator_match() (git-fixes).
- remoteproc: core: Fix ida_free call while not allocated (git-fixes).
- rtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read (git-fixes).
- rtc: zynqmp: Fix optional clock name property (git-fixes).
- s390x config: IOMMU_DEFAULT_DMA_LAZY=y (bsc#1235646)
- samples/landlock: Fix possible NULL dereference in parse_path() (git-fixes).
- sched/fair: Fix value reported by hot tasks pulled in /proc/schedstat (bsc#1235865).
- sched/fair: Fix value reported by hot tasks pulled in /proc/schedstat -kabi (bsc#1235865).
- scsi: storvsc: Ratelimit warning logs to prevent VM denial of service (git-fixes).
- seccomp: Stub for !CONFIG_SECCOMP (stable-fixes).
- selftest: media_tests: fix trivial UAF typo (git-fixes).
- selftests/alsa: Fix circular dependency involving global-timer (stable-fixes).
- selftests/landlock: Fix error message (git-fixes).
- selftests/mm/cow: modify the incorrect checking parameters (git-fixes).
- selftests/powerpc: Fix argument order to timer_sub() (git-fixes).
- selftests: harness: fix printing of mismatch values in __EXPECT() (git-fixes).
- selftests: mptcp: avoid spurious errors on disconnect (git-fixes).
- selftests: tc-testing: reduce rshift value (stable-fixes).
- selftests: timers: clocksource-switch: Adapt progress to kselftest framework (git-fixes).
- selinux: Fix SCTP error inconsistency in selinux_socket_bind() (git-fixes).
- serial: 8250: Adjust the timeout for FIFO mode (git-fixes).
- serial: sh-sci: Do not probe the serial port if its slot in sci_ports[] is in use (git-fixes).
- serial: sh-sci: Drop __initdata macro for port_cfg (git-fixes).
- soc: atmel: fix device_node release in atmel_soc_device_init() (git-fixes).
- soc: mediatek: mtk-devapc: Fix leaking IO map on error paths (git-fixes).
- soc: qcom: smem_state: fix missing of_node_put in error path (git-fixes).
- soc: qcom: socinfo: Avoid out of bounds read of serial number (git-fixes).
- sound: usb: enable DSD output for ddHiFi TC44C (stable-fixes).
- sound: usb: format: do not warn that raw DSD is unsupported (stable-fixes).
- spi: zynq-qspi: Add check for clk_enable() (git-fixes).
- srcu: Fix srcu_struct node grpmask overflow on 64-bit systems (git-fixes)
- srcu: Only accelerate on enqueue time (git-fixes)
- stackdepot: rename pool_index to pool_index_plus_1 (git-fixes).
- stackdepot: respect __GFP_NOLOCKDEP allocation flag (git-fixes).
- staging: iio: ad9832: Correct phase range check (git-fixes).
- staging: iio: ad9834: Correct phase range check (git-fixes).
- staging: media: imx: fix OF node leak in imx_media_add_of_subdevs() (git-fixes).
- staging: media: max96712: fix kernel oops when removing module (git-fixes).
- thermal: of: fix OF node leak in of_thermal_zone_find() (git-fixes).
- thunderbolt: Add support for Intel Lunar Lake (stable-fixes).
- thunderbolt: Add support for Intel Panther Lake-M/P (stable-fixes).
- tipc: fix NULL deref in cleanup_bearer() (bsc#1235433).
- tools: Sync if_xdp.h uapi tooling header (git-fixes).
- tpm: Map the ACPI provided event log (bsc#1233260 bsc#1233259 bsc#1232421).
- tty: serial: 8250: Fix another runtime PM usage counter underflow (git-fixes).
- tty: xilinx_uartps: split sysrq handling (git-fixes).
- ubifs: skip dumping tnc tree when zroot is null (git-fixes).
- uio: Fix return value of poll (git-fixes).
- uio: uio_dmem_genirq: check the return value of devm_kasprintf() (git-fixes).
- usb-storage: Add max sectors quirk for Nokia 208 (stable-fixes).
- usb: chipidea: add CI_HDRC_FORCE_VBUS_ACTIVE_ALWAYS flag (stable-fixes).
- usb: chipidea: ci_hdrc_imx: decrement device's refcount in .remove() and in the error path of .probe() (git-fixes).
- usb: dwc3-am62: Disable autosuspend during remove (git-fixes).
- usb: dwc3-am62: Fix an OF node leak in phy_syscon_pll_refclk() (git-fixes).
- usb: dwc3: gadget: fix writing NYET threshold (git-fixes).
- usb: fix reference leak in usb_new_device() (git-fixes).
- usb: gadget: configfs: Ignore trailing LF for user strings to cdev (git-fixes).
- usb: gadget: f_fs: Remove WARN_ON in functionfs_bind (git-fixes).
- usb: gadget: f_tcm: Decrement command ref count on cleanup (git-fixes).
- usb: gadget: f_tcm: Do not free command immediately (git-fixes).
- usb: gadget: f_tcm: Do not prepare BOT write request twice (git-fixes).
- usb: gadget: f_tcm: Fix Get/SetInterface return value (git-fixes).
- usb: gadget: f_tcm: Translate error to sense (git-fixes).
- usb: gadget: f_tcm: ep_autoconfig with fullspeed endpoint (git-fixes).
- usb: gadget: f_uac2: Fix incorrect setting of bNumEndpoints (git-fixes).
- usb: gadget: u_serial: Disable ep before setting port to null to fix the crash caused by port being null (git-fixes).
- usb: host: xhci-plat: Assign shared_hcd->rsrc_start (git-fixes).
- usb: typec: fix pm usage counter imbalance in ucsi_ccg_sync_control() (bsc#1235001)
- usb: typec: tcpm/tcpci_maxim: fix error code in max_contaminant_read_resistance_kohm() (git-fixes).
- usb: typec: tcpm: set SRC_SEND_CAPABILITIES timeout to PD_T_SENDER_RESPONSE (git-fixes).
- usbnet: ipheth: break up NCM header size computation (git-fixes).
- usbnet: ipheth: check that DPE points past NCM header (git-fixes).
- usbnet: ipheth: fix DPE OoB read (git-fixes).
- usbnet: ipheth: fix possible overflow in DPE length check (git-fixes).
- usbnet: ipheth: refactor NCM datagram loop (git-fixes).
- usbnet: ipheth: use static NDP16 location in URB (git-fixes).
- virtio-mem: check if the config changed before fake offlining memory (git-fixes).
- virtio-mem: convert most offline_and_remove_memory() errors to -EBUSY (git-fixes).
- virtio-mem: keep retrying on offline_and_remove_memory() errors in Sub Block Mode (SBM) (git-fixes).
- virtio-mem: remove unsafe unplug in Big Block Mode (BBM) (git-fixes).
- vmscan,migrate: fix page count imbalance on node stats when demoting pages (git-fixes).
- vsock/virtio: cancel close work in the destructor (git-fixes)
- vsock: Keep the binding until socket destruction (git-fixes)
- vsock: reset socket state when de-assigning the transport (git-fixes)
- watchdog: rzg2l_wdt: Power on the watchdog domain in the restart handler (stable-fixes).
- watchdog: rzg2l_wdt: Rely on the reset driver for doing proper reset (stable-fixes).
- watchdog: rzg2l_wdt: Remove reset de-assert from probe (stable-fixes).
- wifi: ath11k: Fix unexpected return buffer manager error for WCN6750/WCN6855 (git-fixes).
- wifi: ath11k: cleanup struct ath11k_mon_data (git-fixes).
- wifi: ath12k: fix atomic calls in ath12k_mac_op_set_bitrate_mask() (stable-fixes).
- wifi: ath12k: fix tx power, max reg power update to firmware (git-fixes).
- wifi: brcmfmac: add missing header include for brcmf_dbg (git-fixes).
- wifi: cfg80211: adjust allocation of colocated AP data (git-fixes).
- wifi: iwlwifi: fw: read STEP table from correct UEFI var (git-fixes).
- wifi: mac80211: Add non-atomic station iterator (stable-fixes).
- wifi: mac80211: Fix common size calculation for ML element (git-fixes).
- wifi: mac80211: do not flush non-uploaded STAs (git-fixes).
- wifi: mac80211: export ieee80211_purge_tx_queue() for drivers (stable-fixes).
- wifi: mac80211: fix mbss changed flags corruption on 32 bit systems (stable-fixes).
- wifi: mac80211: fix tid removal during mesh forwarding (git-fixes).
- wifi: mac80211: prohibit deactivating all links (git-fixes).
- wifi: mac80211: wake the queues in case of failure in resume (stable-fixes).
- wifi: mt76: mt76u_vendor_request: Do not print error messages when -EPROTO (git-fixes).
- wifi: mt76: mt7915: Fix mesh scan on MT7916 DBDC (git-fixes).
- wifi: mt76: mt7915: add module param to select 5 GHz or 6 GHz on MT7916 (git-fixes).
- wifi: mt76: mt7915: firmware restart on devices with a second pcie link (git-fixes).
- wifi: mt76: mt7915: fix overflows seen when writing limit attributes (git-fixes).
- wifi: mt76: mt7915: fix register mapping (git-fixes).
- wifi: mt76: mt7921: fix using incorrect group cipher after disconnection (git-fixes).
- wifi: mt76: mt7925: fix off by one in mt7925_load_clc() (git-fixes).
- wifi: mt76: mt7996: add max mpdu len capability (git-fixes).
- wifi: mt76: mt7996: fix HE Phy capability (git-fixes).
- wifi: mt76: mt7996: fix definition of tx descriptor (git-fixes).
- wifi: mt76: mt7996: fix incorrect indexing of MIB FW event (git-fixes).
- wifi: mt76: mt7996: fix ldpc setting (git-fixes).
- wifi: mt76: mt7996: fix overflows seen when writing limit attributes (git-fixes).
- wifi: mt76: mt7996: fix register mapping (git-fixes).
- wifi: mt76: mt7996: fix rx filter setting for bfee functionality (git-fixes).
- wifi: mt76: mt7996: fix the capability of reception of EHT MU PPDU (git-fixes).
- wifi: rtlwifi: destroy workqueue at rtl_deinit_core (git-fixes).
- wifi: rtlwifi: do not complete firmware loading needlessly (git-fixes).
- wifi: rtlwifi: fix init_sw_vars leak when probe fails (git-fixes).
- wifi: rtlwifi: fix memory leaks and invalid access at probe error path (git-fixes).
- wifi: rtlwifi: pci: wait for firmware loading before releasing memory (git-fixes).
- wifi: rtlwifi: remove unused check_buddy_priv (git-fixes).
- wifi: rtlwifi: rtl8192se: rise completion of firmware loading as last step (git-fixes).
- wifi: rtlwifi: rtl8821ae: Fix media status report (git-fixes).
- wifi: rtlwifi: rtl8821ae: phy: restore removed code to fix infinite loop (git-fixes).
- wifi: rtlwifi: usb: fix workqueue leak when probe fails (git-fixes).
- wifi: rtlwifi: wait for firmware loading before releasing memory (git-fixes).
- wifi: rtw88: use ieee80211_purge_tx_queue() to purge TX skb (stable-fixes).
- wifi: rtw89: mcc: consider time limits not divisible by 1024 (git-fixes).
- wifi: wcn36xx: fix channel survey memory allocation size (git-fixes).
- wifi: wlcore: fix unbalanced pm_runtime calls (git-fixes).
- workqueue: Add rcu lock check at the end of work item execution (bsc#1236732).
- x86/static-call: Remove early_boot_irqs_disabled check to fix Xen PVH dom0 (git-fixes).
- xfs: Add error handling for xfs_reflink_cancel_cow_range (git-fixes).
- xfs: Propagate errors from xfs_reflink_cancel_cow_range in xfs_dax_write_iomap_end (git-fixes).
Patchnames
SUSE-2025-499,SUSE-SLE-Module-Basesystem-15-SP6-2025-499,SUSE-SLE-Module-Development-Tools-15-SP6-2025-499,SUSE-SLE-Module-Legacy-15-SP6-2025-499,SUSE-SLE-Module-Live-Patching-15-SP6-2025-499,SUSE-SLE-Product-HA-15-SP6-2025-499,SUSE-SLE-Product-WE-15-SP6-2025-499,openSUSE-SLE-15.6-2025-499
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).